The following information is about the collection of personal data when using our website. Personal data is any data that refers to you personally, e.g. name, address, e-mail addresses, user behaviour, IP address.
I. Name and address of the controller
The controller according to Art. 4 (7) EU General Data Protection Regulation (GDPR) and other member states’ national data protection laws as well as other data protection regulations is the:
H&H Communication Lab GmbH
Tel.: +49 731 932 84-15
II. Name and address of the data protection officer
The controller’s data protection officer is:
Tel.: 0731 8023688
III. General information about data processing
1. Scope of personal data processing
In principle, we collect and use our users’ personal data only to the extent necessary for the provision of a functional website and our content and services. The collection and use of our users’ personal data takes place regularly only with the user’s consent. Exceptions apply to cases where prior consent cannot be reasonably obtained and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the data subject’s consent to process personal data, Art. 6 (1) lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This shall also apply to processing operations necessary to carry out pre-contractual measures. Insofar as processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 (1) lit.d GDPR serves as the legal basis.
If the processing is necessary to safeguard the legitimate interests of our company or a third party, and the data subject’s interests, fundamental rights and fundamental freedoms do not outweigh the former’s interest, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.
3. Data erasure and storage duration
The data subject’s personal data will be erased or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if provided for by the European or national legislator in EU regulations, laws or other rules to which the controller is subject. Blocking or erasure of the data also takes place when a storage period prescribed by said standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
4. Use of service providers in the context of the website
In some instances we use external service providers to process your data on our website. These providers were carefully selected and commissioned by us. They are bound by our policies and are regularly inspected. A transfer of data to countries outside the EU or the EEA (so-called third countries) does not take place.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the calling host’s computer system. For merely informative use of the website, we only collect the personal data that your browser transmits to our server. The following data will be collected:
This data is automatically collected and pseudonymised in the background:
Tracking data about the origin site from which you came to our website.
Length of stay
We record the duration of your visit by evaluating start time, end time and network activity time.
In addition to the temporary session IDs, which can be assigned to your visit across several subpages, session data also includes the duration of the session.
In addition to the loading times of pictures and the website as a whole, as well as the time taken to load the website fully, the website length is transmitted.
If available, we store information about the area code, city, country, longitude, latitude and time zone of your visit.
The data is also stored in our system’s log files. The user’s IP addresses or other data that allows the data to be assigned to a user are not affected by this. This data is not stored with the user’s other personal data.
2. Legal basis for data processing
Legal basis for the temporary storage of data is Art. 6 (1) lit. f GDPR.
3. Purpose of data processing
The system must temporarily store the IP address to enable the website to be delivered to the user’s computer. To do this, the user’s IP address must be kept for the duration of the session.
For these purposes, our legitimate interest in data processing is in accordance with Art. 6 (1) lit. f GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. If data is being collected in order to provide the website, it will be deleted when the respective session has ended.
5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is essential for the website’s operation. There is therefore no possibility of objection on the part of the user.
V. The data subject’s rights
Every data subject has the right of access under Article 15 of the GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. With regard to the access and erasure rights, the restrictions under §§ 34 and 35 of the German Federal Data Protection Act (BDSG) apply. In addition, there is a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).
You may withdraw your consent to our processing of personal data at any time. This also applies to the withdrawal of declarations of consent that were given to us before the validity of the EU General Data Protection Regulation, i.e. before 25 May 2018. Please note that the withdrawal only has effect for the future. Processing that occurred before the withdrawal is not affected. The objection does not require a form and should be addressed to the controller.