Privacy e Cookie Policy
Privacy Policy of hGears AG
Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, in particular the GDPR and our country-specific implementation laws, which provide comprehensive information about the processing of your personal data by hGears AG and your rights.
Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Anonymous data is available if no personal reference to the individual/user can be made.
Responsible body and data protection officer
Company address | hGears AG Brambach 38 78713 Schramberg |
Company’s contact information | www.hgears.com info@hgears.com Telefon: +49 (7422) 566 0 Fax: +49 (7422) 566 883 |
Contact info of the data protection officer | privacy@hgears.com |
Your rights as a data subject
We would first like to notify you of your rights as a data subject. These rights are set out in Articles 15 - 22 GDPR, and include:
- The right of access (Art. 15 GDPR),
- The right to rectification (Art. 16 GDPR),
- The right to data portability (Art. 20 GDPR),
- The right to object to data processing (Art. 21 GDPR),
- The right to erasure / right to be forgotten (Art. 17 GDPR),
- The right to restriction of data processing (Art. 18 GDPR).
To exercise these rights, please contact: privacy@hgears.com. The same applies if you have any questions regarding data processing in our company or when you withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.
Right to object
Please note the following with respect to your right to object:
When we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without providing the reasons for such objection. This also applies to profiling insofar as it is associated with direct marketing.
If you object to the processing for direct marketing, we will no longer process your personal data for such purposes. The objection is free of charge and can be made informally, where appropriate to: privacy@hgears.com. Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions. We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims. |
Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 GDPR.
We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships, which may include marketing and direct marketing.
Your consent also constitutes a data protection regulation. In this respect, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.
Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.
Data transfers / Disclosure to third parties
We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).
Data recipients / categories of recipients
In our organization, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorized to handle personal data.
In many cases, service providers assist our specialist departments to fulfil their tasks. The necessary data protection contract has been concluded with all service providers (e.g. IT- Services.).
Transfers of personal data to third countries
A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if required by law or if you have provided your consent for such a transfer.
We do not transfer your personal data to any service provider or group company outside the European Economic Area.
Period of data storage
We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.
We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is 3 years.
We implement the appropriate technical and organizational security measures to ensure the optimal protection of the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.
The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website, and always use the current encryption protocols. In addition, we offer our users content encryption in our contact forms and applications. We alone can decrypt this data. It is also possible to use alternative communication channels (e.g. surface mail).
Obligation to provide data
A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our website and the various functions we provide.
We have summarized the relevant details in the above point. In some cases, legal regulations require data to be collected or made available. Please note that it will not be possible to process your request or execute the underlying contractual obligation without this information.
Data categories, sources and origin of data
The data we process is defined by the relevant context: it depends on whether, for example, you place an order online, enter a request on our contact form or if you want to send us an application or submit a complaint.
We collect and process the following data when you visit our website:
- Name of the Internet service provider
- Web browser and operating system used
- Information on the website from which you visited us
- The IP address by your allocated Internet service provider
- Files accessed, volume of data transferred, downloads/file export
- Information on websites accessed on our site, including date and time
For reasons of technical security (in particular to safeguard against attempts to attack of our web server), this data is stored in accordance with Art. 6 para. 1 lit f GDPR. Anonymization takes place no later than after seven days by abbreviating the IP address so that no reference is made to the user.
We collect and process the following data as part of a contact request:
- Last name, first name
- Contact information
- Company
- Production site
- Information on wishes and interests
We collect and process the following data as part of online applications:
- Last name, first name
- Production site (if applicable)
- Contact information
- Curriculum vitae
Automated decisions in individual cases
We do not use purely automated processing to make decisions.
Cookies (Art. 6 para. 1 S. 1 lit. f) GDPR, Art. 6 para. 1 S. 1 lit a) GDPR)
Our websites use cookies on various pages. Their purpose is to enhance our product and services, as well as to make our site more user friendly, more secure and simply better. Cookies are small files that are saved on your computer and in your browser (locally on your hard drive). Within the scope of our legitimate interest (Art. 6 para. 1 S. 1(f) GDPR) we utilize cookies that are technically necessary for the running of the website and to secure its functionality. Depending on the purpose, these are permanently stored—even after the session has ended— (persistent cookies, e.g. opt out) or are deleted when the browser closes (so-called session cookies that are only valid for one browser session).
With your consent, we also use other cookies. These cookies help us to see how users use our website, enabling us to design the website content according to the visitor’s needs. In addition, cookies enable us to measure the effectiveness of a particular advert and to place it according, for example, to the user’s thematic interests. The legal basis for this is your consent (Art. 6 para. 1 S. 1(a) GDPR).
If you have given your consent, it can be revoked at the beginning of this policy at any time without providing a reason.
Of course, you can also deactivate, restrict or delete cookies on your device manually using the settings of your browser or by using software.
Please note: If you deactivate cookies, not all functions of our website may be fully usable under certain circumstances.
Creation of user profiles or the use of cookies which are not purely functional (Art. 6 para. 1 S. 1(a) / Art. 6 para. 1 S. 1(f) GDPR)
Google Analytics (Art. 6 para. 1 lit. a) GDPR)
We use the Google Analytics tool provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland on our website. This tool enables us to analyze and systematically evaluate your user-interactions on our website.
To do so, the following information is stored:
- IP address
- Usage data
- Click path
- App updates
- Browser Informationen
- Device information
- JavaScript support
- Visited sites
- Referrer URL
- Downloads
- Flash version
- Location information
- Purchasing activity
- Widget interactions
- Date and time of visit
The legal basis for the processing of your personal data is your consent in accordance with Art. 6 para. 1 S. 1(a) GDPR. You may revoke your consent at any time at the beginning of this policy.
The purpose of processing your personal data by the Google Analytics service is to analyse the interaction of our website visitors with our website. By analysing the data collected, we can optimise our offerings and improve user-friendliness. We delete or anonymize data collected with Google Analytics as soon as they are no longer required for our purposes. This will be the case after 26 months.
This service can forward the data to another country. Please note that this service can transfer data outside of the European Union / European Economic Area to a third country, which does not offer a suitable level of data protection. If transferred to the USA, there is a risk that your data will be processed by US authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. However, we take all possible and necessary measures in accordance with Art. 44 et seqq. GDPR to establish a level of data protection in the third country.
Vimeo Platform (Art. 6 para. 1 lit. a) GDPR)
Vimeo content is integrated through the use of a JavaScript tag. By simply inserting a code provided by Vimeo into the website’s code, content is displayed and its layout loaded from the Vimeo servers.
In order to play Vimeo content, we need your consent (Art. 6 para. 1a) GDPR), which you can give via the button in the respective section of the video. By clicking on “Accept”, you consent to your IP address being transferred to Vimeo (Vimeo, LLC555 West 18th Street New York, NY 10011 United States) and to the provider storing cookies in your browser. Once given, your consent may be revoked at any time at the beginning of this policy.
Social media links
You’ll find links to social media services from Facebook, YouTube and LinkedIn on our website. Links to the webpages of these social media providers are recognizable by the respective company logo. When you click on the links, you will be forwarded to the presence of hGears AG on the corresponding social media platform. Clicking on these links creates a connection to the social media providers’ servers, which then receive the information that you have visited our website. Additional data are also being transferred to the social media service, for example:
- Address of the website where the activated link is located
- Date and time of your visit to the website or link activation
- Information about the browser and operating system used
- IP address
If you are already logged in to the social media site at the time the link is activated, the provider may be able to determine your user name and possibly even your real name from the data transferred and assign this information to your personal user account. To prevent this from happening, please make sure you are logged out of your account.
The social media providers’ servers are located in the USA and other countries outside of the European Union. For this reason, data can also be processed by the social media provider in countries outside of the European Union. Please be aware that business in these countries are not subject to the same strict levels of data protection as those who are member states of the European Union.
Please also be aware that we have no influence on the scope, type and purpose of data processing carried out by these social media providers. Further information about the use of your data by the social media platforms embedded on our website can be found in the Privacy Policies of the respective social media provider.
Contact form / Contact via email (Art. 6 para. 1 lit a, b GDPR)
A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the data you submitted in the contact form to respond to your queries and requests.
In so doing, we respect the principle of data minimization and data avoidance, such that you only have to provide the information we require to contact you, which is your email address and the message field itself. Your IP address will also be processed for technical reasons and for legal protection. All other data is voluntary, and additional fields are optional (e.g. to provide a more detailed response to your questions).
We have implemented appropriate security measures to ensure that your data remain safe and confidential at all times. All information submitted via the contact form is transferred to us encrypted.
If you contact us by e-mail, we will process the personal data provided solely for the purpose of processing your enquiry.
Marketing purposes (Art 6 para. 1 lit f GDPR)
hGears AG is keen to nurture the customer relationship with you and to send you information and offers about our product / services. We therefore process your data to send you the relevant information and offers via email.
You may object to the use of your personal data for the purpose of direct marketing at any time; this also applies to profiling insofar as it is associated with direct marketing. If you object, we will cease processing your personal information for this purpose. You can withdraw your consent at any time free of charge and informally without stating the reasons for such and should be sent via email to privacy@hgears.com. |
Application portal (Art. 6 para. 1 lit a, b GDPR)
Thank you for your interest in the activities of our hGears AG. We are aware of the importance of your data and process the personal data you provide on the application form solely for the purposes of the effective and correct execution of the application process and for contacting you during the application process. We shall not disclose data to third parties without your consent.
As part of the application form you will be asked to provide personal information. In so doing, we respect the principle of data minimization and data avoidance, such that you only have to provide the information we require to carry out a review your application documents, e.g.: your curriculum vitae or if we are legally obliged to collect such information. The mandatory fields are marked with a (*). Your IP address will also be processed for technical reasons and for legal protection.
We cannot review your application documents without this data, so in this case our application system will not allow us to upload the application documents. You can, of course, submit voluntary information on the application form.
We implement the appropriate security measures to ensure the optimum protection of your data. Your application documents will be encrypted and transmitted to us through our application system.
We store your data for the above purpose until the application process has been completed and the relevant deadlines have expired, which will be no later than six months after receipt of a decision.
Online offers for children
Persons under the age of 16 may not submit personal data to us or give a declaration of consent without the authorization of their legal guardian. We encourage parents and guardians to actively participate in the online activities and interests of their children.
Links to other providers
Our website also contains clearly identifiable links to the Internet sites of other companies. Although we provide links to websites of other providers, we have no influence on their content, and no guarantee or liability can therefore be assumed for such. The content of these pages is always the responsibility of the respective provider or operator of the pages.
The linked pages were checked at the time of linking for potential legal violations and identifiable infringements. No illegal content was identified at the time of linking. However, a permanent content control of the linked pages is not reasonable without concrete evidence of an infringement and, upon notification of a violation of rights, such links will be promptly removed.