Legal information
Privacy Policy
This privacy policy has been translated from German, where inconsistencies occur, the German version will take precedence.
Responsible:
hydrograv GmbH, E-Mail: datenschutzbeauftragter@hydrograv.com
1. Scope and Legal Basis
(1) This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data within our online offering and the associated websites, features, and content.
(2) For the terminology used, such as “personal data” or “processing,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
(3) The term “user” refers to all categories of individuals whose personal data is processed. This includes our business partners, customers, prospective customers, and other visitors to our online offering.
(4) The personal data of users processed within the scope of this online offering includes:
- Inventory data, provided in the context of individual contact (e.g., user’s name),
- Contact data (e.g., email address, phone number),
- Usage data (e.g., websites visited within our online offering, interest in our services and products),
- Content data (e.g., information in emails), and
- Technical data (e.g., IP addresses, device information).
(5) The processing of personal data of users is primarily carried out for the following purposes:
- Provision of the online offering, its content, and functions,
- Performance of our contractual services,
- Customer care,
- Responding to contact inquiries and communication with users,
- Marketing, and
- Security of the online offering.
(6) We process personal data of users only in accordance with the relevant data protection regulations. This means that the data of users will only be processed if there is a legal basis for doing so. This is particularly the case when the processing of data is necessary to fulfill our contractual services (e.g., processing orders and bookings) and our online services, when there is user consent, or when it is based on our legitimate interests. Legitimate interests include the analysis, optimization, security, and economic operation of our online offering.
(7) We would like to point out that the legal basis for consents is article 6 section 1 sentence 1 letter a and article 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures is article 6 section 1 sentence 1 letter b GDPR, the legal basis for processing to fulfill our legal obligations is article 6 section 1 sentence 1 letter c GDPR, and the legal basis for processing to safeguard our legitimate interests is article 6 section 1 sentence 1 letter f GDPR.
2. Security Measures
(1) In accordance with article 32 GDPR, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection that is appropriate to the risk. These measures aim to protect the data we process against accidental or intentional manipulation, loss, deletion, or unauthorized access by third parties. Security measures also include encrypted transmission of data between your browser and our server.
(2) In addition, we have procedures in place to ensure the exercise of data subject rights, the deletion of data, and a response to data threats.
3. Disclosure of Data to Third Parties and Service Providers
(1) If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them, or grant them access to the data, this will only occur based on a legal permission. This applies, for example, to the transfer of data in accordance with Article 6(1)(1)(b) GDPR to third parties when necessary to fulfill the contract, when you have consented, when required by law, or based on our legitimate interests (e.g., when using processors, web hosts, etc.). If we commission third parties to process data on the basis of a so-called “Data Processing Agreement,” this will be based on Article 28 GDPR.
(2) If we process data in a third country (i.e., outside the European Union or the European Economic Area) or if this occurs within the scope of using services of third parties or disclosing or transferring data to third parties, this will only happen if the special conditions of Article 44 et seq. GDPR are met. This means that processing will occur, for example, based on special guarantees such as an officially recognized determination of an adequate level of data protection (e.g., for the USA through the “Privacy Shield”) or through the use of officially recognized special contractual obligations (so-called “Standard Contractual Clauses”).
4. Collection of Access Data and Log Files, Statistical Evaluation
(1) Based on our legitimate interests within the meaning of Article 6(1)(f) GDPR, we collect data about each access to the server on which this service is hosted (so-called server log files). This data is technically required to display the respective website and ensure its stability and security. The access data includes, in particular, the name of the accessed website, file, date and time of access, amount of data transferred, message about successful access, browser type and version, the user’s operating system, the previously visited website, and the IP address.
(2) Log file information is stored for security reasons (e.g., to clarify misuse or fraud) for a maximum of seven days and then deleted. Data that needs to be retained for evidentiary purposes is excluded from deletion until the respective incident is resolved.
(3) We also use log file information for statistical evaluations based on our legitimate interests within the meaning of Article 6(1)(f) GDPR using the program AWstats. The program does not use cookies for the evaluation. Additionally, no data is transmitted to a third party, as the program is installed on our servers.
5. Cookies
(1) Cookies are small text files that are stored on your device and assigned to the browser you are using, through which specific information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the internet offering more user-friendly and efficient.
(2) Cookies are categorized as transient and persistent cookies. Transient cookies are automatically deleted when you close the browser. This includes, in particular, session cookies. These store a session ID, which allows the various requests from your browser to be assigned to the same session. This enables your device to be recognized when you return to the respective website. Session cookies are deleted when you close the browser. Persistent cookies are stored on your device between browser sessions so that your preferences or actions can be remembered across multiple websites. Persistent cookies are automatically deleted after a preset duration. We use a cookie to store the user’s decision on the cookie banner, which is deleted after one month, unless the user deletes it earlier via their browser. Additionally, cookies may be set through third-party services and content, about which the users will be informed throughout the privacy policy.
(3) You can delete cookies at any time in your browser’s security settings. You can also configure your browser settings according to your preferences and reject the acceptance of third-party cookies or all cookies. We inform you that, in such cases, you may not be able to use all features of our online offering.
(4) You can object to the use of cookies for measuring reach and marketing purposes via the opt-out page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
6. Contacting Us
When contacting us via email, the user’s information (email address, name, and possibly phone number) is processed to handle the inquiry and its handling according to Article 6(1)(1)(b) GDPR.
(a) Contact at an Exhibition Stand – Information regarding data processing at our trade show stand can be found here.
7. Embedding YouTube Videos
Within our website, we use the YouTube embedding function to display and play YouTube videos with your consent pursuant to Section 25 section 1 TDDDG in conjunction with Article 4 No. 11, Article 7 GDPR. The processing of your personal data in connection with the embedding is based on your consent pursuant to Article 6(1)(1)(a) GDPR. Your consent also explicitly covers the potential global transfer and processing of data by other subsidiaries of Google LLC according to Article 49(1)(1)(a) GDPR. We would like to explicitly point out possible risks, such as the extensive access rights of law enforcement agencies and the more difficult enforcement of data protection rights.
By displaying the video content, the user’s IP address and other browser-related information are transmitted to Google. When embedding videos in the extended privacy mode, no further personal data is processed. Only upon clicking the video for viewing, additional information is transmitted to Google to enable the video content to be displayed. If you are logged into YouTube, Google associates this information with your personal user accounts.
The purpose and scope of data processing by Google and your related rights and privacy settings can be found in Google’s privacy policy Google’s privacy policy.
8. Embedding Google Maps
With your consent pursuant to Article 6(1)(1)(a) GDPR and regarding the setting of cookies pursuant to Section 25 sub-section 1 TDDDG in conjunction with Article 4 No. 11, Article 7 GDPR, we embed Google Maps, an online map service provided by Google Ireland Limited (“Google”) using European server locations to display our location and possible routes. Your consent explicitly also covers the potential global transfer and processing of data by other subsidiaries of Google LLC, as per Article 49(1)(1)(a) GDPR. We wish to point out potential risks, such as difficulties in enforcing data protection rights.
Through the integration and use of the map content, both usage data (e.g., access times, possibly entered addresses for route planning) and communication data (e.g., IP addresses) may be processed by Google. We have no influence over the further processing of personal data by Google. The cookies set by Google Maps to ensure functionality are deleted at the end of the session.
The purpose and scope of data processing by Google and your rights and privacy settings can be found in Google’s privacy policy.
9. Your Rights
(1) Users have the right to request free information about the personal data processed by us.
(2) Users also have the right to rectify incorrect data, restrict processing, and delete their personal data, where applicable, the right to data portability, and in the event of unlawful data processing, the right to lodge a complaint with the relevant supervisory authority.
(3) Users may also revoke their consent for the future.
10. Deletion of Data
(1) Data stored with us will be deleted as soon as it is no longer necessary for its intended purpose and no legal retention periods prevent deletion. If user data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax reasons.
(2) Retention occurs in accordance with legal requirements for 6 years under Section 257 sub-section 1 HGB (e.g., for commercial and business correspondence) and for 10 years under section 147 sub-section 1 AO (e.g., for commercial books and accounting documents).
11. Right to Object
Users can object to the future processing of their personal data at any time in accordance with the legal requirements. The objection can, in particular, be made against the processing for direct marketing purposes.
12. Provision of Personal Data
The provision of personal data for the use of our online offering is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are also not obliged to provide personal data to us in the context of this online offering.
13. Automated Decision-Making
We do not engage in automated decision-making or profiling pursuant to Article 22 GDPR.
14. Changes to the Privacy Policy
Users are encouraged to regularly check the contents of our privacy policy. We will adjust the privacy policy as soon as changes to our data processing or legal requirements make it necessary. We will inform you as soon as changes require your participation (e.g., consent) or another individual notification.