We are pleased that you are interested in our company. Data protection is particularly important to the senior management of Hilpress GmbH. It is generally possible to use the websites of Hilpress GmbH without disclosing any personal data. If a data subject wants to use special services from our company via our website, however, the processing of personal data could be required. If processing personal data is required and is there is no legal basis for such processing, we generally obtain the consent of the data subject.
Hilpress GmbH as the data controller has implemented numerous technical and organisational measures in order to ensure as complete protection as possible of the personal data processed via this website. Nevertheless, internet-based data transmission can generally have gaps in security so that absolute protection cannot be guaranteed. For this reason, data subjects are free also to transmit personal data to us using alternative paths, for example by telephone.
1. Definition of Terms
a) Personal data
Personal data is all information that relates to an identified or identifiable natural person (subsequently “data subject”). A natural person is seen to be identifiable if they can be identified, directly or indirectly, in particular by allocation to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, financial, cultural or social identity of this natural person.
b) Data subject
A data subject is every identified or identifiable person whose personal data can be processed by the data controller.
Processing is every process or series of processes executed with or without the help of automated procedures in connection with personal data, such as collecting, recording, organising, arranging, storing, adjusting or amending, reading, retrieving, using, disclosing through transmission, distributing or any other form of provision, comparison or linking, restricting, erasing or destroying.
d) Restriction of processing
Restriction of processing is marking stored data with the aim of restricting its future processing.
Profiling is every type of automated processing of personal data that consists of this personal data being used in order to evaluate certain personal aspects that relate to a natural person, in particular in order to analyse or forecast aspects regarding work performance, their financial situation, health, personal preferences, interests, reliability, conduct, place of residence or change of location of this natural person.
Pseudonymisation is the processing of personal data in a manner in which the personal data cannot be allocated to a specific data subject without drawing on additional information, if this additional information is separately stored and subject to technical and organisational measures that guarantee that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or data controller
A controller or data controller is the natural person or legal entity, public authority, institution or other centre that decides on the purpose and means of processing personal data alone or together with others. If the purpose and means of this processing are stipulated by Union law or the law of the member states, the controller can be provided with the certain criteria for this appointment in accordance with Union law or the law of the member states.
h) Order processor
The order processor is a natural person or legal entity, public authority, institution or other centre that processes personal data on behalf of the controller.
A recipient is a natural person or legal entity, public authority, institution or other centre to whom personal data is disclosed, regardless of whether a third party is concerned or not. However, public authorities that within the scope of a certain investigation mandate in accordance with Union law or the law of the member states that possibly receive personal data are not deemed to be recipients.
j) Third party
A third party is a natural person or legal entity, public authority, institution or other centre apart from the data subject, the controller, the order processor and the persons authorised under the direct responsibility of the controller or the order processor, to process the personal data.
Consent is every declaration of intent given by a data subject voluntarily for the certain case in an informed manner in the form of a declaration or another clearly made action with which the data subject intimates that they consent to the processing of the relevant personal data.
2. Name and address of the data Controller
The controller in accordance with the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions with a data protection character is:
The data subject can prevent cookies being set at any time by correspondingly setting the internet browser used and thus permanently preventing the setting of cookies. Furthermore, cookies that have already been set can be deleted via an internet browser or another software program at any time. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, under some circumstances it will not be possible to use all the functions of our website.
4. Recording general data and information
The website of Hilpress GmbH records a range of general data and information on every retrieval of the website by a data subject or an automated system. This general data and information will be stored in the server log files. The following can be recorded:
- (1) the browser types and versions used,
- (2) the operating system used by the accessing system,
- (3) the website from which the accessing system came to our website (so-called referrer),
- (4) the sub-websites that are steered to our website via an accessing system,
- (5) the date and time of an access to the website,
- (6) an Internet Protocol address (IP address),
- (7) the Internet Service Provider of the accessing system and
- (8) other similar data and information that serve to avert dangers in the event of attacks on our information technology systems.
When using this general data and information, Hilpress GmbH will not draw any conclusions about the data subject. Instead, this information is required to
- (1) correctly deliver the contents of our website,
- (2) optimise the contents of our website and the advertising for it,
- (3) guarantee the permanent functionality of our information technology systems and the technology of our website and
- (4) to provide the information necessary to investigate crimes to the criminal investigation authorities in the event of a cyberattack.
This anonymously collected data and information is therefore evaluated by Hilpress GmbH on the one hand, statistically, and furthermore, with the aim of improving data protection and data security in our company in order ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all the personal data given by the data subject.
5. Registration on our website
The data subject has the possibility to register on the website of the data controller with the disclosure of personal data. Which personal data is transmitted here to the data controller results from the relevant input screen used for the registration. The personal data inputted by the data subject is used exclusively for internal use at the data controller and is collected and stored for in-house purposes. The data controller can forward data to one or more order processors, for example a package service provider, which must also use the personal data exclusively for internal use, which has to be attributed to the data controller.
Furthermore, by registering on the website of the data controller, the IP address issued to the data subject by the Internet Service Provider (ISP), and the date and time of the registration will be stored. Data is stored against the background that this is the only way misuse of our services can be prevented and that this data enables any crimes that have been committed to be solved. In this respect the storage of this data is required to protect the data controller. This data will generally not be transmitted to third parties if there are no legal obligations for transmission or the transmission does not serve the purposes of a criminal investigation.
The registration of the data subject with voluntary disclosure of personal data serves the data controller to offer the data subject contents or services that due to the nature of the matter can only be offered to registered users. Registered persons are free to amend the personal data given for registration or to have it completely deleted from the database of the data controller at any time.
6. Subscribing to our Newsletter
Users are granted the possibility on the website of Hilpress GmbH to subscribe to our company's Newsletter. Which personal data is transmitted to the data controller when ordering the Newsletter results from the input screen used for this purpose.
Hilpress GmbH informs its customers and business partners at regular intervals by way of a newsletter about the company’s offers. Our company’s Newsletter can generally only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers for despatch of the Newsletter. For legal reasons, a confirmation mail using the double-opt-in procedure will be sent first to the email address entered by the data subject for the despatch of the Newsletter. This confirmation mail serves to check whether the holder of the email address as the data subject has authorised receipt of the Newsletter.
Furthermore, when registering for the Newsletter we store the data subject’s IP address issued by the Internet Service Provider (ISP) at the time of registration, the computer system used and the date and time of registration. The collection of this data is required in order to be able to trace any (possible) misuse of a data subject’s email address at a later time and therefore serves as legal protection for the data controller.
The personal data collected within the scope of registering for the Newsletter is used exclusively to send our Newsletter. Furthermore, subscribers to the Newsletter will be informed by email if this is required to operate the Newsletter service or for a registration in this respect, as could be the case in the event of changes to the Newsletter range or when changing the technical circumstances. The personal data collected within the scope of the Newsletter service will not be transmitted to third parties. Data subjects can cancel a subscription to our Newsletter at any time. The consent to the storage of personal data that the data subject has issued to us to despatch the Newsletter can be revoked at any time. There is a link for the purpose of revoking consent in every Newsletter. Furthermore, it is possible at any time also to unsubscribe from despatch of the Newsletter directly on the data controller’s website or to report this to the data controller in another manner.
7. Newsletter tracking
The Newsletter of Hilpress GmbH contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails that are sent in HTML format in order to enable log file recording and a log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be conducted. On the basis of the embedded tracking pixels Hilpress GmbH can recognise whether and when an email is opened by a data subject and which links in the email were retrieved by the data subject.
Such personal data collected via tracking pixels contained in the Newsletters will be stored and evaluated by the data controller in order to optimise the despatch of the Newsletter and adjust the content of future Newsletters even better to the interests of the data subject. This personal data will not be transmitted to third parties. Data subjects are entitled to revoke the special declaration of consent given in this respect via the double opt-in procedure at any time. After a revocation the data controller will erase this personal data. Unsubscribing from receipt of the Newsletter automatically indicates a revocation to Hilpress GmbH.
8. Contact possibilities via the website
Due to legal regulations, the website of Hilpress GmbH includes disclosures that enable making quick electronic contact with our company and direct communication with us, which also includes a general address for so-called electronic post (email address). If a data subject makes contact with the data controller by email or via a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted by a data subject on a voluntary basis to the data controller will be stored for the purposes of processing or making contact with the data subject. This personal data will not be transmitted to third parties.
9. Routine erasure and blocking of personal data
The data controller processes and stores personal data of data subjects only for the period of time required to achieve the purpose of storage or if this is provided for by European directive and regulation legislators or by another legislator in acts or regulations to which the data controller is subject.
If the storage purpose lapses or if a storage period set by European directive and regulation legislators or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with legal regulations.
10. Rights of the data subject
a) Right to confirmation
Every data subject has been granted the right by European directive and regulation legislators to demand confirmation from the data controller whether relevant personal data is processed. If a data subject would like to claim this confirmation right, they can contact our Data Protection Officer or another employee of the data controller at any time.
b) Right to information
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation legislators to receive information free of charge from data controllers about the personal data stored about them and a copy of this information. Furthermore, European directive and regulation legislators entitle data subjects to receive the following information:
- The processing purposes
- The categories of personal data processed
- The recipients or categories of recipients to whom the personal data is disclosed or is still to be disclosed, in particular concerning recipients in third countries or at international organisations
- If possible the planned duration for which the personal data is stored or, if this is not possible, the criteria for setting this Duration
- The existence of a right to correct or erase the personal data that affects them or to restrict processing by the controller or a right of revocation of this processing
- The existence of a right of complaint to a supervisory authority
- If the personal data is not collected from the data subject: all available information about the origin of the data
- The existence of automated decision-making including profiling as per Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved and the scope and desired effects of such processing on the data subject
Furthermore, the data subject is entitled to a right of information about whether personal data has been transmitted to a third country or to an international organisation. If this is the case, the data subject otherwise has the right to receive information about suitable guarantees in connection with the transmission. If a data subject would like to claim this information right, they can contact our Data Protection Officer or another employee of the data controller at any time.
c) Right to correction
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation legislators to demand the immediate correction of inaccurate personal data relating to them. Furthermore, the data subject is entitled to the right to demand, taking into consideration the purpose of the processing, the completion of incomplete personal data — including by means of a supplementary declaration.
If a data subject would like to claim this correction right, they can contact our Data Protection Officer or another employee of the data controller at any time.
d) Right of erasure (right to be forgotten)
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation legislators to demand from the controller that they erase the relevant personal data without delay, if one of the following reasons apply and insofar as processing is not required:
- The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
- The data subject revokes their consent on which processing is based as per Art. 6 (1) a GDPR or Art. 9 (2) a GDPR and there is no other legal basis for the processing.
- The data subject objects to the processing as per Art. 21 (1) GDPR and there are no overriding legal grounds for the processing or the data subject objects to the processing as per Art. 21 (2) GDPR.
- The personal data was illegally processed.
- It is necessary to erase the personal data to meet a legal obligation in accordance with Union law or the law of the member states to which the controller is subject.
- The personal data was collected in relation to the services offered by the information company as per Art. 8 (1) GDPR.
If one of the grounds specified applies and a data subject would like to erase personal data stored at Hilpress GmbH, they can contact our Data Protection Officer or another employee of the data controller for this purpose at any time. The Data Protection Officer of Hilpress GmbH or another employee will ensure the erasure request is met without delay.
If the personal data was made public by Hilpress GmbH and if our company is obliged to erase the personal data as the controller as per Art. 17 (1) GDPR, Hilpress GmbH will take appropriate actions, taking into consideration the available technology and the implementation costs, including of a technical nature, in order among others to inform the data processing controller that processes the published personal data that the data subject affected by this other data processing controller has demanded the erasure of all links to this personal data or copies or duplicates of this personal data, insofar as the processing is not required. The Data Protection Officer of Hilpress GmbH or another employee will ensure the necessary actions are carried out in the individual case.
e) Right to restriction of processing
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation legislators to demand the restriction of processing by the controller if one of the following conditions applies:
- The accuracy of the personal data is disputed by the data subject and this is disputed for a period that enables the controller to check the accuracy of the personal data.
- The processing is illegal, the data subject rejects the erasure of the personal data and demands instead the restriction of use of the personal data.
- The controller no longer requires the personal data for the purposes of processing but the data subject requires it to assert, exercise or defend legal claims.
- The data subject has objected to processing as per Art. 21 (1) GDPR and it has not yet been established whether the justified grounds of the controller outweigh those of the data subject.
If one of the conditions specified exists and a data subject would like to demand the restriction of personal data stored at Hilpress GmbH, they can contact our Data Protection Officer or another employee of the data controller for this purpose at any time. The Data Protection Officer of Hilpress GmbH or another employee will ensure the restriction of the processing.
f) Right to data portability
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation legislators to receive the personal data relating to them, which was provided by the data subject to a controller, in a structured, common and machine-readable format. The data subject also has the right to transmit this data to another controller without impediment by the controller to whom the personal data was provided, if the processing relates to the consent as per Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or to a contract as per Art. 6 (1) b GDPR and the processing is done with the help of automated procedures, if the processing is not required to carry out a task that is in the public interest or in exercising public authority, which was transferred to the controller.
Furthermore, the data subject has the right when exercising their right as per Art. 20 (1) GDPR to effect that the personal data is transmitted directly from one controller to another controller, insofar as this is technically feasible and if the rights and freedoms of other persons are not impaired.
To assert the right to data portability the data subject can contact the Data Protection Officer appointed by Hilpress GmbH or another employee.
g) Right to objection
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation legislators to object on grounds that result from their particular situation to the processing of personal data that relates to them that is done on the basis of Art. 6 (1) e or f GDPR. This also applies to any profiling done based on these provisions.
In the event of an objection Hilpress GmbH will no longer process the personal data, unless we can prove mandatory grounds worthy of protection for the processing that outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.
If Hilpress GmbH processes personal data in order to make direct advertising, the data subject has the right to object to the processing of the personal data for the purposes of such advertising at any time. This also applies to profiling, insofar as this is connected with such direct advertising. If the data subject makes an objection to Hilpress GmbH against processing for the purposes of direct advertising, Hilpress GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds that result from their particular situation, to object to the processing of personal data relating to them done at Hilpress GmbH for scientific or historical research purposes or for statistical purposes as per Art. 89 (1) GDPR, unless such processing is required for a task that is in the public interest.
To exercise the right of objection the data subject can directly contact the Data Protection Officer of Hilpress GmbH or another employee. Furthermore, the data subject is free to exercise their right of objection in connection with the use of services of the information company, regardless of Directive 2002/58/EC, by means of an automated procedure for which technical specifications are used.
h) Automated decisions in individual cases including profiling
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation legislators not to be subject to a decision relating exclusively to automated processing — including profiling — that has a legal effect on them or considerably disadvantages them in a similar manner, if the decision (1) is not required to conclude or fulfil a contract between the data subject and the controller, or (2) on the basis of legal regulations of the Union or the member states to which the controller is subject this is permissible and these legal regulations contain appropriate measures to protect the rights and freedoms as well as the justified interests of the data subject or (3) is taken with the explicit consent of the data subject.
If the decision (1) is required to conclude or fulfil a contract between the data subject and the controller or (2) is taken with the explicit consent of the data subject, Hilpress GmbH will take appropriate measures in order to protect the justified interests of the data subject, which includes at least the right to effect the intervention of a person by the controller, to present their own viewpoint and to appeal against the decision.
If a data subject would like to assert this right in connection with automated decisions, they can contact our Data Protection Officer or another employee of the data controller at any time.
i) Right to revoke data protection consent
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation legislators to revoke any consent given to process personal data at any time.
If a data subject would like to assert their right to revoke any consent, they can contact our Data Protection Officer or another employee of the data controller at any time.
11. Data protection for applications and in application procedures
The data controller collects and processes the personal data of applicants for the purposes of transacting the application procedure. This processing can also be done via electronic pathways. This is the case in particular if an applicant transmits application documents using electronic pathways, for example, by email or via a web form on the website, to the data controller. If the data controller concludes a contract of employment with an applicant, the transmitted data will be stored to transact the employment relationship in compliance with legal regulations. If the data controller does not conclude a contract of employment with an applicant, the application documents will be automatically erased two months after notification of the rejection decision, if an erasure is not contradicted by any other justified interests of the data controller. Another justified interest in this sense can be, for example, proceedings in accordance with the German Equality Act (Allgemeines Gleichbehandlungsgesetz, or AGG).
12. Legal basis of processing
Art. 6 (I) a GDPR serves as the legal basis for our company for processing procedures for which we obtain consent for a certain processing purpose. If processing personal data is required to fulfil a contract whose contracting party is the data subject, for example, as is the case for processing procedures that are necessary to deliver merchandise or provide another service or return service, this processing relates to Art. 6 (I) b GDPR. The same applies to such processing procedures that are required to conduct pre-contractual measures, such as in cases of enquiries about our products or services. If our company is subject to a legal obligation that requires a processing of personal data, for example, to fulfil taxation obligations, the processing will be based on 6 (I) c GDPR. In rare cases the processing of personal data can be required in order to protect essential interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our business were injured and as a result, their name, age, health insurer data or other essential information had to be transmitted to a doctor, a hospital or another third party. Then the processing would relate to Art. 6 (I) d GDPR. Finally, processing procedures can relate to Art. 6 (I) f GDPR. Processing procedures that are not covered by any of the aforementioned legal bases are based on this legal basis, if the processing is required to protect a justified interest of our company or a third party, if these do not outweigh the interests, fundamental rights and fundamental freedoms of the data subject. We are therefore permitted to carry out such processing procedures because these are mentioned in particular by European legislators. These legislators are of the opinion that a justified interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).
13. Justified interests in processing pursued by the controller or a third Party
If the processing of personal data is based on Article 6 (I) f GDPR, our justified interest is conducting our business activity in favour of the wellbeing of all our employees and our shareholders.
14. Term for which personal data is stored
The criterion for the term of storage of personal data is the relevant legal retention period. After expiry of this period the corresponding data is routinely erased, if it is no longer required to fulfil a contract or to initiate a contract.
15. Legal or contractual regulations for providing personal data; requirement for conclusion of a contract; obligation of the data subject to provide the personal data; possible consequences of non-Provision
We must explain to you that the provision of personal data is in part legally stipulated (e.g. tax regulations) or may result from contractual regulations (e.g. disclosures on the contractual partner). Sometimes, in order to conclude a contract, it can be required that a data subject provides us with personal data that we consequently have to process. For example, the data subject is obliged to provide personal data if our company concludes a contract with them. The consequence of non-provision of personal data is that the contract could not be concluded with the data subject. Before the data subject provides personal data, the data subject must contact our Data Protection Officer. Our Data Protection Officer will explain to the data subject whether the provision of personal data is legally or contractually stipulated or is required to conclude the contract, whether there is an obligation to provide the personal data and which consequences the non-provision of the personal data would have.
16. Existence of automated decision-making
As a responsible company we waive the use of any automated decision-making or profiling.