1. Responsible body
- Responsible body
The responsible body for the collection, processing and use of your personal data within the meaning of the GDPR is:
HIT Holzindustrie Torgau GmbH & Co. KG
The data protection officer of the controller is:
RFS IT GmbH
Depotstraße 5 ½
Email: info [AT] rfs-it [DOT] de
2. Collection and storage of personal data as well as type and purpose of its use
- When visiting the website
When you visit our website www.hit-holz.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which access is made (referrer URL),
- Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The data mentioned will be processed by us for the following purposes:
- Ensuring a smooth connection to the website,
- Ensuring comfortable use of our website,
- Evaluating system security and stability as well as
- other administrative purposes.
2. Customer acquisition, customer administration and order processing
In the course of customer acquisition, customer administration and order processing, we process personal data in addition to company-related data. The protection of your personal data is of particular concern to us. Your personal data is therefore processed exclusively on the basis of the legal provisions of the European General Data Protection Regulation and in accordance with the applicable country-specific data protection regulations. With the following transparency declaration, we inform you about the most important aspects of the data processing of your personal data in our company.
The following categories of personal data are processed by us:
- Company master data and contact data
- Contact person and contact details
- Product interest
- Offer documents
- Order data
- Contract documents
- User data (user names, access data)
- Billing data
- Payment data
- Bank details
- Comparable data
The personal data originates from the following source:
The personal data stored by us originates – on the one hand – from direct collection through contact on your part with our company, where you provide us with your data in the context of an inquiry, order placement, order processing, invoicing, etc.
The data stored by us may furthermore originate from industry directories or publicly accessible directories.
Moreover, the aforementioned data stored by us may originate from surveys of sales partners who provide us with the aforementioned data if you are interested in the product.
The data mentioned will be processed by us for the following purposes:
- Customer administration
- Order processing and handling
- Customer acquisition
- Inquiry processing
- Offer preparation
- Contacting for contract fulfilment
Duration for which we will store you personal data:
Your data will only be stored and processed for the purposes stated above. As soon as the purpose ceases to exist, your personal data will be deleted immediately, provided that there are no retention obligations to the contrary. If your personal data is processed for another purpose, we will inform you immediately about this change of purpose.
The processing of your personal data takes place on the following legal basis:
- Customer administration
- The legal basis for processing your personal data pursuant to Art. 6 para. (1) b consists in the performance of a contract (order processing, order handling, etc.) or pursuant to Art. 6 para. (1) b in the performance of pre-contractual measures (e.g. transmission of offers).
- The legal basis for processing also exists on the basis of a legitimate interest in processing pursuant to Art. 6 para. (1) c GDPR. We have a legitimate interest in processing your personal data to determine the needs of interested parties, to carry out advertising measures to inform potential interested parties about the product portfolio and to initiate business in order to maintain and expand business activities and thus secure jobs.
- The legal basis for processing your personal data may also be based on your consent pursuant to Art. 6 para. (1) a GDPR, insofar as you have given us consent to process your personal data for specific purposes.
If you have given your consent in accordance with Art. 6 para. 1 sent. 1 lit. a GDPR, we will use your email address to regularly send you our newsletter. An email address is sufficient to receive the newsletter. You can unsubscribe at any time by, for instance, using the link at the end of each newsletter. Another option is to submit your unsubscribe request to info [AT] hit-holz [DOT] de by email.
4. When using our contact form
If you have any questions, we offer you the opportunity to contact us via a form provided on our website. A valid email address is required for us to know from whom the request originates and for us to be able to answer it. Further information can be provided voluntarily. The data processing for the purpose of contacting us takes place in accordance with Art. 6 para. 1 sent. 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data collected by us for the use of the contact and inquiry forms will be deleted automatically after the final processing of your request.
5. Contact by email
If you contact us (e.g.via contact form or email), we will store your details for the purpose of processing the request as well as in the event that follow-up questions arise. We only store and use further personal data if you give your consent or if this is permitted by law without special consent.
3. Transfer of data
Your personal data will not be transmitted to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties if:
- you have given your express consent pursuant to Art. 6 para. 1 sent. 1 lit. a GDPR,
- the transfer in accordance with Art. 6 para. 1 sent. 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data,
- there is a legal obligation for the transfer in accordance with Art. 6 para. 1 sent. 1 lit. c GDPR, and
- this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sent. 1 lit. b GDPR.
For the stated purposes, the data processed by cookies is necessary to protect our legitimate interests as well as those of third parties in accordance with Art. 6 para. 1 sent. 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may result in you not being able to use all the features of our website.
5. Analytics tools
The tracking measures listed below and used by us are based on Art. 6 para. 1 sent. 1 lit. f GDPR. With the tracking measures used, we want to ensure a demand-oriented design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
- Google Analytics
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
is transmitted to a Google server in the USA and stored there. This information is used to assess usage of the website, to compile reports about website activities, and to perform other services connected with website and Internet usage for the purposes of market research and designing these Internet sites to meet our users’ requirements. This information may also be passed on to third parties in cases where this is mandated by law, or where third parties are contracted to process this data. Under no circumstances will your IP address be merged with other Google data. IP addresses are anonymized so that it is not possible to identify them (IP masking).
You can prevent cookies from being stored using the appropriate settings in your browser software. Please note, however, that in this case, you may not always be able to use the full range of features on this website. In addition, you can prevent the data recorded by the cookie and data associated with your use of the website (including your IP address) from being transmitted to and processed by Google by downloading and installing the browser plug-in available via this link: (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on this link. An opt-out cookie will be set that prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found in the Google Analytics help (https://support.google.com/analytics/answer/6004245?hl=en).
- Google Adwords Conversion Tracking
In order to statistically record the use of our website and evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. Google Adwords will set a cookie (see No. 4) on your computer if you have reached our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information with which users can be personally identified.
- Google Analytics
6. Social Media Plug-ins
On our website, we use social media plug-ins for the social networks Facebook and Twitter on the basis of Art. 6 para. 1 sent. 1 lit. f GDPR to raise the profile of our company. The underlying advertising purpose must be regarded as a legitimate interest within the meaning of the GDPR. The relevant provider is responsible for operating the network in compliance with data protection legislation. We integrate these plug-ins by means of the two-click method to give visitors to our website optimum privacy.
Social media plug-ins of Facebook are used on our website to make the use of our website more personal. For this purpose, we use the “LIKE” or “SHARE” button. This is a service provided by Facebook.
When you call up a page of our website that contains such a plug-in, your browser establishes a direct connection with Facebook’s servers. The content of the plug-in is transmitted directly to your browser by Facebook and incorporated into the website by Facebook. By means of the incorporation of the plug-ins, Facebook is informed that your browser has accessed the corresponding page of our web presence, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a server of Facebook in the USA and saved there.
If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Facebook may use this information for the purpose of advertising, market research and a demand-oriented design of Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to the use of Facebook.
If you do not want Facebook to associate the data collected via our website with your Facebook account, you must log out of Facebook before visiting our website.
Plug-ins of the short message network Twitter Inc. (Twitter) have been integrated on our website. You can recognize the Twitter plug-ins (Tweet button) by the Twitter logo on our site. You can find an overview of the Tweet button here (https://about.twitter.com/resources/buttons). When you visit a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server in the USA. Twitter is thereby notified that you have visited our website with your IP address. If you click the Tweet button while logged in to your Twitter account, you can link the content of our site to your Twitter profile. This allows Twitter to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the site, have no knowledge of the content of the transmitted data or its use by Twitter.
If you do not want Twitter to be able to associate your visit to our site, please log out of your Twitter user account.
Our website uses so-called social plug-ins (“plug-ins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plug-ins are marked with an Instagram logo in the form of a camera. When you visit our website, your browser establishes a direct connection to the servers of Instagram. The content of the plug-in is transmitted by Instagram directly to your browser and integrated into the page. By means of this integration, Instagram receives the information that your browser has called up the corresponding page, even if you do not have an Instagram profile or are not currently logged in.
This information (including your IP address) is transmitted by your browser directly to a server of Instagram in the USA and saved there. If you are logged in to Instagram, Instagram can directly associate your visit to our website to your Instagram account. If you interact with the plug-ins, for example by pressing the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Instagram server and stored there.
The information is also published on your Instagram account and displayed there to your contacts.
If you do not want Instagram to directly associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website.
4. XING Plug-in
Our website uses features of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
A connection to XING servers will be established every time one of our pages containing XING features is accessed. According to the information available to us no personal data is stored. In particular, no IP addresses are stored and no usage behaviour is evaluated.
5. LinkedIn Plug-in
Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time you access one of our pages that contains LinkedIn features, a connection to LinkedIn servers is established. LinkedIn will be notified that you have visited our sites using your IP address. If you click on LinkedIn’s “Recommend Button” and are logged into your LinkedIn account, LinkedIn will be able to trace your visit to our site back to you and your account. We would like to point out that we, as the provider of these pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
The use of the LinkedIn plug-in is based on Art. 6 para. 1 lit. f GDPR. The operator of the website has a legitimate interest in being as visible as possible on social media.
Our website uses plug-ins of the YouTube platform, which is operated by Google. The provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plug-in, a connection to the YouTube servers is established. Here, the YouTube server is informed about which of our pages you have visited.
If you are logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
7. Google Maps
Via an API, this website uses the mapping service Google Maps. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Enabling the use of the Google Maps features requires that your IP address be stored. As a rule, this information is transmitted to one of Google’s servers in the United States, where it is stored. The operator of this website has no control over the data transfer.
We use Google Maps in an effort to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
7. Rights of the data subject
You have the right:
- under Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;
- under Art. 16 GDPR, to immediately request the correction of incorrect personal data concerning you and the completion of incomplete personal data;
- under Art. 17 GDPR, to request the deletion of your personal data, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
- under Art. 18 GDPR, to obtain restriction of processing of your personal data if the accuracy of the personal data is contested by you, if the processing is unlawful and you object to the erasure of the personal data, if we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims or if you have objected to processing pursuant to Art. 21 GDPR;
- under Art. 20 GDPR, to receive your personal data, which you have provided us, in a structured, commonly used and machine-readable format or request that this data be transmitted to another controller;
- under Art. 7 para. 3 GDPR, to revoke your previously granted consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future, and gives you the right,
- under Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you may turn to the supervisory authority with jurisdiction at your place of residence or employment or at your company headquarters.
8. Right of objection
If your personal data is based on legitimate interests in accordance with Art. 6 para. 1 sent. 1 lit. f GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data, insofar as there are reasons for this arising from your particular situation or if the objection is directed against direct advertising. In the latter case you have a general right to object, which we shall implement without the statement of a particular situation.
If you would like to exercise your right of revocation or objection, an email to info [AT] hit-holz [DOT] de will suffice.
9. Data security
We use the most common SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.