We very much appreciate your interest in our company. Data protection is a particularly high priority for the management of NHP Hanse Distribution GmbH.
In operating our website, www.hanse-distribution.com (hereinafter referred to as the “Website”), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws – in particular, the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG – new).
We use our data protection provisions to inform you about which personal data we collect from you, for what purposes and on what legal basis we use it, and, if necessary, to whom we disclose it. In addition, we will explain to you what rights you have in regards to protecting and enforcing the protection of your data.
2. NAME AND ADDRESS OF THE DATA CONTROLLER/DATA PROTECTION OFFICER
The Data Controller within the meaning of the General Data Protection Regulation, other data protection laws that apply in the Member States of the European Union, and other provisions that relate to data protection regulation is:
Any data subject can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.
We mostly use only so-called “session cookies”. These are automatically deleted when you end your Internet session and close the browser. Other cookies remain stored on your end device for a longer period and enable partner companies to recognise your browser or computer (persistent cookies).
The information and offers on our Website can be optimised in the interests of the user using a cookie. As already mentioned, cookies enable us to recognise the users of our Website. The purpose of this recognition is to make it easier for users to use our Website.
Processing is necessary to safeguard the overriding legitimate interests of the Data Controller (Art. 6 (1) f GDPR).
4. COLLECTION OF GENERAL DATA AND INFORMATION
Each time the Website is accessed, we automatically collect information that your browser transmits to our server. This is also stored in the so-called log files of our system. It includes the following data:
- Your IP address
- The browser software you are using, as well as its version and language
- The operating system you are using
- The website from which you came to our Website (the so-called referrer)
- The subpages you have accessed on our Website
- The date and time you accessed our Website
- The country and place from which you visited our Website
It is necessary for our system to temporarily store a user’s IP address in order to be able to deliver our Website to the end device of that user. To do this, the IP address of the user must be stored for the duration of the session. However, your IP address is not recorded in our log files.
The processing is carried out to enable the Website to be accessed and to ensure its stability and security. In addition, the processing is used for statistical evaluation and to improve our online offering.
Processing is necessary to safeguard the overriding legitimate interests of the Data Controller (Art. 6 (1) f GDPR). Our legitimate interest lies in the aforementioned purpose.
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the event that the data was collected in order to provide the Website, it will be deleted once the session in question ends. The log files are deleted after 30 days.
5. DATA PROTECTION REGULATIONS REGARDING THE DEPLOYMENT AND USE OF GOOGLE WEBFONTS
Our Website uses “Google Webfonts”, a font replacement service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). With Google Webfonts, the standard fonts on your device are replaced with fonts from the Google catalogue when our Website is displayed. If your browser prevents the integration of Google Webfonts, the text on our Website will be displayed in the standard fonts of your end device. The Google fonts are loaded directly from a Google server. In order for this to happen, your browser sends a request to a Google server. This means that your IP address may also be transmitted to Google in conjunction with the address of our Website. However, Google Webfonts does not store cookies on your device. According to Google, data that is processed as part of the Google Webfonts service is transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. It is not associated with data that may be associated with the use of other Google services, such as the Google search engine or Gmail. You can find more information on data protection relating to Google Webfonts at https://developers.google.com/fonts/faq?hl=de-DE&csw=1. General information on data protection at Google is available at http://www.google.com/intl/de-DE/policies/privacy/.
The purpose of the processing is to be able to show you the text of our Website in a more readable and aesthetically appealing way.
The legal basis is that the processing is necessary to safeguard the overriding legitimate interests of the Data Controller (Art. 6 (1) f GDPR). Our legitimate interest lies in the aforementioned purpose.
Using Google Webfonts may cause personal data to be transmitted to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield: Further information on the EU-US Privacy Shield can be found at https://www.privacyshield.gov/EU-US-Framework.
6. DURATION FOR WHICH THE PERSONAL DATA WILL BE STORED
The criterion used to determine the period of retention of personal data is the relevant statutory retention period. After this period expires, the corresponding data will be routinely deleted if it is no longer required to fulfil any contract or for initiating a contract.
7. RIGHTS OF THE DATA SUBJECT
As data subject, you have the following rights in relation to the processing of data by our company, as described above:
- Right of access (Art. 15 GDPR): you have the right to request confirmation from us as to whether we process personal data relating to you. If this is the case, you have a right to access information about this personal data, as well as to the further information listed in Art. 15 GDPR, under the conditions specified in Art. 15 GDPR.
- Right to rectification (Art. 16 GDPR): you have the right to demand that we correct any incorrect personal data relating to you and, if necessary, complete any incomplete personal data without delay.
- Right to erasure (Art. 17 GDPR): you also have the right to demand that we delete your personal data immediately if one of the reasons specifically listed in Art. 17 GDPR applies, e.g., if your data is no longer required for the purposes we pursue.
- Right to restriction of data processing (Art. 18 GDPR): you have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR is met; e.g., if you dispute the accuracy of your personal data, the data processing will be restricted for the duration that enables us to check the accuracy of your data.
- Right to data portability (Art. 20 GDPR): you have the right, under the conditions set out in Art. 20 GDPR, to demand the surrender of the data concerning you in a structured, commonly used and machine-readable format.
- Right to revoke consent (Art. 7 3 GDPR): you have the right to revoke your consent at any time for processing that is based on consent. The revocation will apply from the time of its assertion. In other words, it has effect for the future. The revocation of consent does not, therefore, retrospectively make the processing illegal.
- Right to complain (Art. 77 GDPR): if you are of the opinion that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may exercise this right before a supervisory authority in the EU member state in which you reside, in which you have your place of work, or where the suspected infringement took place.
- Prohibition of automated decisions/profiling (Art. 22 GDPR): decisions that have legal consequences for you or which significantly affect you may not be based solely on automated processing of personal data – including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
- Right to object (Art. 21 GDPR): if we process personal data from you on the basis of Art. 6 (1) f GDPR (to safeguard overriding legitimate interests), you have the right to object to this under the conditions set out in Art. 21 GDPR. However, this only applies if there are reasons that arise due to your particular situation. Following an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for its processing that outweigh your interests, rights and freedoms. We also do not have to stop processing if it serves to assert, exercise or defend legal claims. In any case – regardless of any particular situation – you have the right to object at any time to the processing of your personal data for the purpose of direct advertising.