1. Controller This website and range of services are operated by HENKEL Beiz- und Elektropoliertechnik GmbH & Co. KG An der Autobahn 12 19306 Neustadt-Glewe, Germany Tel.: + 49 (0) 3857 66-0 E-mail: firstname.lastname@example.org Website: www.henkel-epol.com Managing Directors: Mr Benedikt Henkel (Dipl.-Ing.), Mr Sven Wentzien (Dipl.-Ing.) (hereinafter referred to as ‘HENKEL’).
2. General Our website has been developed with a view to collecting as little data as possible from you. Essentially, you can visit our website without giving personal data. The processing of personal data is only necessary once you decide to use specific services (for example, use the contact form). We always ensure that your personal data is only processed on a legal basis or based on your consent. We comply with the provisions in the General Data Protection Regulation (GDPR) applicable since 25 May 2018 and the respective applicable national regulations, such as the German Data Protection Act, the German Telemedia Act and other specific data protection laws.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
4. Consent In some instances we collect particular personal data from you when you visit our website for which we need your consent. This is the case for example if you send us a message via our contact form.
5. Purpose and legal basis for processing personal data
If your personal data is processed for the purposes indicated with your consent, such processing is based on Article 6 (1) (a) GDPR. We process personal data, which is necessary for the establishment, implementation or execution of our range of services, on the legal basis set out in Article 6 (1) (b) GDPR. Personal data, which is required to protect our legitimate interests, is processed in accordance with Article 6 (1) (f) GDPR. Insofar as we use external service providers for data processing, personal data is processed on the legal basis set out in Article 28 GDPR. Personal data is collected, processed and used by us solely for the following purposes:
Purpose of data processing
6. Personal data collected and processed We only collect and process your personal data if you make such data available voluntarily and knowingly, for example by completing forms or sending e-mails. In the context of the form provided, in the first instance, such data is as follows:
General contact details:
White paper subscription:
Compulsory fields are denoted with an asterisk*
The personal data you provide and their content remain exclusively in our possession or with our associated companies. Your data is only stored and processed for the purposes indicated in Section 5. Use over and above the purpose indicated shall require your explicit consent. The same also applies to the transfer and transmission of your data to third parties.
7. General log files The connection details of the requesting computer (IP address), the pages of our website that you visit, the date and duration of your visit, identification data of the browser and operating system used, the website from which you navigate to our website as well as successful access are stored temporarily in log files by the web server. Technical administration of the website and anonymous statistical surveys enable us to evaluate access to the HENKEL service and to perform evaluations with the aim of increasing the protection and security of data in our company ultimately to ensure an optimum level of protection for the personal data we process.
The data in server log files are stored separately from all the personal data you provide.
Subject to any statutory storage obligations, we delete or anonymise your IP address once you leave our Website.
What are cookies? Cookies are small text files that are stored on your data carrier and save specific settings and data for exchange with our system via your browser. Cookies generally contain the name of the domain from which the cookie data has been sent as well as information about the age of the cookie and an alphanumerical identifier.
We work with third-party services which support us in making our online offering and website more attractive to you. Consequently, when you visit our website, cookies from these partner companies (third-party providers) are also saved on your computer hard drive. These are cookies that are deleted automatically after a predefined period.
A list of cookies that we use is provided in the following table:
9. Application procedure If you apply for a job at HENKEL electronically, your details will only be used to process your application and will not be passed on to third parties. Please note that applications sent to HENKEL by e-mail are transmitted in unencrypted format. In this respect there is a risk that this data may be intercepted and used by unauthorised parties.
10. Newsletter If you subscribe to our e-mail newsletter, HENKEL requires your e-mail address to which the newsletter should be sent. Any other information is voluntary and will be used to address you personally, design the newsletter with you in mind and resolve any queries regarding the e-mail address.
A valid e-mail address is required in order to receive the newsletter. The IP address you use to subscribe to our newsletter and the date on which you request our newsletter will also be saved. HENKEL uses these data as evidence in the event of misuse, if a third-party e-mail address is used to subscribe to our newsletter. Moreover, we use the ‘double opt-in process’ to ensure that e-mail addresses are not added fraudulently to HENKEL mailing lists by third parties. In this process, you will receive a confirmation e-mail at the e-mail address provided after you have signed up for the newsletter. Only once you have confirmed your subscription by clicking on the link provided in the confirmation e-mail will you subsequently receive our e-mail newsletter. Your request to receive our newsletter, the dispatch of a confirmation e-mail and receipt of your subscription confirmation are logged as part of this process.
You have the option at any time to withdraw your consent with future effect to the storage of data, your e-mail address and its use to send out the newsletter. HENKEL provides an unsubscribe link in every newsletter. You also have the option to notify your wish to withdraw your consent in writing using the addresses given above.
11. White papers We periodically provide white papers about our services and products on our website. You are able to subscribe on our website to receive these. The personal data that we collect will be used only for transmission of the white papers and interesting information about our products. The collection and processing is based on the consent you give us. The consent to receive promotional emails can be revoked at any time on our website at: Unsubscribe Cancel promotional emails. Your data will not be transmitted without your authorisation or outside the group of companies. It will not be transmitted to non-member countries.
12. Integration of services and third-party content Our website uses content and services from other providers. For example, maps are made available by Google Maps. In order that these data can be retrieved and displayed in the user’s browser, transmission of the IP address is absolutely essential. The providers (hereinafter referred to as ‘third-party providers’) therefore note the IP address of the respective user.
Even though we endeavour to only use third-party providers which require IP addresses simply to deliver content, we have no influence on whether IP addresses may be stored. In this case, such action serves statistical purposes amongst others. If it comes to our attention that an IP address is stored, we will notify you of this.
Use of DoubleClick Our website uses the online marketing tool DoubleClick by Google. The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
At the same time, cookie IDs also support DoubleClick with recording conversions relating to ad requests. This is the case, for example, if you see a DoubleClick ad and subsequently make a purchase on the advertiser’s website using the same web browser. According to Google, no information referring to individual persons is stored in DoubleClick cookies.
Because of the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and use of the data collected by Google using these tools. As far as we are currently aware, Google learns through DoubleClick which areas of our website you visit or which of our ads you have clicked on. If you are logged into your Google account, Google can assign your visit to our website to this account. Even if you are not logged in, it cannot be ruled out that the provider can identify and save your IP address.
You can monitor, restrict and prevent the setting of cookies using an up-to-date web browser. This will give you the option to object to the tracking process. Disabling cookies may lead to limited functionality of this website.
Google is certified under the EU-US Privacy Shield framework. This data protection framework is designed to ensure compliance with the level of data protection applicable in the EU.
Use of Google Analytics Our website uses functions of the web analysis service Google Analytics. The provider of the web analysis service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses ‘cookies’. These are small text files that are stored on your end device by your web browser and make it possible to analyse website use. Information generated by cookies about your use of our website is transferred to a Google server and stored there. Servers are generally located in the USA.
Google Analytics cookies are set based on Article 6 (1) (f) GDPR. As the operator of this website, we have a legitimate interest in analysing user behaviour in order to optimise our online service and also our advertising where appropriate.
We use Google Analytics in conjunction with the IP anonymisation function. This function ensures that Google abbreviates your IP address within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area before it is sent to the USA. There may be exceptional cases where Google transfers a full IP address to a server in the USA and shortens it there. Google uses this information on our behalf to analyse your use of our website and compile reports on website activities and to provide other services for us associated with website and Internet use. IP addresses sent by Google Analytics are not merged with other Google data.
You can prevent your web browser from setting cookies. However, in this case some functions of our website may be limited. You can also prevent Google from collecting data relating to your use of our website, including your IP address, and from subsequent processing of this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout
[borlabs_cookie_opt_out tracking=”google-analytics” id=”UA-4802622-1″]
Use of Google Maps Our website uses Google Maps to integrate and display map content. The provider of this service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Your IP address is collected when you access a page with an integrated map. This information is generally sent to a Google server in the USA and stored there. Google finds out your IP address even if you are not logged in via a user account. If you are logged into your user account, Google can assign your surfing behaviour directly to your personal profile. You have the option to prevent this by logging out beforehand. The provider of this website has no influence over this transfer of data.
Google Maps is used in the interests of attractive presentation of our online services and making it easy to find the locations indicated on our website. This represents a legitimate interest in accordance with Article 6 (1) (f) GDPR.
13. Data security Unfortunately, transferring information over the Internet is never 100% secure and this is why we cannot guarantee the security of data sent online to our website.
However, we secure our website using technical and organisational measures against loss, destruction, access, modification or dissemination of your data by unauthorised persons.
In particular, your personal data is transferred by us in encrypted format. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) coding system. Our security measures are constantly being improved in
14. Rights of the data subject Insofar as you are a data subject in accordance with Article 4 (1) GDPR, you have the following rights with regard to the processing of your personal data according to the GDPR. The legal wording of the following rights can be found under
Right to confirmation and Information Under the conditions laid down in Article 15 GDPR, you have the right to request confirmation as to whether or not personal data concerning you are being processed and to obtain information at any time free of charge about personal data concerning you that is stored by the controller responsible for processing and to receive a copy of this information.
Right to rectification Under the conditions laid down in Article 16 GDPR, you have the right to request the rectification without undue delay of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure Under the conditions laid down in Article 17 GDPR, you have the right to request the erasure of personal data concerning you without undue delay insofar one of the grounds cited in Article 17 GDPR applies and provided processing is not necessary.
Right to restriction of processing Under the conditions laid down in Article 18 GDPR, you have the right to request the restriction of processing if one of the conditions laid down in Article 18 GDPR applies.
Right to data portability Under the conditions laid down in Article 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us provided the other conditions laid down in Article 20 GDPR apply.
Right to withdraw consent You have the right to withdraw consent given to us to process personal data at any time with future effect. Please indicate your withdrawal using the contact details given above.
Right to object Under the conditions laid down in Article 21 GDPR, you have the right to object at any time to the processing of personal data concerning you. If the conditions for effective objection apply, we may no longer process data.
Right to lodge a complaint with a supervisory authority Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
15. Passing on your personal data Your personal data are passed on as described below.
Our website is hosted by an external provider in Germany. We ensure that data are processed solely in Germany. This is necessary for operation of the website as well as for the establishment, implementation and execution of an existing use agreement and is also possible without your consent.
Data are passed on if we are entitled or obliged to do so based on statutory requirements and/or official or court orders. This may involve in particular the provision of information for the purposes of law enforcement, averting danger or enforcing intellectual property rights.
Insofar as your data are passed on to providers as necessary, these providers only have access to your personal data to the extent necessary for the completion of their tasks. These providers are obliged to handle your personal data in accordance with applicable data protection legislation, in particular the GDPR.
Essentially, we do not transfer your data to third parties over and above the circumstances referred to above without your consent. In particular, we do not pass personal data on to bodies in a third country or to international organisations.
16. Storage period for personal data As far as the storage period is concerned, we delete personal data as soon as their storage is no longer required to fulfil the original purpose and no statutory retention periods are in force. Ultimately, statutory retention periods constitute the criterion for the definitive length of time for which personal data is stored. Data is routinely deleted at the end of the respective period. If retention periods are in force, processing is restricted by blocking data.
Third-party service providers may have their own different regulations regarding the collection, processing and use of personal data. It is therefore advisable to find out the policy of third-party websites regarding the handling of personal data before entering any personal details.
18. Supplement for our social media offering on instagram
HENKEL Beiz- und Elektropoliertechnik GmbH & Co. KG uses the services of Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA for its web presence.
If you use this Instagram page and its features, you do so under your own responsibility. This applies in particular to the use of interactive functions (for example, commenting or rating).
Among other things, Instagram collects your IP address and other information in the form of cookies on your PC. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page.
How Instagram uses the data from visiting Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data and whether data from a visit to the Instagram page is passed on to third parties is not definitively and clearly stated by Instagram and is unknown to us.
When accessing an Instagram page, the IP address assigned to your end device is transmitted to Instagram. According to information from Instagram, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. Instagram also stores information about the end devices of its users (for example as part of the “registration notification” function); Instagram may be able to assign IP addresses to individual users.
If you are currently logged into Instagram as a user, your end device contains a cookie with your Instagram ID. This enables Instagram to understand that you have visited this page and how you have used it. This also applies to all other Instagram pages. Instagram can use buttons integrated into websites to record your visits to these websites and assign them to your Instagram profile. This data can be used to offer content or advertising tailored to you.
If you want to avoid this, you should log out of Instagram or deactivate the “keep me signed in” function, delete the cookies present on your device and close your browser and restart it. This deletes Instagram information that can be used to identify you directly. This allows you to use our Instagram page without disclosing your Instagram ID. If you access interactive features of the page (like, comment, messages and more), an Instagram login screen appears. After you have logged in, you will be recognisable as a specific user for Instagram.
For information on how to manage or delete existing information about you, see the following Instagram Help section.
If you visit one of our social media and Instagram pages, you trigger the processing of your personal data during such a visit. In this case, together with the operator of the respective social network, Instagram is responsible for the data processing operations within the meaning of Article 26 GDPR, insofar as we actually make a joint decision with the operator of the social network on data processing and we also have an influence on data processing. As far as possible, we have concluded joint responsibility agreements with the operators of social networks in accordance with Article 26 GDPR.
Rights of data subjects
Each data subject has the right to information (Art. 15 GDPR). If incorrect personal data is processed, you have the right to rectification (Art. 16 GDPR). If the legal requirements are met, you can request deletion or restriction of processing, object to processing (Art. 17, 18 and 21 GDPR) and, if applicable, have the right to data portability (Art. 20 GDPR). Should you exercise the above rights, HENKEL Beiz- und Elektropoliertechnik GmbH & Co. KG will check whether the legal requirements for this have been met.
You can revoke your consent to the processing of personal data at any time with future effect.
Furthermore, there is a right of appeal to the State Commissioner for Data Protection and Freedom of Information of Mecklenburg-Western Pomerania.
Further information on Facebook and other social networks and how you can protect your data can also be found at
which is provided by the Rheinland-Pfalz State Commissioner for Data Protection and Freedom of Information.
20. Data Protection Officer We have appointed a data protection officer.
Carolin Leja www.mein-datenschutzbeauftragter.de Hafenstraße 1a 23568 Lübeck, Germany E-mail: datenschutz[at]henkel-epol.com
Date: September 2020