Skip to main content

Privacy policy

 

Thank you for your interest in our company and for visiting our website. We would like to inform you below about the scope of your personal data, in particular which of your personal data we collect when you visit our website and for what purposes it is used. 

 

As a company with an international presence, we are subject to the applicable data protection regulations in the countries in which we operate. The requirements, rights and obligations regarding personal data or data processing by us may vary depending on the location and applicable law. The following information represents what applies within the scope of the General Data Protection Regulation (hereinafter referred to as "GDPR") and the German Federal Data Protection Act (hereinafter referred to as "BDSG"). This Privacy Policy does not create any rights or obligations that go beyond what applies under the applicable local data protection law.

 

According to Article 4(1) GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your email address and also your IP address.

 

I. General information

 

1. Area of application

 

This privacy policy applies to the website of Henn GmbH. It does not apply to other Internet offers to which we merely refer by means of a so-called hyperlink.

 

Please note: Our website contains so-called hyperlinks to websites of other providers. When you activate these hyperlinks, you will be forwarded from our website directly to the website of the respective other provider. You can recognize this by the change of the Internet address (URL) in the display of your browser software.

 

2. Responsible person

 

Controller for the purposes of Article 4(7) GDPR and other national data protection laws applicable in Member states of the European Union and other provisions related to data protection is Henn GmbH, Augustenstr. 54, 80333 Munich, phone no.: +49 89 52 35 7-0, fax no.: +49 89 52 35 7-123, email address: info@henn.com. Authorized to represent the responsible party are its managing directors Martin Henn, Stefan Sinning and Werner Sonnleitner.

 

3. Contact details of the data protection officer

 

You can contact our data protection officer if you have any questions about data protection (e.g. about the protection of your personal data or about this privacy policy) or if you have any complaints about data protection. 

 

Robert Faußner, M.A.  

 c/o HEUSSEN Rechtsanwaltsgesellschaft mbH          

 Brienner Straße 9 / Amiraplatz             

 80333 Munich

Tel: +49 89 290 97 0     

 Fax: +49 89 290 97 200             

 E-Mail: datenschutzbeauftragter@heussen-law.de

 

4. Processing of your personal data

 

Processing (e.g. collection, storage, retrieval, consultation, use, disclosure, erasure or destruction) pursuant to Article 4(2) GDPR always requires a legal basis or your consent.

 

We will provide you with details on the processing of your personal data in the description of the respective data processing operation. This applies in particular:

 

- the purposes for which your personal data is to be processed and the legal basis for the processing; 

- if the processing is based on Article 6(1)(f) GDPR: the legitimate interests pursued by us or a third party; another legal basis is Section 25(2)(2) of the Telecommunications Telemedia Data Protection Act (TTDSG).

- if third parties receive your personal data from us: the recipients or categories of recipients of the personal data; 

- if applicable, our intention to transfer your personal data to a third country;

- whether the provision of the personal data is required by law or contract or is necessary for the conclusion of a contract, whether you are obliged to provide the personal data and what the possible consequences of non-provision would be.

 

5. Transfer of your personal data to third parties

 

We only pass on your personal data to third parties if you have given us your consent to do so or if there is a legal basis (e.g. based on the GDPR).

 

In accordance with Article 28 GDPR, we use external service providers as processors for the processing of personal data in the following areas: 

 

- IT

- Telecommunications

- Distribution

- Marketing 

 

When transferring data to external bodies in third countries (i.e. outside the European Union (EU) and the European Economic Area (EEA)), we ensure that these bodies treat your personal data with the same care as within the EU and the EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we ensure the careful handling of personal data through contractual agreements or other suitable guarantees.

 

6. Deletion and blocking of your personal data

 

Your personal data will be deleted or blocked as soon as it is no longer required for processing to fulfill legal obligations and the purpose for which it was stored no longer applies. 

 

Even after termination of a contract, it may be necessary to store your personal data in order to comply with contractual or legal obligations, e.g.

 

- for the fulfillment of retention obligations under commercial or tax law (e.g. according to the German Commercial Code and the German Fiscal Code) with retention periods of up to ten years, calculated from the end of the calendar year, or 

 

- to assert or exercise claims or rights or to defend against rights or claims, this within the framework of the statutory provisions on the statute of limitations, which can be up to 30 years from the respective statutory commencement of the limitation period. 

 

Further information on the storage period or deletion or blocking can be found in the description of the respective data processing operation.

 

7. No automated processing of your data, including profiling, which would produce legal effects concerning you

 

When using our website, you will not be subject to a decision based solely on automated processing of your data, including profiling (Article 13(2)(f) GDPR, Article 22(1) to (4) GDPR, Article 4(4) GDPR in conjunction with Section 37 BDSG) that would have a legal effect on you or would significantly affect you in a similar way. 

 

II. Individual data processing operations

 

1. Access to websites and files on our website

 

a) Type and scope of data processing

 

When you visit our website, you will use your browser software to transmit data to our web server in order to find the websites or files that you wish to access or retrieve. Each time you access a file or retrieve a file from our website, data about this process is automatically stored and processed in a log file on our web server. In detail, the following data is stored for each access or retrieval:

 

- Complete IP address of the requesting computer

- Date and time of the request 

- Website accessed or name of the file accessed

- Amount of data transferred

- Access status, i.e. message as to whether the file request was successful

- Internet address from which the file was requested, or the desired function was initiated

- Web browser and operating system used

 

b) Purpose and legal basis

 

The legal basis for the processing of your personal data is Article 6(1)(f) GDPR and Section 25(2)(2) of the Telecommunications and Telemedia Data Protection Act (TTDSG). The legitimate interest in the collection and processing of the aforementioned data, including the IP address, arises from the fact that this data is necessary to enable the use of our website, e.g. to display a website that has been called up. Without the processing of the aforementioned personal data, you cannot visit our website.

 

In addition, the legitimate interest in storing the IP address arises from the need to ensure IT security, in particular to protect our IT systems from misuse by unauthorized third parties and to defend against attempted attacks on our web server. This is also intended to protect the users of our IT systems and the personal data stored in our IT systems. In the event of attacks on our IT systems, we may be legally obliged to make the data in the log file available to the responsible authorities.

 

c) Storage period 

 

The data in the log file is stored for the period of the communication process, and the IP address is also stored for a maximum period of seven calendar days to ensure IT security. This data is then deleted.

 

 

d) Right of objection

 

If your personal data is processed in accordance with Article 6(1)(f) GDPR, you generally have the right to object in accordance with Article 21 GDPR. In the specific data processing operation, however, we have compelling legitimate grounds for processing the data, as we cannot provide and operate our website without processing this data.

 

2. Cookies

 

We use cookies. Cookies are small text files or pieces of information in a database that are stored on your device. Cookies can be assigned by the browser you use so that certain information can flow to the place that sets the cookie. Cookies cannot execute programs or contain viruses. Various types of cookies are used on our website, the nature and function of which are explained below.

 

Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, on the other hand, enable us to perform various analyses. For example, some cookies can recognize the browser you are using when you visit our website again and transmit various information to us. We use cookies to facilitate and improve the use of our website. Among other things, cookies enable us to make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device.

 

If cookies or cookie-like technologies are used in the context of data processing on this website, the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is based on your consent in accordance with Section 25(1)(1) of the Telecommunications Telemedia Data Protection Act (TTDSG) in conjunction with the requirements for data protection consent in accordance with Article 4(11), 7 GDPR. 

 

If the sole purpose of storing information or gaining access or information stored in the terminal equipment of users is a technical storage or access of carrying out or facilitating the transmission of a communication over an electronic communications network or is strictly necessary in order to provide an information society service explicitly requested by the user the data processing on this website is carried out on the basis of cookies or cookie-like technologies on the basis of Section 25 (2) TTDSG and a consent is not required.

 

For the following processing of personal data, the general provisions of the GDPR pursuant to Article 6(1) GDPR must be observed:

-             If you have given your consent, the legal basis for the following processing of personal data is Article 6(1)(a) GDPR. 

-             If the processing of personal data is necessary due to our legitimate interest, the legal basis for the following processing of personal data is Article 6(1)(f) GDPR. 

 

Temporary cookies / session cookies

Our website uses so-called temporary cookies or session cookies, which are automatically deleted as soon as you close your browser. This type of cookie makes it possible to record your session ID. As a result, various requests from your browser can be assigned to a common session and it is possible to recognize your end device on subsequent website visits. These session cookies expire at the end of the session.

 

Permanent cookies

So-called permanent cookies are used on our website. Permanent cookies are cookies that are stored in your browser for a longer period of time and can transmit information. The respective storage period differs depending on the cookie. You can view and delete permanent cookies yourself via your browser settings.

 

Configuration of the browser settings

 

Most web browsers are preset to accept cookies automatically. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may then no longer be able to use all the functions of our website. You can also use your browser settings to delete cookies already stored in your browser. It is also possible to set your browser to notify you before cookies are stored. As the various browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the corresponding configuration options. 

 

Deactivating the use of cookies may require the storage of a permanent cookie on your computer. If you subsequently delete this cookie, you will need to set it again for it to remain effective.

 

Cookie consent with the Borlabs Cookie consent management platform

 

Borlabs Cookie

 

This website uses a Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie preferences.

Borlabs Cookie does not collect any personal data.

The borlabs-cookie cookie stores the consent you have given when you entered the website. If you wish to revoke these consents, simply delete the cookie from your browser. If you re-enter/reload the website, you will be asked again for your cookie consent.

 

Cookie categories

 

We use the following categories of cookies:

 

Necessary cookies 

 

Necessary cookies ensure functions without which our website cannot be used as intended. These strictly necessary cookies are used, for example, to ensure that logged-in users always remain logged in when accessing various subpages. These are so-called first-party cookies; these cookies are used exclusively by us. As they are technically necessary, these cookies do not require consent. 

 

The legal basis for the processing of your personal data is Section 25(2)(2) TTDSG or Article 6(1)(f) GDPR, as we have a legitimate interest in maintaining the functionality of our website. As soon as the cookies are no longer required for the purposes described, they are deleted. In principle, you have the right to object in accordance with Article 21 GDPR. In the case of technically necessary cookies, however, we have compelling legitimate grounds for processing the data, because without processing this data we cannot provide our website or the respective functionality or cannot provide it properly.

 

 

Statistics cookies 

 

Statistics cookies collect information about how a website is used in order to improve its attractiveness, content and functionality. For example, the following data is collected:

•            Number of hits on a page or subpage 

•            Time spent on the website

•            Order of pages visited

•            Search terms 

•            Country, region, city from which access is made 

•            Proportion of mobile devices accessing our websites

•            Analysis of which areas of our website are of particular interest to you

The legal basis for the processing of this personal data is your consent in accordance with Section 25(1)(1) TTDSG in conjunction with Article 4(11), 7 GDPR or Article 6(1)(a) GDPR for the subsequent processing of personal data. As soon as the cookies are no longer required for the purposes described, the storage period ends or you revoke your consent, these cookies will be deleted.

 

Cookies by external services / other cookie-free data transfers to external services (external media)

 

External content from video and social media platforms is blocked by us by default. If you consent to the use of a cookie and/or the transfer of your data to the external providers, we will display this external content and transfer your data to the external providers. 

 

The legal basis for the processing of this data is your consent in accordance with Section 25 (1)(1) TTDSG in conjunction with Article 4(11), 7 GDPR or Article 6(1)(a) GDPR for the subsequent processing of personal data. As soon as this personal data is no longer required for the purposes described, the storage period ends or you revoke your consent, it will be deleted.

 

List of the cookies we use

 

Statistics cookies

 

Matomo 

a)           Type and scope of data processing 

Matomo is an open source software tool for web analysis. Matomo is a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, ("Matomo").

Among other things, a web analysis tool collects data about the website from which you came to a website (so-called referrer), which subpages of the website you accessed or how often and for how long you viewed a subpage. 

Matomo sets a cookie. The setting of the cookie enables us to analyze the use of our website. Each time one of the individual pages of this website is accessed, the Internet browser is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. 

 

Cookies are used to store personal information, such as the access time or the location from which access was made and the frequency of visits to our website. Each time you visit our website, this personal data is transmitted to our server from the Internet connection you are using. This personal data is stored by us and is not passed on to third parties.

In addition, we use Matomo with activated IP anonymization. This means that your IP  address is shortened before analysis so that it can no longer be clearly assigned to you. Matomo stores each new IP address of a visitor (ipv4 or ipv6 format) in the database, whereby the last components are removed to protect the user's privacy.

b)           Purpose of data processing

The purpose of the Matomo component is to analyze the flow of visitors to our website. We use the data and information obtained to evaluate the use of this website, among other things.

c)           Legal basis

The legal basis for the use of Matomo is your consent in accordance with Article(1)(a) GDPR.

d)           Storage period

The stored data will be deleted as soon as the cookie expires or you revoke your consent.

e)           Right of withdrawal

The stored data will be deleted as soon as you revoke your consent by deselecting the selected cookie category "Statistics " at "Change cookie settings ".

f)            Further information

Matomo processes data outside the EU, but there is a so-called adequacy decision for New Zealand. The European Commission has determined that New Zealand has a level of data protection comparable to European data protection law. 

 

Further information and the applicable data protection provisions of Matomo may be retrieved under https://matomo.org/privacy/.

g)           Recipient

As part of data processing, data is transferred to InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769.

 

Marketing cookies

 

Cookies by external services / other cookie-free data transfers to external services (external media)

 

 

4. Contact options by e-mail

a) Type and scope of data processing 

You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account you use to contact us and any personal data you provide when contacting us. If you send us an unencrypted e-mail, the e-mail is protected e-mail is not protected against unauthorized access or modification by third parties during transmission.

 

b) Purpose and legal basis       

The purpose of data processing is to enable us to respond to your request appropriately. The legal basis for this is Article 6(1)(f) GDPR. There is a legitimate interest in the processing of the above-mentioned personal data in order to be able to process your request properly, e.g. to answer your inquiry or fulfill your request for information.

 

c) Storage period          

The period of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted regularly if the purpose of the communication no longer applies and storage is no longer necessary. 

 

5. Online applications 

 

a) Type and scope of data processing

              

You can view job vacancies on our website under "Careers" and apply for a position with us using the online form. 

 

If you apply using the online form, we collect and store the data that you enter in our online form and send to us.

 

We need the information in the fields marked with an asterisk in order to process your application, to confirm receipt of your application electronically and to communicate with you. You can only send us your application if you have completed these fields. If you do not provide us with your data or do not provide it in full, this will not have any detrimental consequences for you, but we will generally not be able to process your application in this case.

 

Our decisions about inviting you to an interview and about whether or not to hire you are made by us on a case-by-case basis - in particular, they are not automated.

 

We reserve the right to anonymize applicant data so that it can no longer be traced back to you personally and then to evaluate it for internal statistical purposes. We will not carry out any further evaluation without your consent.

 

Alternatively, you are free to send us your application by e-mail. If you decide to communicate with us by e-mail, we recommend that you encrypt your documents and send us the password in a separate message. If you send us your application by unencrypted e-mail, your message and attachments are not protected against unauthorized access or alteration by third parties during data transmission. We recommend that you only use an e-mail inbox for your communication with us to which only you personally have access.

 

You can still send us your application by post. There is no obligation to use our website. 

 

b) Purpose and legal basis       

 

We process your data to process your application (in particular the assessment and selection of candidates, the preparation and conduct of job interviews, the evaluation and assessment of the results of these interviews and any further related measures that may be required), including the decision on the establishment of the employment relationship and for communication with you. We also process some applicant data in order to fulfill certain obligations arising from legal standards.

 

The legal basis for the processing is Article 88(1) GDPR in conjunction with Section 26(1)(8)(2) BDSG and additionally Article 6(1)(b) GDPR.

 

Within our company, access to your personal data is only granted to those persons who are involved in the decision (e.g. the company management, the HR department and your respective specialist contacts), insofar as this is necessary in each case.

 

Data will only be passed on to third parties if we are legally obliged to do so or if you have given us your consent. For example, we are legally obliged to transmit your data to public bodies and institutions (e.g. tax office and social security institutions) in connection with the recruitment of an employee. 

If you apply online under "Careers" to Henn GmbH for a position in the People's Republic of China and you expressly consent to the transfer of data, Henn Ltd, Sanlitun Soho-A-2102, Chaoyang District, 100027 Beijing, China will receive access to your application documents via the Persis applicant management software. The legal basis for this data transfer is Article 6(1)(a) GDPR in conjunction with Article 49(1)(a) GDPR.

 

When transferring data to external bodies in third countries, i.e. outside the EU or the EEA, we ensure that these bodies treat your personal data with the same care as within the EU or the EEA.

 

c) Storage period

 

aa) Your applicant data will be stored for the period of the review of your application.

 

bb) If the application procedure ends with a recruitment, i.e. the conclusion of an employment contract, our HR department will keep your data in the personnel file. In this case, the general time limits for the retention of personal data belonging to the personnel file apply. We will provide you with further information about the processing of your personal data in connection with your employment separately prior to your employment.

 

cc) If the application procedure ends with non-employment (e.g. because your application is unsuccessful or you withdraw your application), our HR department will proceed as follows, unless we are legally entitled or obliged to further storage in individual cases:

 

We store your data - protected against unauthorized access - in accordance with Section 61b (1) ArbGG in conjunction with Section 15 AGG for a maximum period of six months from receipt of the decision not to hire you, i.e. receipt of the rejection letter. Your data will only be accessed during this period in order to be able to justify our decision documented in this way if necessary upon request.

 

After this period has expired, we will delete or destroy your data. If you have applied by post, we will return your application documents to you by post once the application process has been completed if you provide us with a domestic postal address and inform us of your request in good time.

 

Further information can also be found in our data protection information for applicants in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR ).

 

6. Newsletter

 

a)           Type and scope of data processing

You can subscribe to a free regular e-mail newsletter on our website. To be able to send you the newsletter regularly, we need your e-mail address.

 

In connection with the sending of the newsletter, your data will be passed on to our newsletter service provider Campaign Monitor, Campaign Monitor Pty Ltd.

 

We use the so-called double opt-in procedure for sending newsletters.

This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive future newsletters from us by clicking on a corresponding link. This is to ensure that only you, as the owner of the e-mail address provided, can subscribe to the newsletter. Your confirmation must be made promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database. When you subscribe to the newsletter, we collect and store the data you enter in the input mask (e.g. surname, first name, email address). When you register for the newsletter, we also store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. In the confirmation e-mail sent for control purposes (double opt in e-mail), we also store the date and time of the click on the confirmation link and the IP address entered by the Internet service provider (ISP). 

 

The success of the newsletter is also measured. If you open our email newsletter, click on links contained therein, submit a website form after clicking on a link, or retrieve images in email newsletters, we can determine this and store this information. We can also determine the type of end device used and the location from which the retrieval was made by assigning your IP address.

b)           Purpose of data processing

The data collected by us when you register for the newsletter will be used exclusively for the purposes of advertising and market research via the newsletter.

c)           Legal basis

The processing of your email address for the newsletter mailing is based on your voluntary declaration of consent, which you can revoke at any time in the future, in accordance with Article 6(1)(a) GDPR and Section 7(2)(3) UWG. In addition, we process your personal data in order to document your consent (Article 6(1)(c) GDPR).

d)           Storage period

Your e-mail address will be stored for as long as you have subscribed to the newsletter. After you unsubscribe from the newsletter, your e-mail address will be deleted unless you have expressly consented to further use of your data.

e)           Recipient

Your personal data will be transmitted to our newsletter service provider Campaign Monitor, with whom we have concluded an order processing contract.

 

 

7. Linking to social networks

We link to our social media platforms on our website. 

We have linked a graphic of the respective network for this purpose. When you visit our website, no automatic connection is established to the respective server of the social network. The respective provider or operator of the pages is always responsible for the content of the linked pages. 

 

Only by clicking on the corresponding graphic will you be redirected to the service of the respective social network.

The following data is processed by the respective network:

•            IP address

•            Date, time

•            Visited website

If you are logged into your user account of the respective network during this time, the network operator may be able to assign the information collected from the specific visit to the user's personal account. 

 

If you interact via a "Share" button of the respective network, this information may also be stored in the user's personal user account and may be published. If you want to prevent the information collected from being directly assigned to your user account, you must log out of the respective social network before clicking on the graphic. You can also configure the respective user account accordingly.

 

We integrate the following social networks on our website through links:

•            Facebook 

Operator of the service: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

You can access the privacy policy for data processing on the Facebook fan page further down on this page.

 

•            Instagram

Operator of the service: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

You can access the privacy policy for data processing on Instagram further down on this page.

 

•            YouTube

Operator of the service: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Further information can be found in the privacy policy: https://policies.google.com/privacy

 

•            LinkedIn

Operator of the service: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Further information can be found in LinkedIn's privacy policy: https://de.linkedin.com/legal/privacy-policy 

The privacy policy for data processing on LinkedIn can be found further down on this page.

 

•            Vimeo

Operator of the service: Vimeo LLC, 555 West 18th Street, New York 10011, USA 

Further information can be found in the privacy policy: https://vimeo.com/privacy

 

•            WeChat

Operator of the service: Shenzhen Tencent Computer Systems Company Limited, Tencent Building, Kejizhongyi Avenue, Hi-Techpark, Nanshan District, Shenzhen, China

Further information can be found in the privacy policy: https://www.wechat.com/de/privacy_policy.html

 

III. Your rights as a data subject

 

1. individual rights

 

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights in particular vis-à-vis us as the controller:

 

> Right to information (Article 15 GDPR in conjunction with Section 34 BDSG)

 

You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and to further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned period of storage or the criteria for determining the period.

 

> Right to rectification and completion (Article 16 GDPR)

 

You have the right to request the rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

 

> Right to erasure ("right to be forgotten") (Article 17 GDPR in conjunction with Section 35 BDSG)

 

You have the right to erasure if the processing is not necessary. This is the case, for example, if your data is no longer required for the original purposes, if you have revoked your declaration of consent under data protection law or if the data has been processed unlawfully. 

 

> Right to restriction of processing (Article 18 GDPR)

 

You have a right to restriction of processing, e.g. if you believe that the personal data is incorrect.

 

> Right to data portability (Article 20 GDPR) 

 

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. 

 

------------------------------------------------------------------------------

> Right to object (Article 21 GDPR in conjunction with Section 36 BDSG)

 

You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you. 

 

In the case of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.

 

We have provided contact details that you can use to declare your objection in this privacy policy under "Controller".

------------------------------------------------------------------------------

 

 

 

> Right to withdraw your consent under data protection law (Article 7(3)(1) GDPR)

 

You can withdraw your consent to the processing of your personal data at any time with effect for the future. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

 

We have provided contact details that you can use to declare your revocation in this privacy policy under "Controller".

 

2. data processing in the exercise of rights

 

a) Type and scope of data processing

 

If you assert your rights under the GDPR and the BDSG against us, we will process the data you provide to us in order to fulfill your claim.

 

b) Purpose and legal basis

 

The legal basis for the processing of your data is Article 6(1)(f) GDPR. The legitimate interest arises from our obligation to fulfill your claim and our interest in avoiding sanctions (e.g. fine proceedings) by being able to demonstrate and prove whether and in what way we have fulfilled our obligations. 

 

c) Storage period

 

We store the data you transmit to us and the data we transmit to you to fulfill our obligations for the purpose of documentation until the expiry of the limitation periods under civil law and the law on administrative offenses, i.e. generally for a period of three years. The period begins at the end of the respective calendar year.

 

d) Right of objection

 

If your personal data is processed in accordance with Article 6(1)(f) GDPR, you generally have the right to object in accordance with Article 21 GDPR. In the specific data processing operation, however, we have compelling legitimate grounds for processing the data, because without storing this data we can neither demonstrate nor prove whether and in what way we have fulfilled our obligations to you.

 

3. right to lodge a complaint with a supervisory authority (Article 77 GDPR)

 

You can lodge a complaint with a supervisory authority at any time (Article 77 GDPR in conjunction with Section 19 BDSG), for example if you are of the opinion that the data processing does not comply with data protection regulations.

 

You can lodge such a complaint with the supervisory authority responsible for us in accordance with the provisions of the GDPR and the BDSG, among others:

 

Bavarian State Office for Data Protection Supervision

Promenade 18

91522 Ansbach

Postal address:            P.O. Box 1349, 91504 Ansbach

              Tel:                    0981/180093-0

              Fax:                  0981/180093-800

              E-Mail:              poststelle@lda.bayern.de

              Homepage:      https://www.lda.bayern.de

 

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

 

IV. Changes to our privacy policy

 

Our privacy policy serves to fulfill legal information obligations. We will update our privacy policy as necessary. You can access, save and print out the current version of our privacy policy at any time.

 

Contact details of the HENN data protection officer:

Robert Faußner, M.A.           

c/o HEUSSEN Rechtsanwaltsgesellschaft mbH     

Brienner Straße 9 / Amiraplatz         

80333 München

Phone: +49 89 290 97 0       

Fax: +49 89 290 97 200         

E-mail: datenschutzbeauftragter@heussen-law.de

 

Last modified: March 08, 2024