Data Protection Declaration
Welcome to the websites of Häfele SE & Co KG, www.haefele.de or www.hafele.com. The protection of your data is important to us. We would therefore like to inform you in the following about which data from your visit we will be using for which purpose.
Controller within the definition of the General Data Protection Regulation (the “GDPR”) and other data protection provisions: applicable within the Member States of the European Union is:
Häfele SE & Co KG (“Häfele”)
72202 Nagold, Germany
Phone: + 49(0) 74 52 95 0
Fax: + 49 (0) 74 52 95 2 00
2. Contact data of the Data Protection Officer
Häfele's Data Protection Officer can be contacted as follows:
Häfele SE & Co KG
Data Protection Officer
72202 Nagold, Germany
3. Data processing
3.1. General information
Personal data is all data that can identify you personally, such as your name, address, email address and online user names. The personal data of our users is used as follows:
1. performing our services,
2. ensuring the delivery of technical support.
Unless otherwise described in the following sections, in general no personal data will be collected, processed or used in connection with the use of this website.
3.2. Storage of access data, creation of log files
Whenever a user accesses a page on this website, and whenever a file is accessed, access data about this procedure is recorded in a log file and saved. The recorded information is standard logging. Each data record consists of the following:
- Date/time of request
- Page from which the file was requested
- Pages retrieved via our website by the user's system
- Called up file name
- Transmitted volume of data
- Access status (file transferred, file not found)
- Description of operating system and web browser used, client IP address and user name (login data) of authenticated users
This data is used to deliver the content of our website, ensure the functionality of our information technology systems, and to optimise our online presence. The data may be used in an anonymised form for statistical purposes (see below), as well as for the purposes of data security, especially for error analysis and preventing hacking attempts (Art. 6 (1f) GDPR). Access rate will not be used for the creation of individual user profiles, nor be passed onto third parties, and will be erased after 90 days at the latest.
3.3. Use of IP addresses
Each time our homepage is accessed, Häfele uses the client IP address to determine the country from where the access is made, in order to route the requesting party to the specific Häfele homepage of the relevant country. This data is not used further, with the exception of the storage of access data, and creation of log files described under No. 3.2.
3.4. Contact form
If there is an option for entering personal or business information on this website, the information is always entered voluntarily. Information required to perform the desired operation is designated with an asterisk ‘*’. If you provide us with personal or business information via the contact forms, we will only use it for the respective intended purpose. Your consent constitutes the legal basis for this (Art. 6 (1a) GDPR). Data transfers are encrypted using SSL or TLS technology in order to prevent the unauthorised access of your personal data by third parties.
3.5. Supplier portal
You enter your surname, first name and other business data in order to register for the supplier portal. This will enable you to access our services for suppliers. The data will be stored for the duration of the registration, for the purpose of performing the contract and in order to fulfil statutory obligations. The legal basis for this is Art. 6 (1 a and b) GDPR. You may cancel your registration at any time. In that case, your access will be blocked immediately and erased upon the expiry of the statutory retention obligations.
3.6. Chat function
If you use the website’s chat function to contact the customer service, various information will be communicated to the customer service when initialising the chat (Art. 6 (1 a) GDPR). This information includes the website Help function invoked by you, and your browser and operating system versions. In addition, the chat platform will regularly relay information concerning the accessibility of the chat service at regular intervals. Based on this information, the website's button for starting the chat will either be activated or deactivated. We store the Chat history for a maximum period of 6 months to ensure that the issue can be transferred seamlessly if there is ever a change made to the support staff, and to improve our service quality with the aid of analyses performed on the history data statistics.
You have the opportunity of subscribing to our newsletter. To do so, you are required to enter your email address to which we will send the newsletter. If you enter this into the input screen, we will record your (company) name in order to address the newsletter personally to you. By entering your email address you agree that we may use your data for the purpose of sending the newsletter to tell you about our news. The legal basis for this processing is Art. 6 (1a) GDPR. Your email address will not be used for any other purpose. Häfele mails its newsletters using the XQueue Maileon mailing system. The system processes data to make improvements to the newsletter, such as technical optimisation of the mailing process and the presentation of the newsletter, for statistical purposes and for personalisation and other optimisation purposes. When the user opens the newsletter, a tracking pixel logs the opening, and every click made in the newsletter will be counted by a server-side forwarding system. The data is not used in any other way, nor is it passed on to third parties.
You can cancel your newsletter subscription and the consent you issued at any time; this will then take effect for the future. If you wish to cancel your newsletter subscription, please use the relevant button in the newsletter sent to you. Your email address will then be promptly erased from our system.
If you would like to place an order in our webshop, the conclusion of the contract requires you to provide your personal data that we need in order to execute your purchase order. An “*” indicates the mandatory information required to execute contracts; other data is voluntary. To place an order with us, you are required to enter your company-specific customer number. We will process the data provided by you, in order to execute your purchase order. To this end, we may forward your payment data to our house bank. The legal basis for this is Art. 6 (1 1st sentence b) GDPR.
We may also process the data you provide, in order to inform you about other interest products in our portfolio, or to send your emails containing technical information. The legal basis for this is Art. 6 (1 1st sentence f) GDPR.
We also process the data, sometime using automated processes, to analysis certain personal aspects (profiling). We use this for the purpose of giving you targeted product information and advice, and to provide you with recommendations. These analyses enable us to deliver appropriate communications and marketing, including market research and opinion polling.
To do this, in the web shop we use your personal customer master data as well as your order history data with Häfele (including outside of the web shop), the type and method of your interaction with the website or other Häfele services (e.g. newsletter). We use in-house developed programmes for this purpose. This data processing is performed in the pursuit of our overriding legitimate interest in a weighing of interests in the optimised presentation of our products and services, and in making appropriate recommendations of products in accordance with Art. 6 (1) (f) GDPR.
Commercial and tax law stipulations oblige us to store your address, payment and order details for a period of ten years. However, we will implement a limitation on processing after three years, meaning that your data will only be used in order to fulfil the statutory obligations.
The order procedure is encrypted using SSL or TLS technology in order to prevent the unauthorised access of your personal data – particularly your financial data – by third parties.
3.9. Use of apps
When you use the app, our servers will temporarily save the IP address of your device and other technical characteristics, such as the requested content (Art. 6 (1 b) GDPR). Häfele will not use the data over and beyond this. Our app enables you to use various functions provided by a third party (such as Apple or Google), and used by the "controller" of the data processing operation. Please consult the relevant operating system vendor for details on the functionality, and how you can turn the use on and off.
3.10. Integration of third-party services
We have integrated YouTube videos into our online site. This are stored on https://www.youtube.com/ and can be viewed directly via our website. These are all integrated into the “enhanced data protection mode”, meaning that YouTube will not receive any data about you as a user, if you do not play the videos. The data described in No. 3.3 will only be transferred if you view the videos. We have no control over this transfer of data.
We have integrated Google Maps – a service provided by Google LLC – into our website. (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA, as the third-party provider. When you visit the website, the third-party provider receives the information that you have retrieved the relevant sub-pages of our website. Furthermore, the data described in No. 3.3 of his notice will be transferred. This takes place regardless of whether this third-party provider provides a user account which you have logged into, or if no user account exists. If you are logged into the plug-in provider, this data will be directly correlated with your user account. If you do not wish the plug-in provider to make the correlation with your profile, you need to log out before activating the button.
Google stores this data for user profiles where relevant, and it uses the data for the purposes of advertising, market research and/or for the appropriate design of its website. This kind of analysis is particularly performed (not only for logged-in users) for the purpose of delivering appropriate advertising, and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles. You have to contact Google in order to exercise this right. The legal basis for this processing is Art. 6 (1f) GDPR.
Further information regarding the purpose of scope of the collection and the processing of this data by the plug-in provider can be found in Google’s Privacy Police: https://policies.google.com/privacy?hl=en-GB&gl=de. It also contains further information on your rights in this connection, and the configuration options to enable you to protect your privacy.
Cookies will be stored on your computer when you use our website. Cookies are small text files stored on your hard disk by your browser to make site-specific information available to the website using the cookie (in this case, our website). Cookies cannot run applications or transmit viruses to your computer. Their purpose is to make the general online experience more user-friendly and effective. The legal basis is Art. 6 (1) (a), if you have given your consent, or Art. 6 (1) (b) GDPR, if the cookies are needed for the operability of website functions.
Rechtsgrundlage ist Art. 6 Abs. 1 lit. a, wenn Sie Ihre Einwilligung gegeben haben, oder Art. 6 Abs. 1 lit. b DS-GVO, wenn die Cookies notwendig sind, um Funktionen der Website zu ermöglichen.
- This website uses the following types of cookies, and their scope and function is described below:
– transient cookies (see 2)
– persistent cookies (see 3).
- Transient cookies are automatically deleted when you close your browser. This also particularly include session cookies. These store what is known as a session ID, which correlates various queries made by your browser during one common session. This helps to identify your computer when you return to the website. Session cookies are deleted once you log out or close your browser.
- Persistent cookies are automatically deleted after a given time, that varies depending on the cookie. You may delete any cookie using the security preferences in your browser at any time.
- You can configure your browser settings as required and deny the acceptance of third-party cookies or all cookies. Please note that if you do so, you may not be able to enjoy all the services provided by this website.
You can withdraw your consent by changing the settings in the cookie consent tool.
We use the Site24x7 service (https://www.site24x7.com/de/) to monitor and ensure the operation of our website and its infrastructure.
A cookie with a user identification number is set during this process. The data are used for the purpose of real user measurement. The following data are cumulatively collected for all visitors to our site, and transferred anonymously to Site24x7.
- End-to-end response time
- Number of page views
- Number of sessions
- Apdex score
- Pages viewed
3.12. Google Analytics
This website uses Google Analytics, a web analytics service provided by Google LLC. (“Google“), Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how it is used. The information generated by the cookie on your use of this website will normally be transmitted to a Google server in the United States and stored there. This website uses Google Analytics with the extension "gat._anonymizeIp();" to guarantee the anonymous capture of IP addresses (“IP masking”). If IP anonymization is activated on this website, however, your IP address will be truncated by Google from within a member state of the European Union or from within any other country which is party to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server in the United States and truncated there. Google will use this information on our behalf for purposes of evaluating your use of the website, compiling reports on website activity and providing the website operator with other services relating to website use and internet usage. Google will not associate your IP address (sent by your browser and transferred via Google Analytics) with any other data held by Google. The legal basis for the processing of your personal data is Art. 6 (1f) GDPR.
You can withdraw your consent by changing the settings in the cookie consent tool.
3.14. Social Media presence
We maintain an online presence in Facebook, Instagram, Twitter and LinkedIn social networks to communicate with our business partners and to enter into contact with you as a visitor to this website. The operation of these pages incorporating the use of users’ personal data is performed on the basis of our legitimate interest in an auxiliary information and interaction facility with our customers in accordance with Art. 6 (1) (f) GDPR. If users are asked by the relevant platform operators to give their consent to the data processing described above, the legal basis for the processing is Art. 6 (1) (a), Art. 7 GDPR.
Please not that, as the operator of this site, we cannot preclude the transfer to, and subsequent processing of users’ personal data in third countries, such as the USA, as well as any risks this may entail to users (e.g. difficulties in asserting rights). U.S. providers with Privacy Shield certification have undertaken to comply with EU data privacy standards.
Users’ data are generally processed for market research and advertising purposes. User behaviour and users’ interests identified on that basis, can be used to create user profiles, for example. User profiles can, in turn, be used for displaying ads inside and outside of the platforms, for example. To this end, cookies are regularly saved on users’ computers, for the purpose of storing users’ behaviour and users’ interests. Data can also be stored in user profiles across any device.
In its decision of 5 June 2018, the European Court of Justice (ECJ) ruled that the operator of a Facebook fan page is a controller jointly responsible with Facebook for the processing of personal data. Facebook’s Data Policy contains further information on the processing of data: https://www.facebook.com/about/privacy/. Users can exercise their right to refuse here (opt-out): https://www.facebook.com/settings?tab=ads. Facebook Insights enable us to view statistical data for a range of categories. These statistics are generated and supplied by Facebook. As the operator of this page, we have no influence over the generation or presentation. We are not able to deactivate this function, or block the generation and processing of data. Information on this data processing is available direct from Facebook at https://www.facebook.com/legal/terms/information_about_page_insights_data.
The Instagram data policy is available here: https://help.instagram.com/155833707900388.
4. Transfer of data to third parties
We transfer your data to processors, these being companies we commission to process data within the legally defined parameters, Art. 28 GDPR (service providers, contractors). In this case, Häfele will still remain responsible for the protection of your data (i.e. we are the “controller"). We have implemented legal, technical and organisational measures, alongside the performance of regular controls, to ensure that processors comply with the provisions of the data protection laws. We commission contractors in the following areas in particular: IT, sales, marketing, finance, consulting, customer service, HR, logistics, printing.
We will also transfer your data to our co-operation partners, who deliver services to you under their own responsibility (suppliers, delivery companies). This is the case when you request us to deliver services from these partners, or if you consent to the involvement of the partner, or if we engage the partner in a situation in which we are legally permitted to do so, such as the performance of a contract, in accordance with Art. 6 (1 b)
Personal data is transferred within the Häfele Group for internal administrative purposes connected with centralised customer care and order processing. The legal basis for this is Art. 6 (1 f) GDPR. Häfele has instituted internal guidelines that obliged its companies to implement the technical/organisational measures for ensuring the security of data processing operations.
Finally, in certain cases we have a legal obligation to provide certain data to public agencies if requested.
5. Length of the storage
Unless otherwise described in this Data Protection Declaration, personal data will be erased once it has fulfilled its applicable, specified purpose, and there are no retention obligations preventing its erasure. Data is routinely erased following the expiry of the retention period, provided it is not needed for the initiation or fulfilment of a contract, and there is no other existing legal basis for the data processing.
6. Security of data processing
We maintain up-to-date technical and organisational measures for ensuring the security of the data processing operation, especially in order to protect your personal data from risks during data transfer and from becoming known to unauthorised third parties. These measures are modified in accordance with the current state-of-the-art, the need for protecting the personal data in question, and the risks to your rights and freedoms. Generally speaking, your data will be processed in Germany and within other European countries. If, in exceptional cases, your data is also processed in countries outside of the European Union (i.e. in “third countries”), this will take place to the extent that you have explicitly consented to it, or if it is necessary in order for us to deliver our service to you, or if it is stipulated by law (Art. 49 GDPR). Furthermore, your data will be processed in third countries only insofar as certain measures are in place to ensure that a reasonable level of data protection exists there (e.g. adequacy decision taken by the EU Commission or “appropriate safeguards”, Art. 44 et seqq. GDPR).
7. Rights of the data subject
You have the right
- to demand information concerning the categories of data processed, the purposes of the processing, any recipients of the data, the envisaged storage period (Art. 15 GDPR);
- to demand the rectification or augmentation of incorrect or incomplete data (Art. 16 GDPR);
- to withdraw consent at any time, effective for the future (Art. 7 (3) GDPR);
- to object to the processing of your personal data on grounds relating to your particular situation (Art 21 (1) GDPR);
- in certain cases defined in Art. 17 GDPR, to demand the erasure of data - especially insofar the personal data is no longer necessary for the envisaged purpose or if it is processed unlawfully, or if you withdraw your consent in accordance with (3) above, or if you have stated your objection in accordance with (4) above;
- under certain conditions, to demand the restriction to the processing of data, insofar as it is not possible to erase it, or the obligation to erase disputed (Art. 18 GDPR);
- to data portability, i.e. you are entitled to receive the personal data concerning you, which you provided to us, in a commonly used machine-readable format, such as CSV, and, where relevant, to transmit it to others (Art. 20 GDPR);
- to object to the competent data processing supervisory authority regarding the processing of your personal data; the competent supervisory authority in this case is the Data Protection Commissioner of Baden-Württemberg (https://www.baden-wuerttemberg.datenschutz.de/).
8. Amendment of the Data Protection Declaration
9. Data Protection Information for Applicants
Häfele takes your data privacy very seriously. When you provide us with your application documents and your personal data, you agree that this information may be collected, stored and used as part of the application process. The legal basis for the processing of this data is Art. 6 (1) b) GDPR.
Rights of the data subject
In accordance with the GDPR and the FDPA, you are entitled to be kept informed, to demand the correction, erasure and restrictions on the processing of your data, and its portability. If you wish to exercise your rights, please contact our Data Protection Officer.
Your data will be erased after 12 months at the latest, or in case of hiring it will be transferred to the personnel administration at Häfele. The legal basis for this is Art. 6 (1) b) GDPR. Your specific consent shall be required in order to retain your application in our pool of applicants, or to forward it to other companies within the Häfele Group.
Nagold, March 09, 2021