Data Protection Statement
Thank you for visiting our website. We take data protection very seriously and endeavour to protect your personal data within the scope of our website.
We understand personal data to mean any data on the personal and factual circumstances of a natural person. Personal data that is gathered on our website is exclusively used for our own purposes.
Consent: Where we have obtained your consent for processing procedures regarding personal data, Art. 6(1)(a) EU General Data Protection Regulation (GDPR) forms the legal basis for the data processing.
Agreement: When processing personal data required in order to fulfil a contract, to which you are a contracting party, Article 6(1)(b) GDPR forms the legal basis. This also refers to data processing activities required for the implementation of pre-contractual measures.
Statutory obligation: Where the processing of personal data is necessary in order to fulfil a legal obligation, to which our company is subject, Article 6(1)(c) GDPR forms the legal basis.
In the event of vital interests of you or another natural person making it necessary to process personal data, Article 6(1)(d) GDPR forms the legal basis.
Legitimate interest: Should the processing be necessary in order to protect a legitimate interest on the part of our company or a third party, and should the interests, basic rights and basic freedoms of the data subject not outweigh the first-named interest, Art. 6(1)(f) GDPR forms the legal basis for the processing. Our company’s legitimate interest lies in the execution of our business operations.
We process your data for the following corporate interests: The purpose of the data collection is to fulfill the legitimate interest of our company and of our service provider, to provide a secure, stable and trustworthy infrastructure for the service. The information we obtain is required to identify and defend attempted attacks, to detect notifiable data breaches, and to identify and fix errors of the system.
3. Rights of persons concerned
Within the context of our data processing activities, your personal data is processed. You are entitled to assert the rights arising from the third section of the GDPR vis-à-vis our company.
We observe the rights to information, correction, restriction of the processing, deletion and portability of your personal data. You may assert these rights as follows:
Right to information
Sie haben das Recht von uns eine Bestätigung darüber zu verlangen, ob wir sie betreffende personenbezogene Daten verarbeiten. Ist dies der Fall, so haben Sie ein Recht auf Auskunft über diese personenbezogenen Daten und auf folgende Informationen:
You are entitled to request confirmation from us about whether we process personal data concerning you. Should this be the case, you have a right to be informed about such personal data and to be given the following information: a) the purposes of the processing; b) the categories of personal data that are processed; c) the recipients or categories of recipients to whom the personal data has been disclosed or is yet to be disclosed, in particular in the case of recipients in countries outside the EU or in the case of international organisations; d) If possible, the scheduled duration for which the personal data is stored, or, should this not be possible, the criteria for determining such period of time; e) the existence of a right to correction or deletion of the personal data concerning you or to restriction of the processing by the controller or a right to object to such processing; f) the existence of the right to lodge a complaint with a supervisory authority; g) if the personal data is not gathered from the data subject, any information available on the origin of the data; h) the existence of automated decision-making, including profiling, in accordance with Art. 22(1) and (4) GDPR and — at least in such cases — meaningful information on the logic involved, as well as the impact and the intended effects of such processing for the data subject. Should personal data be transmitted to a country outside the EU or an international organisation, you are entitled to be briefed about the appropriate warranties pursuant to Article 46 GDPR in connection with the transmission. We are providing you with a copy of the personal data which is the subject of the processing. For any further copies that you request we may require you to pay an appropriate fee based on the administrative costs. Should you file the request for information electronically, we need to provide the information in a common electronic format, unless you have specified anything to the contrary. The right to receive a copy may not adversely affect the rights and freedoms of other individuals.
Right to correction
In addition, you are entitled to require the correction of any incorrect personal data concerning you without delay. Taking into consideration the purposes of the processing, you are entitled to request the completion of incomplete personal data — also by way of a supplementary declaration.
The right to deletion (“right to be forgotten”)
You are also entitled to require from us that personal data concerning you is deleted immediately, and we are obliged to delete personal data without delay, as long as one of the following reasons applies:
a) The personal data is no longer necessary for the purposes for which it was gathered or otherwise processed;
b) You revoke your consent, on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing;
c) you raise an objection to the processing under Article 21(1) GDPR, and no overriding legitimate reasons for the processing exist, or you raise an objection to the processing under Article 21(2) GDPR;
d) the personal data has been processed illegitimately;
e) the deletion of the personal data is necessary in order to fulfil a legal obligation under EU law or the law of the Member States, to which we are subject;
f) The personal data has been gathered in relation to information society services provided in accordance with Art. 8(1).
(2) Should we have published the personal data, and should we, in accordance with paragraph 1, be obliged to delete it, we shall, taking into account the available technology and the costs of implementation, take appropriate steps, also of a technical nature, to inform the controllers responsible for processing the data, who process the personal data, about the fact that you have requested the deletion of any links to said personal data or copies or replications of said personal data. This does not apply if the processing is necessary a) in order to exercise the right of free expression and information; b) in order to fulfil a legal obligation which the processing under EU law or the law of the Member States to which we are subject requires, or in order to take on a task that is in the public interest or is carried out in order to exercise any public authority that has been conferred upon us; c) for reasons relating to the public interest in the field of public health pursuant to Article 9(2)(h) and (i), as well as Article 9(3); d) in regard to archival purposes that are in the public interest, for scientific or historic research purposes, or for statistical purposes pursuant to Article 89(1), in so far as the right mentioned in paragraph 1 probably makes the implementation of the aims of such processing impossible or seriously impairs it; or e) in order to assert, exercise or defend any legal claims.
Right to restriction of the data processing
(1) The data subject is entitled to request the controller to restrict the processing if one of the following prerequisites exists:
a) the accuracy of the personal data is disputed by the data subject, and in fact for a period of time that enables the controller to check the accuracy of the personal data;
b) the processing is illegitimate and the data subject rejects the deletion of the personal data and instead requests that the use of the personal data be restricted;
c) the controller no longer needs the personal data for the purposes of the processing, however the data subject needs it in order to assert, exercise or defend any legal claims; or
d) the data subject raises an objection to the processing under Art. 21(1) GDPR, as long as it has not yet been established whether the controller’s legitimate reasons outweigh those of the data subject.
(2) Should the processing have been restricted in accordance with paragraph 1, such personal data may — except for being stored — only be processed with the consent of the data subject or in order to assert, exercise or defend any legal claims or to protect the rights of another natural or legal person, or for reasons relating to a significant public interest of the EU or a Member State. 4.5.2016 L 119/44 Official Journal of the European Union DE
(3) A data subject who has arranged for a restriction of the processing in accordance with paragraph 1 is informed by the controller before the restriction is lifted.
Article 19 The obligation to provide information in connection with the correction or deletion of personal data or the restriction of the processing
The controller shall inform any recipients whose personal data has been disclosed about any correction or deletion of the personal data or any limitation of the processing in accordance with Article 16, Article 17(1) and Article 18, unless it proves impossible or is associated with disproportionate effort. The Controller will inform the data subject about such recipients if the data subject requests it.
Art. 20 The right to data portability
(1) The data subject is entitled to be given the personal data concerning him or her, which he or she has provided to a controller, in a structured, common and machine-readable format, and is entitled, without any impediment, to have such data transmitted to another controller by the controller to which the personal data was provided, as long as
a) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, or a contract pursuant to Article 6(1)(b) GDPR; and
b) the processing is carried out using an automated procedure. (2) When exercising his or her right to data portability in accordance with paragraph 1, the data subject is entitled to have the personal data transmitted directly from one controller to another controller, in so far as this is technically feasible.
(3) The exercising of the right in accordance with paragraph 1 of the present article shall not affect Article 17. This right shall not apply to any processing which is necessary in order to take on a task that is in the public interest or exercise public authority that has been conferred upon the controller.
(4) The right in accordance with paragraph 2 may not adversely affect the rights and freedoms of other individuals.
In addition, you are entitled to consult our Data Protection Officer in regard to the above-mentioned rights, as well as in regard to any questions you may have in connection with the processing of your personal data.
Our customers may also assert their right to complain to the competent supervisory authorities.
Right to raise objections
You are entitled, for reasons arising from your particular situation, to raise an objection to the processing of any personal concerning you, at any time. Such an objection is to be based on Art. 6(1)(e) or (f) GDPR. This also applies to any profiling activities undertaken on the basis of this provision. The controller will then no longer process the personal data unless it can provide evidence of compelling reasons for the processing, worthy of protection, which outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending any legal claims.
2) Should your personal data be processed in order to effect direct marketing, you are entitled to raise an objection to the processing of personal data concerning you for the purpose of such advertising at any time in so far as it is connected with such direct marketing.
3) Should you raise an objection to the processing for direct marketing purposes, your personal data will no longer be used for said purposes.
4) In connection with the use of services of the information society, you may, notwithstanding Regulation 2002/58/EC, exercise your right of objection using automated procedures that make use of technical specifications.
5) You are entitled, for reasons arising from your particular situation, to raise an objection to the processing of personal data concerning you which is undertaken for scientific or historic research purposes or statistical purposes pursuant to Art. 89(1) GDPR at any time unless said processing is necessary in order to perform a task that is within the public interest.
Irrespective of any other legal remedy under administrative law or any judicial remedy, you are entitled to file a complaint with a supervisory authority if you are of the opinion that the processing of personal data concerning you is in breach of the EU GDPR.
4. Web server logs
Within the context of using our online content, the connection information is saved in the server log files. Such information includes:
• the IP address of the accessing system
• browser information, such as the operating system used and the monitor resolution
• the website accessed
• the referrer URL
• the date and time of access The web server logs are exclusively processed for security purposes.
We will use the log data only for statistical evaluations for the purpose of operating, optimizing and ensuring the security the website. We do, however, reserve the right to subsequently review the log data if, based on specific evidence, there is a justified suspicion of illegitimate use.
The content management system used to publish the website partly requires so-called session cookies for its function. These are randomly generated (session IDs) that are stored in volatile memory (RAM) during the active session and are used exclusively by the system itself. The information is lost after the session has ended or when the browser is closed and never saved as a file. There is no further use, evaluation or storage of cookie data.
6. Contact form
In the contact form you have the possibility to send any data to us. The data is forwarded by our web server by e-mail to the e-mail inbox of our company. Please note that communication via the contact form is not encrypted. For confidential communication, please use a secure communication channel in your own interest.
7. Data Privacy Contact
Responsible for data processing within the meaning of Art. 4 No. 7 of the GDPR is
HE System Electronic GmbH
Represented by the CEO Axel Weber and Peter Tix
Phone: +49-911-975 810
Data Protection Officer
Phone: +49-228-2861 4060
e-Mail: datenschutz [@] he-system.com