Privacy PolicyWe take data protection seriously

GENERAL INFORMATION

 (1) In the following, we inform about the collection of personal data when using our website, as in accordance with Art. 13 of the EU General Data Protection Regulation (EU-GDPR). Personal data are all data that are personally identifiable to you, e.g. name, address, e-mail addresses, user behavior.

 

 (2) The person responsible in accordance with Art. 4(7) EU-GDPR is: 

HOLMER Maschinenbau GmbH
Regensburger Straße 20
84069 Schierling/Eggmühl
GERMANY
TEL.: +49 (0) 94 51/93 03-0
FAX: +49 (0) 94 51/93 03-31 32 00
info(at)holmer-maschinenbau.com 

 

You can contact our Data Protection officer at:

Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH

Eifelstraße 55

93057 Regensburg 

kontakt(at)buglundkollegen.de

 

(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6(1) lit. f EU-GDPR. If your contacting is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6(1) lit. b EU-GDPR. We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.

 

(4) If we make use of contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also specify the defined criteria for the storage period.

Your rights

 (1) You have the following rights towards us regarding your personal data:

  • Right to information
  • Right to correction or deletion
  • Right to limitation of processing
  • Right of opposition to the processing
  • Right to data transferabilitncy

 

(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

The responsible supervisory authority can be found in the following list:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Machine data

We record and store telemetry data of our machines for: 

 

  • Service purposes
  • Development purposes
  • Data analytics and provision of services
  • Marketing purposes
  • Statistics
  • Distribution purposes

 

Support of standard business processes at HOLMER Data management and processing is carried out by our business partner BOSCH (order data management). 

 

No personal data will be recorded and stored by our machines.

Hosting

(1) The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services which we use for the purpose of operating this online service.

 

(2) Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service pursuant to Art. 6(1) lit. f EU-GDPR in connection with Art. 28 EU-GDPR (conclusion of an order processing contract).

Collection of personal data when visiting our website

1) When using the website for information purposes only, i.e., if you do not register or provide us with information in any other way, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to ensure stability and security:

 

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • The amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

 

We collect and store this data for a limited time on the basis of our legitimate interest in order to induce derivation of personal data in the event of unauthorised access or attempted access to local servers (Art. 6 (1) lit. f EU-GDPR).

 

 

Use of cookies

(1) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). They serve to make the website more user-friendly and effective.

 

(2) We distinguish between two categories of cookies: (a) essential cookies, without which the functionality of our website would be restricted, and (b) optional cookies for website analysis and marketing purposes.

The use of optional cookies is based on your consent (Art. 6(1) lit. a EU-GDPR).

In the following table and the following paragraphs we describe the optional cookies used on this website in detail.

 

 

Use of Matomo

(1) This website uses the Matomo web analysis service to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our service and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6(1) lit. a EU-GDPR.

(2) Cookies are stored on your computer for this evaluation. The information collected in this way is stored exclusively on the controller´s server in Germany.

(3) This website uses Matomo with the extension "AnonymizeIP". This shortens the processing of IP addresses and prevents them from being directly linked to persons. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.

 

(4) The program Matomo is an open source project. Information from the third party provider on data protection can be found at https://matomo.org/privacy-policy/.

 

(5) You can also change the use of cookies by changing your browser software settings or cookie settings

 

 

 

Integration of YouTube videos

(1) We have integrated YouTube videos into our online offer, which are stored on www.YouTube.com and can be played directly from our website. [These are all integrated in the "advanced privacy mode", which means that no data about you as a user will be transferred to YouTube if you do not watch the videos. Only when you start playing the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission.]

 

(2) By visiting the website, YouTube is informed that you have visited the corresponding subpage of our website. In addition, the data mentioned in point IV of this declaration will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data collected by us will be directly assigned to your existing account. If you do not wish to assign to your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them, if necessary, for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right you must contact YouTube directly. The legal basis for the processing of personal data described here is Art. 6(1) lit. a EU-GDPR.

 

(3) Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

 

(4) You may also change the use of cookies by making the appropriate settings in your browser software or in your cookie settings.

 

(5) Further information on the purpose and scope of data collection and processing by the provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

Integration of Google Maps

(1) On this website we use the services of Google Maps. This enables us to display interactive maps directly on the website and enables you to use the map function conveniently. These are integrated in the "extended data protection mode", i.e. no data about you as a user is transferred to Google if you do not call up the maps. Only when you give your consent and retrieve the maps will the data referred to in paragraph 2 be transmitted. We have no influence on this data transfer.

 

(2) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified under point IV of this declaration will be transmitted. This occurs regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and / or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. The legal basis for the processing of personaldata described here is Art. 6(1) lit. a EU-GDPR

 

(3) Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

For further information on the purpose and scope of data collection and processing by the provider, please refer to the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

 

 

Online presences in social media

We maintain online presences within social networks in order to inform active users about our services and, if interested, to communicate directly via the platforms. We are currently represented in the following networks:

 

Xing:  https://www.xing.com/companies/holmermaschinenbaugmbh

Facebook: https://www.facebook.com/HolmerMaschinenbau

Instagram: https://www.instagram.com/holmer_maschinenbau_gmbh/

 

All of our social media channels can only be accessed by visitors to the website via an external link. We do not use any plugins or other interfaces on our website which the respective networks offer for embedding the offers on websites.

We have no influence on the data collection and its further use by the social networks. For example, we do not know to what extent, where or for how long the data will be stored, to what extent the networks will comply with existing deletion obligations, which evaluations and links will be made with the data and to whom the data will be passed on. We therefore expressly draw your attention to the fact that user data (e.g. personal information, IP address) is stored by the network operators in accordance with their data usage guidelines and used for business purposes.

We process the users' data in the social media presences insofar as they contact and communicate with us via, for example, comments or direct messages.

The legal basis for the processing of the user's data is Art. 6(1) lit. b and f EU-GDPR.

 

a) Xing

Within our online offer no functions and contents of the service Xing, offered by the New Work SE, Dammtorstraße 29-32, 20354 Hamburg, Germany, are integrated. The Xing channels can only be reached via an external link.

If the visitors to our website are members of the Xing platform, Xing can assign the call of the social media channel to the user's profile there if the user visits the Xing profile in the logged in state.

We would like to point out that we have no influence on the content or extent of use of the data collected by Xing. For further information, please refer to Xing's privacy policy: https://www.xing.com/app/share?op=data_protection

 

b)  Facebook/ Instagram

You can access the social media network Facebook via external links on our website. All functions in the social media network are offered by Facebook, 4 Grand Canal Square, Dublin 2, Ireland. The Facebook channels can only be accessed via an external link.

If you are logged in to Facebook with your own profile and access our social media channel, Facebook can assign your visit to your logged in profile. If you do not wish your account to be associated with your IP address, please log out of your Facebook account prior to using our website.

 

For further information on the processing of your data, we refer you to the Facebook privacy policy: https://facebook.com/privacy/explanation and to our following data policy "Facebook Fanpage" 

DATA PROTECTION DECLARATION FOR FACEBOOK FANPAGE

HOLMER Maschinenbau GmbH operates an online presence on Facebook and on Instagram – a Facebook and Instagram Fanpage. Please note the following details on data processing when you visit our fanpage. You can find out about data protection on Facebook and with Facebook products in general by visiting this address (https://www.facebook.com/about/privacy/).

 

 

1. General responsibility, contact data, Company’s data protection officer:

We are jointly responsible in conjunction with Facebook for the operation of our Facebook and Instagram fanpage, as laid down by Article 26, GDPR. To this end, we have established an agreement with Facebook about who is to fulfil which obligations when it comes to data protection. The agreement can be downloaded from the following address (https://www.facebook.com/legal/terms/page_controller_addendum).  Accordingly, Facebook is held primarily responsible for providing the data subject with information about joint processing, and for enabling the data subject to exercise his/her data protection rights. And independently of that, we would now like to provide you with some information about your visit to our fanpage.

 

You can find our contact details under the section entitled: “General information in our data protection declaration”

You can reach Facebook on:

Facebook Ireland Ltd.
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Ireland
Online, you can reach Facebook here (https://www.facebook.com/help/contact/2061665240770586)

 

You can contact our Company data protection officer under the section entitled: “General information in our data protection declaration”

 

You can contact Facebook’s data protection officer on
https://www.facebook.com/help/contact/540977946302970.

 

 

2. Logging and storage of personal data, the type and purpose of that data, and its utilisation:

a)     Data logged by Facebook:

If you are a Facebook/Instagram user, then Facebook/Instagram logs the data defined in the Facebook data guideline under “Which types of information do we log?”. If you are not a Facebook/Instagram user, then it may nevertheless arise that cookies – small text files combined with identifiers – come to be stored in your browser, and enable the tracking of your user behaviour.

As a rule, when you visit Facebook/Instagram, Facebook also processes your user data for market research and advertising purposes. User behaviour (also when you visit our fanpage) is also taken as the basis for setting up complex user profiles which may be utilised by Facebook/Instagram in order to present the user with personalised advertisements both on and off Facebook/Instagram.  And you can also find out more details in the Facebook data guidelines.

If you are not in agreement with this, you can decline at this point (opting out).

 

b)     Data which we use (“page insights”) and legal basis:

Facebook/Instagram provides us with statistics and user data on the basis of which we can analyse how our fanpage is used (“page insights”). This enables us to continuously improve what we provide on Facebook. In our capacity as the operator, we do not make any decisions concerning the processing of the insights data and of all other information covered by Article 13, GDPR, such as – for example – how long cookies can be stored on users’ terminals. Under GDPR requirements, the prime responsibility for the processing of insights data rests with Facebook; and Facebook has to fulfil all of the obligations arising from GDPR when it comes to processing the insights data.

In our capacity as the page controller, there is no other way (not even user tracking) for us to analyse user behaviour on our fanpage. Furthermore, it is essentially impossible for us to identify fanpage visitors on the basis of page insights. In particular, we have no right – under the agreement – to require Facebook/Instagram to disclose individual visitors’ data. We can identify visitors only if we are able to attribute individual profile pictures to “like” statements for the page; and then only to the extent that our fanpage has been marked “like” by the corresponding visitor and if the “like” statement is set to “visible”.

Here is where you can find out which information is used by Facebook in order to set up page insights.

The Facebook and Instagram fanpage is operated – and the page insights are used – for our justified interest in having an effective public image and efficient communication with our customers and prospective customers. This interest justifies the operation of the page not only in relation to the justified interests of Facebook/Instagram users, but also in relation to visitors to our fanpage who do not have their own Facebook/Instagram account. The corresponding legal basis for this is to be found in Article 6, paragraph 1, clause f), GDPR.

 

 

3. Forwarding of data to third parties:

Data which is logged by Facebook/Instagram is exchanged and processed within the entire Facebook group.  The applications belonging to the Facebook group include – for example – Instagram, WhatsApp and Oculus. In other words, information logged by Facebook is used in order to provide the user with personalised advertising on Instagram; to take another example: information from WhatsApp is used in order to override – on Facebook – accounts which send spam via Whatsapp. You can find this information in the Facebook data guideline under “How do the Facebook companies collaborate?”.

It may arise, in the course of data processing by Facebook and by Instagram, that user data is transmitted outside of the European Economic Area (EEA), especially to the USA.

 

 

4. Right of objection:

If your personally related data is processed on the basis of justified interests as defined in Article 6, paragraph 1, clause f), GDPR, then you are entitled under Article 21, GDPR, to file an objection against the processing of your personal data if there are any reasons that relate to your particular situation, or if the objection concerns direct advertising. In the latter case, you have a general right of objection which will be applied by ourselves with no need for any particular circumstances to be indicated. If you wish to make use of your right of contestation or objection, then all you have to do is to send an email to marketing(at)holmer-maschinenbau.com.

5. Rights of data subjects:

You have the right to revoke at any time the consent which you have given to us. The consequence of this will be that in the future we are no longer permitted to continue the data processing which had been based on the original consent. Furthermore, you are entitled to be informed, under Article 15, GDPR, you have the right of correction under Article 16, GDPR, and you have the right of erasure under Article 17, GDPR, the right for restriction of processing under Article 18, GDPR and the right for the transmission of data under Article 21, GDPR. Furthermore, there is a right to file an objection with a competent data protection supervisory body (refer Article 77, GDPR).

It is a fundamental rule that you can claim your data subject rights both from Facebook and from ourselves. Because it is only Facebook that has direct access to your user data, the most effective way for you to claim your data subject rights is via Facebook.

In the event of any questions concerning this data protection guideline, you can contact ourselves (or our data protection officer) at any time.

 

 

If you have any questions regarding this data protection notice, you can contact us or our data protection officer at any time.

 

 

 

Whistleblower portal

This information is relevant for whistleblowers who have not opted for anonymous reporting and for those persons concerned who are named in the report.

 

a. Type and purpose of processing

Some personal data may be collected as part of the whistleblower report and the case login. If the whistleblower has not opted for an anonymous report, their personal data will be used to process the case. The personal data of a person concerned who is included in the whistleblower report may also be processed and used to clarify and process the facts of the case. If the whistleblower has submitted a report, they can log in via the case login with a case number and password.

 

b. Legal basis

The provision of the portal and the processing of the case is based on a legal obligation (Art. 6 para. 1 lit. c GDPR).

 

c. Data categories

Whistleblower: {Data categories of whistleblower}

Persons concerned: The information may vary depending on the whistleblower report. Usually at least information on the name.

 

d. Source of the data

Whistleblower

 

e. Recipient

The recipient of the data is the whistleblower ombudsman {external/internal} and BKP Compliant GmbH as the processor.

 

f. Storage periods

Data will only be processed in this context for as long as the relevant purpose exists. It will be deleted after this time, provided that there are no statutory retention obligations to the contrary.

 

g. Legal / contractual requirement

The whistleblower provides personal data on a voluntary basis.

 

h. Transfer to third countries

Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

 

i. Automated decision-making and profiling

As a responsible company, we do not use automated decision-making or profiling for this data processing.

Profiling

(1) In principle, you have the right not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect towards you or significantly affects you in a similar manner. In particular, these decisions may not normally be based on special categories of personal data pursuant to Art. 9(1) EU-GDPR. We do not use any corresponding decision-making processes within the framework of our website and the associated data processing.