Data Privacy Declaration
§1 Information on the collection of personal data and provider identification
(1) In the following, we inform you about the collection of personal data during your use of this website.
(2) The company HASCO can be contacted as follows:
Name: HASCO Hasenclever GmbH + Co KG
Address: Römerweg 4, 58513 Lüdenscheid, Deutschland
Tel./Fax: +49 2351 957 - 0
§ 2 Definitions
HASCO Hasenclever GmbH + CO KG's Data Privacy Declaration is based on terms used by the European Directives and Regulations in the General Data Protection Regulation (GDPR). We wish for our Data Privacy Declaration to be easy to read and understand for both the public and our customers and trade partners. In order to ensure this, we would like to explain some of the terms used.
In this Data Privacy Declaration, we use, among others, the following terms:
- personal data
Personal data is all information related to an identified or identifiable individual (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- data subject
Data subject refers to every identified or identifiable person whose personal data is processed by the party responsible for processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- restriction of processing
Processing restriction is the marking of stored personal data with the aim of limiting their processing in the future.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
- controller or processing controller
Controller or processing controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient refers to a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- third party
Third party refers to a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
§ 3 Your rights with regard to your data
You are entitled, at any time, to request that your profile and personal data we have stored be erased. However, for legal (e.g. fiscal) reasons, we must store and archive your data even after erasing your profile. This data is, however, no longer available for any use. All data that we are not legally required to save is immediately erased by us once you request this. You may request information about the data we have stored about you at any time. Your rights in detail:
- Right to confirmation
According to the European Directives and Regulations, every data subject has the right to request confirmation from the processing controller as to whether the personal data related to him or her is being processed. If a data subject wishes to exercise this right to confirmation, they can contact us and our employees using the aforementioned contact details at any time.
- Right of access
Every person affected by the processing of personal data has the right protected by the European Directives and Regulations to access at any time and for free to the personal data stored about him or her and to receive copy of this information from the processing controller. Furthermore, the European Directives and Regulations entitles the data subject to the following information:
- the purposes of the processing
- the categories of personal data concerned
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
- the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Article 22 paragraphs 1 and 4 of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Furthermore, the affected person has a right to information on whether their personal data has been transferred to a third country or an international organisation. If this is the case, the data subject incidentally shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to exercise this right of access, they may contact us or our employees using the aforementioned contact details at any time.
- Right to rectification
Every person affected by the processing of personal data has the right protected by the European Directives and Regulations to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, the data subject shall have the right to, taking into account the purposes of the processing, have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to correction, they may contact us or our employees using the aforementioned contact details at any time.
Right to erasure (right to be forgotten)
Every person affected by the processing of personal data has the right protected by the European Directives and Regulations to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies and the processing is not necessary.
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6 para. 1, or point (a) of Article 9 para. 2 of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21 para. 1 and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 para. 2 of the GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8 para. 1 of the GDPR.
If one of the above reasons applies and a data subject wishes to have the personal data that is stored at HASCO Hasenclever GmbH + Co KG erased, they may contact us or our employees using the aforementioned contact details at any time. The data protection officer or another employee will ensure the erasure is carried out immediately.
If the personal data has been made public by HASCO Hasenclever GmbH + Co KG, and if our company is the controller for the erasure of the personal data according to Art. 17 para. 1 of the GDPR, HASCO Hasenclever GmbH + Co KG is thereby obliged, taking into consideration the available technology and the implementation costs, to take appropriate measures - including technical measures - to inform other controllers which are processing the published personal data that the data subject has requested these processing controllers delete all links to the personal data, as well as copies or replications of the personal data, insofar as the processing is not necessary. The employees at HASCO Hasenclever GmbH + Co KG will carry out the necessary actions in individual cases.
- Right to restriction of processing
Every person affected by the processing of personal data has the right protected by the European Directives and Regulations to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to processing pursuant to Article 21 para. 1 of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the above requirements applies and a data subject wishes to request the restriction of the personal data that is stored at HASCO Hasenclever GmbH + Co KG, they may contact us or our employees about this using the aforementioned contact details at any time. The employees at HASCO Hasencelever GmbH + Co KG will carry out the restriction of processing immediately.
- Right to data portability
Every person affected by the processing of personal data has the right protected by the European Directives and Regulations to receive the personal data concerning him or her from the controller in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to which the data was provided, as long as as the processing is based on consent pursuant to point (a) of Article (a) of Article 6 para. 1, or point 9 para. 2 of the GDPR or on a contract according to point (b) of Article 6 para. 1 of the GDPR and the processing occurs automatically if the processing is not necessary for the perception of a task that is in the public interest or is performed as an exercise of public power assigned to the controller.
Furthermore, the data subject can, when exercising their right to data portability according to Article 20 para. 1 of the GDPR, request that the personal data be transmitted directly from one controller to another, insofar as this is technically possible and the rights and freedoms of other persons are not thereby affected.
If the data subject wishes to exercise their right to data portability, they may contact us or our employees using the aforementioned contact details at any time.
- Right to object
Every person affected by the processing of personal data has the right protected by the European Directives and Regulations to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6. This also applies for profiling based on those provisions.
In case of an objection, HASCO Hasenclever GmbH + Co KG will no longer process personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
If HASCO Hasenclever GmbH + Co KG is processing personal data in order for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This includes profiling to the extent that it is related to such direct marketing. If the data subject appeals to HASCO Hasenclever GmbH + Co KG against the processing for direct marketing purposes, HASCO Hasenclever GmbH + Co KG will no longer process the personal data for these purposes.
In order to exercise their right to object, the data subject may contact us or our employees using the aforementioned contact details at any time. Furthermore, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
- Automated individual decision-making, including profiling
Every person affected by the processing of personal data has the right protected by the European Directives and Regulations not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or performance of, a contract between the data subject and a data controller or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or (3) is based on the data subject's explicit consent.
If the decision (1) is necessary for entering into or performance of a contract between the data subject and the controller or (2) takes place with the explicit consent of the data subject, HASCO Hasenclever GmbH + Co KG shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to assert their rights with regard to automated decision, they may contact us or our employees using the aforementioned contact details at any time.
- Right to withdraw consent to data privacy
Every person affected by the processing of personal data has the right protected by the European Directives and Regulations to withdraw a statement of consent to processing of personal data at any time.
If the data subject wishes to exercise their right of withdrawal of a legal statement of consent, they may contact us or our employees using the aforementioned contact details at any time.
§ 4 Data security
We deploy up-to-date technical measures to guarantee data security and, in particular, to protect your personal data from risks during data transmission and to prevent third parties from gaining access to it. These measures are updated as necessary to correspond to the current state of the technology.
We take the security of your personal data very seriously. When obtaining your sensitive data in the purchasing process, SSL (Secure Socket Layer) technology is used. We use the generally accepted industry standards to secure sensitive data and protect it from unauthorised access or unlawful use.
§ 5 Collection of personal data during use for information purposes
(1) If you are using the website solely to obtain information, i.e. if you have not logged in, registered or otherwise conveyed information to us, we do not collect any data, with the exception of the data sent to us by your browser to enable you to visit the website. These are:
– IP address
– Date and time of request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– Volume of data transmitted
– Website issuing the request
– Operating system and its interface
– Language and version of browser software.
(2) Cookies are also stored on your computer when you use the website. Cookies are small text files that are stored on your hard drive and are assigned to the browser you are using, and through which certain information flows to the party placing the cookies (to us, in this case). Cookies cannot execute programs or transmit viruses to your computer. Their purpose is to make an internet service more user-friendly and efficient overall.
– transient cookies (temporary use)
– persistent cookies (time-limited use)
– [third-party cookies (from third-party providers)]
– [flash cookies (permanent use)].
b) Transient cookies are deleted automatically when you close the browser. These particularly include session cookies. Session cookies store a so-called session ID that can be used to allocate different requests from your browser during the shared session. In this way, your computer can be recognised again when you return to the website. The session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a pre-specified time, which can differ according to the cookie. You can delete the cookies at any time in your browser's security settings.
d) You can configure your browser setting as you require and refuse to accept third-party cookies or, indeed, any cookies at all, for example. You should, however, be aware that this may prevent you from using all the functions of this website.
e) The flash cookies used are not captured by your browser but by your flash plug-in. Flash plug-ins save the necessary data independently of the browser and do not have an automatic expiry date. If you do not wish the flash cookies to be processed, you must install the corresponding add-on, such as "Better Privacy" for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or Adobe Flash Killer Cookie for Google Chrome.]
[(3) This stored information is saved separately from any other data submitted to us. The cookie data, in particular, is not associated with your other data.]
§ 6 Use of our web shop for business customers
Our web shop is intended solely for use by business customers. To be able to order items, you must first set up a customer account in which your data is saved for future purchases. The mandatory details required for processing the contracts are specially marked. Other details are voluntary. When you set up an account, the data you specify for that purpose will be stored, but can be retracted.
(1) Personal data
If you decide to buy through our website, we only collect the following, necessary personal data:
Company name, buyer first name and surname, billing and delivery address, telephone number, email address and necessary payment details. This data is saved electronically. The data that we collect is necessary to perform our services. All other data that may be requested is disclosed voluntarily.
(2) Registering for a user account
You can create a customer account in the HASCO Customer Portal. We collect and save the following data for this:
Username, company, buyer first name and surname, billing and delivery address, email address and password. You can then buy through the HASCO Portal with your username (your E-mail address) and personal password without having to re-enter your personal details for every purchase.
(3) Completion and processing of purchase contracts, transfer of your data
It is necessary for the buying and selling processes that we collect and save personal data such as contact information, postal addresses and payment details and, in the case of the delivery address, disclose them to the carrier or delivery service. Your personal data is not intended for transfer to third parties for advertising purposes.
Any use of your personal data beyond the above mentioned purpose will only be done with your express prior consent. Only if HASCO Hasenvclever GmbH + Co KG is obliged to provide information about your personal data due to a judicial or official decision will your personal data be disclosed in line with the legal regulations or judicial/official decision.
(4) Voluntary personal data
If we request the voluntary provision of personal data, you will be explicitly made aware of the voluntary nature of the request. Therefore, you do not have to disclose the data and may ignore the request. If you voluntarily share your personal data with us, for example for surveys, competitions etc., this data is saved electronically and handled strictly confidentially. This data is only used for in-house purposes, for example to improve our service. With your previous explicit consent, the data may be used for in-house advertising purposes. Your data will not be disclosed to third parties.
(5) Your email address
Your email address is also personal data. Therefore, it is also only used for the purpose for which you supplied it to us. i.e. the entire buying process and, if necessary, to establish contact for organisational reasons. We will only use your email address for in-house advertising purposes with your express, prior consent.
(6) Downloading CAD libraries
When CAD libraries are downloaded, the following information is stored:
- Date plus time
- Customer number
- User’s ID / e-mail address
- Name of data package
The data is stored for purposes of legitimisation, since the databases are only available to customers. It is additionally stored in order to track and evaluate the frequency of use of the databases. The use and storage of the data is based on our legitimate interest as per Art. 6 Para. 1 f GDPR. Our interest lies in acquiring knowledge of the demand so that we can review the continued provision of the database service.
We are entitled to use and store data under the terms of Art. 6 Para. 1 b GDPR since this is necessary for fulfilment of the contract.
§ 7 Newsletter
(1) We employ the double opt-in method for subscribing to our Newsletter. This means that when you enter your email address, we send an email to that address asking you to confirm that you wish to receive the Newsletter. If you confirm that you wish to receive the Newsletter, we store your email address until you unsubscribe from the Newsletter. Your address is stored solely for the purpose of sending the Newsletter to you. In addition, when you subscribe and confirm your subscription, we save your IP addresses and the time so as to prevent any abuse of your personal data.
(2) The personal data is used solely for personalising the Newsletter. This data is also deleted in its entirety when you unsubscribe.
(3) You can unsubscribe from the Newsletter at any time. To unsubscribe, you can click on the link provided in each Newsletter email, send an email to firstname.lastname@example.org or send notification to the contact details set out in the Imprint. The data you enter will not be passed on to third parties.
(4) Please note that, when we send out the Newsletter, we evaluate your user behaviour. For this evaluation, the emails we send out contain so-called web-beacons, which are also known as tracking pixels. These are single-pixel image files that link to our website and enable us to analyse user behaviour. This is done by capturing the data set out in Paragraph (4) and using web-beacons that are allocated to your email address and associated with a unique ID. Using the data obtained in this way, we compile a user profile so that we can provide you with a Newsletter tailored to your interests. We record the time at which you read our Newsletter and the links you click on in it and, from this, derive your personal interests. We link this data to your actions on our website. You can object to this tracking at any time by clicking on the separate link provided in each email or by notifying us via the contact channels set out in Paragraph (3). Tracking of this type is also not possible if you have deactivated the display of pictures as the default in your email program. In this case, however, the Newsletter will not be displayed in full and you may not be able to use all the functions. If you have displayed the pictures displayed, the above-mentioned tracking function will be switched on.
§ 8 Routine erasure and blocking of personal data
The processing controller will process and store personal data of the data subject for only as long as it is necessary to achieve the purpose of the storing, or as long as expected by the European Directives and Regulations, or another regulator in laws or regulations with which the processing controller must comply. If the purpose of the saving ceases to be relevant or if a deadline set by the European Directives and Regulations or another responsible regulator is exceeded, the personal data is routinely blocked or erased according to the statutory regulations.
§ 9 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site.
When visiting the internet site of HASCO Hasenclever GmbH + Co KG, you have agreed to the use of Google Analytics as follows:
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymisation, Google will truncate/anonymise the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to and shortened by Google servers in the USA. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google.
Turning off Google Analytics
Furthermore, you can prevent Google from collecting data generated by cookies and related to your use of the website (incl. your IP address), as well as processing said data by downloading and installing the browser plug-in available under the following link: (http://tools.google.com/dlpage/gaoptout?hl=de).
More information on this can be found under http://tools.google.com/dlpage/gaoptout?hl=de or under http://www.google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data privacy).
We remind you that Google Analytics has been extended on this website with the code "gat._anonymize();" in order to guarantee anonymised recording of IP addresses (so-called "IP masking").
Use of Google Tag Manager:
Google Tag Manager is a solution that marketers can use to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain, and no personal data is collected. It is used to trigger other tags which, under certain circumstances, could collect personal data. Google Tag Manager does not access this data. If a deactivation has been performed at the domain or cookie level, this will apply to all tracking tags implemented with Google Tag Manager.
§ 10 Integration of the services of third parties
Our website uses plug-ins for the YouTube page operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plug-in, a connection is established to the YouTube servers. The YouTube server is informed of which of our web pages you have visited.
If you are logged into your YouTube account, you enable YouTube to allocate your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
§ 11 Data protection officer
You can contact our data protection officer as follows:
Michaela Dötsch, Lawyer
Tel. +49 2351 66597-0