Data protection

Data protection declaration website
Information on data protection for customers or interested parties

Data protection declaration website

Thank you for your interest in our website as well as your interest in our company. In order to make you feel safe, the protection of your personal data is important to us. In compliance with the applicable data protection law, we would therefore like to inform you when and how we store and use data.

Controller within the meaning of data protection law:

Hoffmann GmbH, Dino Zorge, Tannenbergstr. 131, 73230 Kirchheim unter Teck,
E-Mail: compliance@hofftech.com, Phone +49 7021 95010-11

Contact details of the data protection officer:

datenschutzbeauftragter@datenschutzexperte.de
PROLIANCE GmbH, Dominik Fünkner, Leopoldstr. 21, 80802 München

1. Definitions

In principle, our data protection declaration should be simple and understandable for everyone. For this reason, our data protection declaration generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

2. Access to and storage of information in terminal equipment

By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.

In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 para. 1 s. 1, para. 2 no. 2 TTDSG.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.

3. Web Hosting

This website is hosted by an external service provider (hoster). This website is hosted in Frankfurt. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website.

We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR.

We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.

4. Server-Logfiles

Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server:

  • Date and time of the request and the time zone
  • Content of the request and website from which it comes
  • Web browser used including language and version as well as operating system used
  • Access status / http status code
  • (Full) IP address of the requesting computer
  • Transmitted amount of data

We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The log files are processed for the purpose of evaluating system security and stability as well as for administrative purposes.  The log files serve to evaluate system security and stability as well as administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to prevent attempts to attack our web server, these logfiles are stored by us and rotated within 7 days. A storage of this data together with other personal data of the user, a comparison with other databases or a transfer to third parties does not take place at any time.

5. Data Transfer and Recipients

Your personal data is not transferred to third parties, unless we have explicitly pointed this out in the description of the respective data processing.

  • you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
  • there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.

6. Cookies

We use so-called cookies for our Gummi-Kompass®. Cookies serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted after closing the browser. Other cookies remain stored on your end device until you delete them or the storage period expires. These cookies enable us to recognize your browser the next time you visit our website.

In some cases, cookies are used to simplify website processes by saving settings (e.g. the provision of already selected options). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

You can configure your browser in such a way that you are informed about the settings of cookies and only allow cookies in individual cases, excluding the acceptance of cookies for certain cases or in general deactivating cookies and activating the automatic deletion of cookies when closing the browser. The cookie settings can be managed using the following links for the respective browser. If you do not accept cookies, the Gummi-Kompass® will have functional limitations.

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647
Safari: https://www.apple.com/legal/privacy/data/en/safari/
Opera: http://help.opera.com/Windows/10.20/de/cookies.html

Essential cookies

Name Description
Name PHPSESSID
Provider PHP
Purpose The PHPSESSID cookie is native to PHP and enables websites to store serialized state data. On the Action website, it is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie.
Cookie Name PHPSESSID
Cookie duration Session
Name Description
Name Gummi-Kompass
Provider owner of this website
Purpose Saves the selection in the Gummi-Kompass.
Privacy policy https://www.hofftech.com/en/contact/privacy-protection/
Host(s) www.hofftech.com
Cookie Name activeElmentsCount, rotationValue, items, kaelteActive, kaelteflexibel, dauerActive, dauereinsatz
Cookie duration Session
Name Description
Name Customer satisfaction
Provider owner of this website
Purpose Saves the state of the customer satisfaction display.
Privacy policy https://www.hofftech.com/en/contact/privacy-protection/
Host(s) www.hofftech.com
Cookie Name hoffmann_cs
Cookie duration Session

7. Newsletter

“If you would like to receive the newsletter offered on the website with regular information about our offers and products, we need your e-mail address as a mandatory entry. Additional data is provided in order to be able to address you personally in the newsletter and / or to identify you if you want to make use of your rights as a data subject.

For sending the newsletter, we use the so-called double-opt-in procedure. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you agree to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive newsletters in the future. With the confirmation, you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR, that we may use your personal data for the purpose of the desired newsletter dispatch.

When registering for the newsletter, we store, in addition to the e-mail address required for the dispatch, the IP address you used to subscribe to the newsletter and the date and time of registration and confirmation in order to prevent possible misuse to understand later.

You can unsubscribe from the newsletter at any time via the link in every newsletter or an e-mail to the controller mentioned above. After cancellation, your e-mail address will be deleted immediately from our newsletter distribution, as far as you have not expressly consented to a continued use of the collected data or the continued processing is otherwise permitted by law.

Our e-mail newsletter is sent via the technical service provider rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg, Germany (“rapidmail”), to whom we transfer the data provided when you subscribed for the newsletter. This disclosure is based on Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system. To subscribe to the newsletter, it is sufficient for you to enter your e-mail address. Optionally, we ask you to enter a name in the newsletter for the purpose of addressing you personally. The data you enter for the newsletter subscription will be stored on rapidmail’s servers in Germany.

rapidmail uses this information to send and statistically evaluate the newsletter on our behalf. For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. This enables us to determine whether a newsletter message has been opened and which links have been clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Technical information is also recorded (e.g. time of access, IP address, browser type and operating system). The data is collected exclusively under a pseudonym and is not linked to other personal data of you, a direct personal reference is excluded. This data is used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the data subjects.

If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

We have concluded an order processing agreement with rapidmail in which we oblige rapidmail to protect the data of our customers and not to transfer it to third parties.

You can view rapidmail’s data protection declaration here: https://www.rapidmail.de/datenschutz.”

8. etracker

The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user’s device. etracker cookies do not contain any information that could identify a user.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.

Further information on data protection with etracker can be found here.

9. Rights of the data subject

In the following section you will find information on the rights of data subjects which are granted to you by the current data protection laws regarding the controller of the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint with a supervisory authority, the source of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information regarding their details.

The right to immediately request the correction of incorrect or complete personal data stored by us in accordance with Art. 16 GDPR.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.

The right to data portability, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller.

Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state in which we have our registered office or, if applicable, that of your usual place of residence or work.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis besides consent. The withdrawal of the consent shall not affect the legality of the processing carried out based on the consent until the withdrawal;

Right of objection

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object on grounds relating to your particular situation at any time to processing of personal data concerning you in accordance with Art. 21 GDPR. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have the right to object without the requirement to indicate a special situation. If you wish to exercise your right of withdrawal or objection or any of your other rights, simply send an e-mail to compliance@hofftech.com.

Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Storage period

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

Necessity of providing personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.

Subject to change

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Status of this privacy policy: 27.05.2024

Information on data protection for customers or interested parties

In accordance with the provisions of Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you of the processing of the personal data collected about you and your rights under data protection law in this regard. Which data is processed in detail and how it is used depends largely on the requested or agreed services. In order to ensure that you are fully informed about the processing of your personal data within the framework of the performance of a contract or the implementation of pre-contractual measures, please take note of the following information.

1. Controller in the sense of the data protection right

Hoffmann GmbH
Dino Zorge
Tannenbergstr. 131
73230 Kirchheim unter Teck
Phone + 49 7021 95010-0
compliance@hofftech.com

2. Contact details of our data protection office

PROLIANCE GmbH
Dominik Fünkner
Leopoldstr. 21
80802 München
datenschutzbeauftragter@datenschutzexperte.de

3. Purposes and legal basis of the processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR)and the Federal Data Protection Act (Subsequently referred to as BDSG 2018), insofar as these are necessary for the establishment, execution and performance of a contract and for the implementation of pre-contractual measures. If the disclosure of personal data is necessary for the initiation or execution of a contractual relationship or in the context of the execution of pre-contractual measures, processing in accordance with Art. 6 Para. 1 lit. b DSGVO is lawful.

If you give us your express consent to process personal data for specific purposes (e.g. disclosure to third parties, evaluation for marketing purposes or advertising), the lawfulness of this processing is given on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO. Any consent given may be withdrawn at any time with effect for the future (see section 9 of this data protection information).

If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfil legal obligations in accordance with Art. 6 Para. 1 lit. c DSGVO. In addition, processing may be carried out to safeguard legitimate interests of us or third parties in accordance with Art. 6 Para. 1 lit. f DSGVO. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.

4. Categories of personal data

We process only such data which are connected with the contract initiation or the pre-contractual measures. This can be general data about your person or persons of your company (name, address, contact data etc.) as well as further data, if necessary, which you transmit to us in the context of the initiation of the contract.

5. Sources of data

We process personal data which we receive from you within the framework of establishing contact or a contractual relationship or within the framework of pre-contractual measures or which you provide via our website and/or internet portal.

6. Recipient of the personal data

We pass on your personal data within our company exclusively to those areas and persons who need this data to fulfil their contractual and legal obligations or to implement our legitimate interest.

We may transfer your personal data to companies affiliated with us to the extent permitted by the purposes and legal bases set out in Section 3 of this Data Protection Information Sheet. Data will otherwise only be passed on to recipients outside the company if this is permitted or required by law, if it is necessary for the processing of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example:

  • Public bodies and institutions (e.g. public prosecutor’s office, police, supervisory authorities, tax office) where there is a legal or official obligation,
  • Recipients to whom the transfer is directly necessary for the purpose of establishing or performing the contract, such as transport service providers,
  • Other data recipients for whom you have given us your consent for data transmission

7. Transfer to a third country

Personal data will only be transferred to countries outside the EEA (European Economic Area) or to an international organization if this is necessary for the performance of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent. Recipients in these cases may include for example customers, suppliers and logistics service providers as well as public authorities and institutions such as customs.

8. Storage period

If necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This also includes the initiation and execution of a contract.

In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code (HGB) and the Fiscal Code (AO). The periods prescribed there for storage and documentation are between two and ten years.

Finally, the storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB) can generally be three years, but in certain cases also up to thirty years.

9. Your rights

Every data subject has the right of access pursuant to Art. 15 DSGVO, the right to rectification pursuant to Art. 16 DSGVO, the right to erasure pursuant to Art. 17 DSGVO, the right to restriction of processing pursuant to Art. 18 DSGVO, the right to notification pursuant to Art. 19 DSGVO and the right to data portability pursuant to Art. 20 DSGVO.

In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 DSGVO if you are of the opinion that the processing of your personal data is not lawful. The right to lodge a complaint with shall be without prejudice to any other administrative or judicial remedy.

If the processing of data takes place based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 DSGVO. Please note that the withdrawal will only take effect in the future. Processing that took place before the revocation is not affected by this. Please also note that we may need to retain certain data for a period of time to comply with legal requirements (see Section 8 of this information sheet).

Right to object

If your personal data is processed in accordance with Art. 6 para. 1 lit. f DSGVO in order to safeguard legitimate interests, you have the right, pursuant to Art. 21 DSGVO, to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can prove compelling reasons for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve the assertion, exercise or defense of legal claims.

In individual cases we process your personal data in order to operate direct advertising. You have the right to object at any time to the processing for the purpose of such advertising. This also applies to profiling in so far as it is related to this direct marketing. If you object to the processing for the purpose of direct advertising, we will not process your personal data further for these purposes. Please feel free to contact us to protect your rights.

10. Necessity of providing personal data

The provision of personal data for the purpose of establishing and implementing a contract. The fulfilment of the contract or the implementation of pre-contractual measures is generally neither prescribed by law nor by contract. You are therefore not obliged to provide personal data. Please note, however, that these are usually required for the decision on the conclusion of a contract, the fulfilment of a contract or for pre-contractual measures. If you do not provide us with any personal data, we may not be able to make a decision within the framework of contractual measures. We recommend that you only provide personal data that is necessary for the conclusion of the contract, the performance of the contract or pre-contractual measures.

11. Automated decision-making

In principle, we do not use fully automated decision-making pursuant to Art. 22 DSGVO for the establishment, performance or execution of the business relationship or for pre-contractual measures. Should we use these procedures in individual cases, we will inform you of this separately or obtain your consent if this is required by law.

Status of this data protection declaration: 27.05.2024