You can download our current data privacy policy as a *.pdf file at the following link (version: June 2019):  Download Data Privacy Policy (pdf)

Data privacy policy

The data privacy policy set out below applies to the use of the website (www.hit-holz.de) (hereinafter “website”).

We attach great importance to data privacy. The collection and processing of your personal data takes place in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) in the currently valid version. We collect and process your personal data in order to be able to offer you the website mentioned above. This policy describes how and for what purpose your data is collected and used and what choices you have in connection with your personal data. By using this website, you consent to the collection, use and transmission of your data in accordance with this privacy policy.

1. Responsible body

  1. Responsible body

The responsible body for the collection, processing and use of your personal data within the meaning of the GDPR is:

 

HIT Holzindustrie Torgau GmbH & Co. KG
Forstweg 1
04860 Torgau

 

The data protection officer of the controller is:
Andreas Schneider

RFS IT GmbH
Depotstraße 5 ½
86199 Augsburg
Email: info [AT] rfs-it [DOT] de 

 

If you wish to object to the collection, processing or use of your data by us in accordance with this privacy policy as a whole or if you wish to object to individual measures, you can address your objection to the responsible body mentioned above. You can save and print this privacy policy at any time.

2. Collection and storage of personal data as well as type and purpose of its use

  1. When visiting the website

When you visit our website www.hit-holz.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

    1. IP address of the requesting computer,
    2. Date and time of access,
    3. Name and URL of the retrieved file,
    4. Website from which access is made (referrer URL),
    5. Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The data mentioned will be processed by us for the following purposes:

    1. Ensuring a smooth connection to the website,
    2. Ensuring comfortable use of our website,
    3. Evaluating system security and stability as well as
    4. other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest arises from the data collection purposes listed above. Under no circumstances will we use the collected data for the purpose of drawing conclusions about your person. In addition, we use cookies and analysis services when you visit our website. Further details can be found under Nos, 4 and 5 of this privacy policy.

2. Customer acquisition, customer administration and order processing

In the course of customer acquisition, customer administration and order processing, we process personal data in addition to company-related data. The protection of your personal data is of particular concern to us. Your personal data is therefore processed exclusively on the basis of the legal provisions of the European General Data Protection Regulation and in accordance with the applicable country-specific data protection regulations. With the following transparency declaration, we inform you about the most important aspects of the data processing of your personal data in our company.

The following categories of personal data are processed by us:

    1. Company master data and contact data
    2. Contact person and contact details
    3. Product interest
    4. Offer documents
    5. Order data
    6. Contract documents
    7. User data (user names, access data)
    8. Billing data
    9. Payment data
    10. Bank details
    11. Comparable data
     

The personal data originates from the following source:
The personal data stored by us originates – on the one hand – from direct collection through contact on your part with our company, where you provide us with your data in the context of an inquiry, order placement, order processing, invoicing, etc.
The data stored by us may furthermore originate from industry directories or publicly accessible directories.
Moreover, the aforementioned data stored by us may originate from surveys of sales partners who provide us with the aforementioned data if you are interested in the product.
The data mentioned will be processed by us for the following purposes:

    1. Customer administration
    2. Order processing and handling
    3. Customer acquisition
    4. Inquiry processing
    5. Offer preparation
    6. Contacting for contract fulfilment
     

Duration for which we will store you personal data:
Your data will only be stored and processed for the purposes stated above. As soon as the purpose ceases to exist, your personal data will be deleted immediately, provided that there are no retention obligations to the contrary. If your personal data is processed for another purpose, we will inform you immediately about this change of purpose.
The processing of your personal data takes place on the following legal basis:

    1. Customer administration
    2. The legal basis for processing your personal data pursuant to Art. 6 para. (1) b consists in the performance of a contract (order processing, order handling, etc.) or pursuant to Art. 6 para. (1) b in the performance of pre-contractual measures (e.g. transmission of offers).
    3. The legal basis for processing also exists on the basis of a legitimate interest in processing pursuant to Art. 6 para. (1) c GDPR. We have a legitimate interest in processing your personal data to determine the needs of interested parties, to carry out advertising measures to inform potential interested parties about the product portfolio and to initiate business in order to maintain and expand business activities and thus secure jobs.
    4. The legal basis for processing your personal data may also be based on your consent pursuant to Art. 6 para. (1) a GDPR, insofar as you have given us consent to process your personal data for specific purposes.
     
3. When registering for our newsletter

If you have given your consent in accordance with Art. 6 para. 1 sent. 1 lit. a GDPR, we will use your email address to regularly send you our newsletter. An email address is sufficient to receive the newsletter. You can unsubscribe at any time by, for instance, using the link at the end of each newsletter. Another option is to submit your unsubscribe request to info [AT] hit-holz [DOT] de by email.

4. When using our contact form

If you have any questions, we offer you the opportunity to contact us via a form provided on our website. A valid email address is required for us to know from whom the request originates and for us to be able to answer it. Further information can be provided voluntarily. The data processing for the purpose of contacting us takes place in accordance with Art. 6 para. 1 sent. 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact and inquiry forms will be deleted automatically after the final processing of your request.

5. Contact by email

If you contact us (e.g.via contact form or email), we will store your details for the purpose of processing the request as well as in the event that follow-up questions arise. We only store and use further personal data if you give your consent or if this is permitted by law without special consent.

 

3. Transfer of data

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

  1. you have given your express consent pursuant to Art. 6 para. 1 sent. 1 lit. a GDPR,
  2. the transfer in accordance with Art. 6 para. 1 sent. 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data,
  3. there is a legal obligation for the transfer in accordance with Art. 6 para. 1 sent. 1 lit. c GDPR, and
  4. this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sent. 1 lit. b GDPR.

4. Cookies

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device, do not contain viruses, Trojans or other malware. Information is stored in the cookie, which results in each case in connection with the specifically used terminal device. However, this does not mean that we gain immediate knowledge of your identity. On the one hand, the use of cookies serves the purpose of making the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site. In addition, we also use temporary cookies to optimize the user experience, which are stored on your device for a certain period of time. If you visit our site again to use our services, it is automatically recognized that you have already been on our site and which entries and settings you have made, so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see No. 5). These cookies allow us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time.

For the stated purposes, the data processed by cookies is necessary to protect our legitimate interests as well as those of third parties in accordance with Art. 6 para. 1 sent. 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may result in you not being able to use all the features of our website.

5. Analytics tools

  1. Tracking-Tools

    The tracking measures listed below and used by us are based on Art. 6 para. 1 sent. 1 lit. f GDPR. With the tracking measures used, we want to ensure a demand-oriented design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

    The respective data processing purposes and data categories can be found in the corresponding tracking tools.

    1. Google Analytics
          • Browser type/version,
          • Operating system used,
          • Referrer URL (the previously visited page),
          • Host name of the accessing computer (IP address),
          • Time of the server request,

      is transmitted to a Google server in the USA and stored there. This information is used to assess usage of the website, to compile reports about website activities, and to perform other services connected with website and Internet usage for the purposes of market research and designing these Internet sites to meet our users’ requirements. This information may also be passed on to third parties in cases where this is mandated by law, or where third parties are contracted to process this data. Under no circumstances will your IP address be merged with other Google data. IP addresses are anonymized so that it is not possible to identify them (IP masking).

      You can prevent cookies from being stored using the appropriate settings in your browser software. Please note, however, that in this case, you may not always be able to use the full range of features on this website. In addition, you can prevent the data recorded by the cookie and data associated with your use of the website (including your IP address) from being transmitted to and processed by Google by downloading and installing the browser plug-in available via this link: (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set that prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=en).

    2. Google Adwords Conversion Tracking

      In order to statistically record the use of our website and evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. Google Adwords will set a cookie (see No. 4) on your computer if you have reached our website via a Google ad.

      These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.

      Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information with which users can be personally identified.

      If you do not want to participate in the tracking process, you can block the use of cookies which would be required for tracking, for example via a browser setting that universally disables the automatic use of cookies. You can also disable the cookies for conversion tracking by configuring your browser so that cookies from the domain “www.googleadservices.com” will be blocked. Google’s privacy policy for conversion tracking can be found here (https://services.google.com/sitestats/en.html).

6. Social Media Plug-ins

On our website, we use social media plug-ins for the social networks Facebook and Twitter on the basis of Art. 6 para. 1 sent. 1 lit. f GDPR to raise the profile of our company. The underlying advertising purpose must be regarded as a legitimate interest within the meaning of the GDPR. The relevant provider is responsible for operating the network in compliance with data protection legislation. We integrate these plug-ins by means of the two-click method to give visitors to our website optimum privacy.

  1. Facebook

Social media plug-ins of Facebook are used on our website to make the use of our website more personal. For this purpose, we use the “LIKE” or “SHARE” button. This is a service provided by Facebook.
When you call up a page of our website that contains such a plug-in, your browser establishes a direct connection with Facebook’s servers. The content of the plug-in is transmitted directly to your browser by Facebook and incorporated into the website by Facebook. By means of the incorporation of the plug-ins, Facebook is informed that your browser has accessed the corresponding page of our web presence, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a server of Facebook in the USA and saved there.
If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Facebook may use this information for the purpose of advertising, market research and a demand-oriented design of Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook.

If you do not want Facebook to associate the data collected via our website with your Facebook account, you must log out of Facebook before visiting our website.

For information on the purpose and scope of data collection and the further processing and use of the data by Facebook as well as on your rights in this regard and setting options for the protection of your privacy, please refer to Facebook’s privacy policy (https://www.facebook.com/about/privacy/).

2. Twitter

Plug-ins of the short message network Twitter Inc. (Twitter) have been integrated on our website. You can recognize the Twitter plug-ins (Tweet button) by the Twitter logo on our site. You can find an overview of the Tweet button here (https://about.twitter.com/resources/buttons). When you visit a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server in the USA. Twitter is thereby notified that you have visited our website with your IP address. If you click the Tweet button while logged in to your Twitter account, you can link the content of our site to your Twitter profile. This allows Twitter to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the site, have no knowledge of the content of the transmitted data or its use by Twitter.

If you do not want Twitter to be able to associate your visit to our site, please log out of your Twitter user account.

For more information, please refer to Twitter’s privacy policy (https://twitter.com/privacy).

3. Instagram

Our website uses so-called social plug-ins (“plug-ins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are marked with an Instagram logo in the form of a camera. When you visit our website, your browser establishes a direct connection to the servers of Instagram. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the page. By means of this integration, Instagram receives the information that your browser has called up the corresponding page, even if you do not have an Instagram profile or are not currently logged in.

This information (including your IP address) is transmitted by your browser directly to a server of Instagram in the USA and saved there. If you are logged in to Instagram, Instagram can directly associate your visit to our website to your Instagram account. If you interact with the plug-ins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Instagram server and stored there.

The information is also published on your Instagram account and displayed there to your contacts.

If you do not want Instagram to directly associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website.

For more information, please refer to the Instagram’s privacy policy (https://help.instagram.com/155833707900388).

4. XING Plug-in

Our website uses features of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
A connection to XING servers will be established every time one of our pages containing XING features is accessed. According to the information available to us no personal data is stored. In particular, no IP addresses are stored and no usage behaviour is evaluated.
Further information about data protection and the XING Share button can be found in the XING privacy policy at https://www.xing.com/app/share?op=data_protection.

5. LinkedIn Plug-in

Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time you access one of our pages that contains LinkedIn features, a connection to LinkedIn servers is established. LinkedIn will be notified that you have visited our sites using your IP address. If you click on LinkedIn’s “Recommend Button” and are logged into your LinkedIn account, LinkedIn will be able to trace your visit to our site back to you and your account. We would like to point out that we, as the provider of these pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
The use of the LinkedIn plug-in is based on Art. 6 para. 1 lit. f GDPR. The operator of the website has a legitimate interest in being as visible as possible on social media.
For further information on this subject, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

6. YouTube

Our website uses plug-ins of the YouTube platform, which is operated by Google. The provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plug-in, a connection to the YouTube servers is established. Here, the YouTube server is informed about which of our pages you have visited.
If you are logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in an effort to present our online content in an appealing manner. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

7. Google Maps

Via an API, this website uses the mapping service Google Maps. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Enabling the use of the Google Maps features requires that your IP address be stored. As a rule, this information is transmitted to one of Google’s servers in the United States, where it is stored. The operator of this website has no control over the data transfer.
We use Google Maps in an effort to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
For more information on the handling of user data, please review Google’s privacy policy at: https://www.google.de/intl/de/policies/privacy/.

7. Rights of the data subject

You have the right:

  1. under Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;
  2. under Art. 16 GDPR, to immediately request the correction of incorrect personal data concerning you and the completion of incomplete personal data;
  3. under Art. 17 GDPR, to request the deletion of your personal data, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
  4. under Art. 18 GDPR, to obtain restriction of processing of your personal data if the accuracy of the personal data is contested by you, if the processing is unlawful and you object to the erasure of the personal data, if we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims or if you have objected to processing pursuant to Art. 21 GDPR;
  5. under Art. 20 GDPR, to receive your personal data, which you have provided us, in a structured, commonly used and machine-readable format or request that this data be transmitted to another controller;
  6. under Art. 7 para. 3 GDPR, to revoke your previously granted consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future, and gives you the right,
  7. under Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you may turn to the supervisory authority with jurisdiction at your place of residence or employment or at your company headquarters.

8. Right of objection

If your personal data is based on legitimate interests in accordance with Art. 6 para. 1 sent. 1 lit. f GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data, insofar as there are reasons for this arising from your particular situation or if the objection is directed against direct advertising. In the latter case you have a general right to object, which we shall implement without the statement of a particular situation.

If you would like to exercise your right of revocation or objection, an email to info [AT] hit-holz [DOT] de will suffice.

9. Data security

We use the most common SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

10. Up-to-date status and amendment of this data privacy policy

This data privacy policy is currently valid and was last updated on October 1, 2020. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may be necessary to amend this data privacy policy. You can access and print out the current data privacy policy at any time on our website at https://www.hit-holz.de/datenschutzerklaerung.html.