Companies of the HKS Group
1. HKS GmbH industrieller Hersteller von Kompensatoren und Schläuchen, Rostock
2. HKS-CZ, s.r.o., Litoměřice
(As of 25 May 2018)
We, the HKS Group of companies (hereinafter “HKS”), appreciate your visiting our website and the interest shown in our company. The privacy/protection of your personal data is an important issue for us and an issue we consider in our business processes. We wish to inform you in the following, pursuant to Articles 12, 13 and 21 of the EU General Data Protection Regulation (GDPR) about our handling of your personal data when using our website www.hks.de (hereinafter “website”).
Personal data are particulars about personal or factual circumstances of a concrete or definable natural person. This data includes information such as real name, address, telephone number, date of birth, payment data and possibly further personal data which may be required for the business transaction.
I. Parties responsible
HKS GmbH - industrieller Hersteller von Kompensatoren und Schläuchen -
Telephone: +49 (0) 381 865 160-0
Fax: +49 (0) 381 865 160-60
412 01 Litoměřice
Telephone: +420 416 715-211
Fax: +420 416 715-227
II. Data protection officers
1. HKS GmbH industrieller Hersteller von Kompensatoren und Schläuchen
IITR Datenschutz GmbH
Dr. Sebastian Kraska
2. HKS-CZ, s.r.o.
412 01 Litoměřice
III. Purposes and legal bases of data processing
1. Informational use of the website
You may visit our website without providing personal details. If you only use our website for the purpose of information, i.e. do not fill in an enquiry form or otherwise transmit personal information to us, we do not process any personal data with the exception of the data transmitted by your browser to enable you to visit the website, and information which is transmitted to us in the scope of cookies for the statistical analysis of the use of our website.
Technical provision of the website
For the technical provision the website, it is necessary for us to process certain automatically transmitted information about you for your browser to display our website and to enable you to use the website. This information is automatically collected every time you access our website and is stored in our server log files. Thereby, the following information is collected:
- IP address
- Date and time of website request
- Time zone difference in relation to Greenwich Mean Time (GMT)
- Address (URL) of the site accessed, of a site content respectively, such as for instance an image
- Access status/HTTP status code
- Volume of data transmitted in each case
- Website, from which the request is received (Referrer)
- ID of your web browser
- Operating system and its interface
- Language and version of the browser software.
We process the data drawn up for the following purposes:
- To guarantee a smooth connection of the website,
- to guarantee a convenient use of our website,
- to analyse system security and stability and
- for further administrative purposes.
This website is hosted by the hosting provider Hetzner.de. Only pseudonymised IP addresses are used in their log files. For this purpose, an IP address 123.123.123.XXX is stored in the log file instead of the real IP address of the visitor, e.g. 22.214.171.124., whereby XXX is a random value between 1 and 254. The build-up of a personal reference is no longer possible.
The log files are automatically deleted after 7 days.
Cookies and server-side storage of session information
Cookies are small text files that are stored on your hard disk which is assigned to the browser you use. You can imagine them to be short “memos”, on which certain information, e.g. about the technical condition of the currently ongoing connection, is memorised by the place that sets the cookie.
Cookies can neither trigger programs nor transfer viruses onto your computer.
The purpose of cookies is to make the web service as a whole more user friendly and effective or even make certain functions technically possible.
Typical cookies are so-called session cookies. An identifier in encrypted form is stored in them temporarily (Session ID) with which various requests of your browser can be assigned to one and the same session. Most of the browsers accept cookies automatically. However, you can configure your browser setting to, e.g. accept individual cookies or even to reject all cookies or to trigger that a prompt message always appears before a new cookie is created. The complete deactivation of cookies can, however, lead to the fact that you cannot use all functions of our website.
This website is operated using the online content management system (CMS) Contao (contao.org) and our editors maintain the contents.
The CMS sets session cookies. Apart from their function enabling them to assign successive accesses of a session, also technical conditions can be stored from one page view to the subsequent page view, as for example, the page last accessed within the same website, or form conditions, particularly errors and other responses after sending, however not the data entered into the form itself.
The session cookies are deleted when you close the browser.
Recording and analysing the accesses
The measures drawn up in the following and which we implement on our website to record user access are dealt with on the basis of Article 6 Section 1 Sentence 1 lit. f GDPR. We want to ensure a needs-based design and the ongoing optimisation of our website with the collection measures implemented. On the other hand, we implement these measures to statistically record the use of our website and to analyse the service we offer you at its best. These interests are legitimate in the terms of the above-mentioned regulation.
We use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/en/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter “Google“), for the needs-based design and on-going optimisation of our sites at its best.
Google is certified under the EU-U.S. Privacy Shield framework and thus guarantees the compliance with the European data protection law. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Analytics sets cookies. The information collected about your use of this website includes:
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited site),
- Host name of the accessing computer (IP address),
- Time of the server request,
- Sites accessed,
- Location information
and is transmitted to a server of Google in the USA where it is stored.
We DO NOT make use of the option offered by Google Analytics to analyse user behaviour across devices (Cross-Device-Tracking by User ID). The information is used to analyse the use of the website, to compile reports on website activities and to allow statements on market research and on the needs-based design of our websites. Your IP address is under no circumstances whatsoever amalgamated with other data of Google. Moreover, the IP addresses are anonymised making an allocation impossible.
You can prevent the installation of cookies using the corresponding configuration of the browser software.
Furthermore, you can prevent the recording of your visit to our website and the data referred to (incl. your IP address) and the processing of this data by Google by downloading and installing a Browser Add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As alternative to the Browser Add-on, particularly in the case of browsers on mobile terminals, you can prevent the recording by Google Analytics by clicking this button:
Thereby, an Opt-Out cookie is placed which prevents the future recording of your data when visiting this website. The Opt-Out cookie only applies in this browser and only for our website and is saved on your device. If you delete the cookies in this browser, you have to reset the Opt-out cookie in this browser. Furthermore, we use Google Analytics to analyse data from AdWords for statistical purposes. Should you not want us to do so you can disable this process via the ads preferences manager (http://www.google.com/settings/ads/onweb/?hl=en). You find further information on data protection in connection with Google Analytics for instance in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en) and under https://policies.google.com/privacy?hl=en.
Inclusion of services and contents of third parties
Based on our legitimate interests in the terms of Article 6 Section 1 lit. f. GDPR we use content or service offerings from third party providers, for example to integrate videos, program codes or fonts.
These third party providers can only provide contents, i.e. transmit them to your browser if they recognise your IP address.
For the service provider Google you find the respective information under google.de/intl/de/policies/privacy. You can place settings on data utilisation and on opting out possibilities under google.com/settings/ads/. By visiting our website Google gets the information that you have accessed the respective sub-page of our website. Data is transmitted irrespective of whether you are logged in to Google or not. If you are logged in to Google, your data is directly assigned to your account. If you don’t want the assignment to your profile at Google, you have to log out before accessing our website.
Integrated external providers and contents on our website
We integrate videos of the platform “YouTube”. This platform is a service of Google.
We use the service of Google maps on this website. This allows us to display interactive maps directly on the website and we provide you with the convenient use of the maps function.
2. Active use of the website
Apart from the purely informational use of our website, you can also use our website actively to contact us. In addition to the above-mentioned processing of your personal data for purely informational purposes, we then also process further personal data which we need to process and respond to your query.
a. Contact requests
You can contact us using the contact form provided on the website (contact form). Thereby, the following personal data is collected:
- Email address*
Only the input of a valid email address and your concern are necessary (*mandatory fields) for us to know from whom the query originates and to be able to answer it. The further details may be provided voluntarily and serve for our better understanding your query and to establish necessary steps for processing.
Data processing for the purpose of contacting us complies with Article 6 Section 1 Sentence 1 lit. a GDPR based on your voluntarily provided consent which is given by filling out the contact form and actually contacting us by sending the message.
The personal data we collect to use the contact form are stored in an internal management system (software). It enables us to communicate with you in a proficient manner in future, too, i.e. with reference to the previous communication. You may contact us whenever you deem fit to definitely delete the data.
b. Submitting an application
We process your personal data in the scope of your application if you place it at our disposal per email.
Processing of personal data
As a rule, the applicant data includes the following: First name and surname, if necessary your academic degree, date and place of birth, contact data (address, email, telephone and /or mobile number), application documents (letter of motivation, curriculum vitae, certificates), language skills, competences. We base our decision in the application process on your personal data as provided within the statutory framework of the application procedure. For example, we use your professional qualification to decide whether we shall consider you in the selection procedure or the impression gained in a personal interview to decide whether we shall offer you the job you have applied for.
We thereby process your personal data on the grounds of the following legal bases:
- Data processing for the decision on the reason to form a working relationship, Article 88 Section 1 GDPR in connection with Article 26 Section 1 Sentence 1 BDSG-new [German privacy law]
c. Use for advertising purposes such as advertising mails, invitation to events, surveys etc.
HKS processes and uses the personal data collected from you for purposes of advertising or for market and public opinion research exclusively to the extent permitted by law, i.e. in as far as it is legally permissible or with your consent.
When we have received your email address in connection with a contract conclusion and the provision of our goods or services and you have not declared your objection, we reserve the right to occasionally send you offers in connection with similar products within our range per email. You may object to this use of your email address whenever you deem fit by sending a corresponding message to the contact data drawn up under Point 1 or via a link designed for this purpose in the advertising mail without incurring any costs other than the transmission costs according to the basic rates.
Within the scope of advertising, we process mandatory data, e.g. your email address. You may cancel this advertising contact whenever you deem fit by sending a message to the contact data drawn up under Point 1, or respectively also by clicking a link provided for this purpose in the advertising mail.
We process your data to transmit advertising mails, invitations to events, surveys etc. and the personalisation of the advertising according to the following legal fundamental principles:
- If you have provided your consent per Double-opt-in process according to Article 6 Section 1 lit. a GDPR;
- If you have provided your email address in connection with the acquisition of goods or services or we send you personalised advertising to protect our legitimate interests according to Article 6 Section 1 lit. f GDPR in connection with Article 15 Section 3 TMG [German Telemedia Act] in connection with Article 7 Section 3 UWG [Unfair Competition Law]; our legitimate interest is founded on our economic interests in implementing advertising measures and on targeted advertising.
Some sections of our website may contain links of third-party providers. These websites are subject to their own general principles of data protection. We are neither responsible for their operation nor for their data handling. Should you send information to or via such sites of third-party providers, you should check the privacy policies of such sites before providing them information which can be assigned to your person.
V. Categories of recipients
Initially, only our employees gain knowledge of your personal data. Furthermore, we inform other recipients, provided legally permissible or required by law, that provide services in connection with our website. We thereby limit the transfer of your personal data to the most essential. In some cases, our providers receive your personal data as our processors and are thereby strictly bound to our instructions when handling your personal data. Partly, the recipients act independently with your data which we transmit to them.
- If necessary payment service providers and banks when processing payment,
- Providers of logistic services to enable us to supply the goods to you,
- IT service providers regarding administration and hosting of our website
- Collection agencies and legal advisers when asserting our claims
- If necessary further recipient categories.
VI. Third country transfer
In the scope of using the tools of Google, we transfer your shortened IP address to the USA. The data transfer is based on the Commission Implementing Decision (EU) 2016/1250 of the European Commission dated 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield.
Furthermore, we do not transfer your personal data to countries outside the EU, the EEA respectively, or to international organisations.
Personal data which is exchanged between you and HKS is transferred via encrypted connections which comply with state-of-the-art technology. The data transmission in the access-protected area is protected against illegal data access by third parties (256 bit SSL) by SSL (Secure Socket Layer). You recognise this encryption process by the key symbol appearing in your menu bar at the bottom of your browser screen and the address beginning with “https://”. Furthermore, we take technical and organisational safety precautions to protect your personal data that we manage from accidental or intentional manipulation, loss, destruction or against the access by unauthorised persons. HKS uses a firewall system against unauthorised accesses.
Our data processing and safety precautions are adapted to the current circumstances and requirements according to technological developments and are continuously enhanced. Our employees dealing with data processing are bound to data secrecy.
VIII. Your rights as person concerned
You are entitled under the statutory requirements to the following rights as person concerned and which you can assert against us:
Right of information: You are entitled to demand at any time in the scope of Article 15 GDPR that we provide a confirmation as to whether we process the personal data concerned. Should this be the case you are furthermore entitled in the scope or Article 15 GDPR to receive information and a copy of your data concerning this personal data and certain further information (among others processing purposes, categories of personal data, categories of recipients, scheduled storage period, the origin of the data, the use of automated decision making and in the case of the third country transfer the appropriate guarantees).
Rights to correction: You are entitled, according to Article 16 GDPR, to demand that we correct the personal data we have stored if it is inapplicable or incorrect.
Right to deletion: You are entitled, under the prerequisites of Article 17 GDPR, to demand from us that we immediately delete any personal data relating to you. The right to deletions does not exist, among others, if the processing of the personal data is necessary (i) to exercise the right to freedom of expression and information, (ii) to fulfil a legal obligation to which we are committed (e.g. statutory storage obligations) or (iii) to assert, exercise or defend legal claims.
Right to the restriction of processing: You are entitled, under the prerequisites of Article 18 GDPR, to demand that we restrict the processing of your personal data.
Right to data transferability: You are entitled, under the prerequisites of Article 20 GDPR, to demand that we handover the personal data relating to you and which you have provided to us in a structured, standard and machine-readable format.
Right of revocation: You are entitled to revoke your consent any time without giving any reason. The revocation is, however, not based on the legality of the processing carried out until revocation.
Right of objection: You are entitled, under the prerequisites of Article 21 GDPR, to object to the processing of your personal data, we then have to stop processing your personal data. The right of objection only exists for the limits provided in Article 21 GDPR. In addition, our interests may preclude the termination of the processing, so that we are entitled, despite your objection, to process your personal data.
Right to lodge a complaint with a supervisory body: You are entitled, under the prerequisites of Article 77 GDPR, to lodge a complaint with a supervisory body, particularly in the member state in which your reside, in which your workstation is located or the place of the alleged violation, if you are of the opinion that the processing of your personal data violates GDPR. The right to lodge a complaint exists irrespective of a further administrative or judicial remedy.
The supervisory authorities responsible for us are:
1. HKS GmbH industrieller Hersteller von Kompensatoren und Schläuchen
The State Commissioner for Data Protection and Freedom of Information Mecklenburg-Western Pomerania
Telephone: +49 (0) 385 594 94-0
Fax: +49 (0) 385 594 9458
Website: www.datenschutz-mv.de; www.informationsfreiheit-mv.de
2. HKS-CZ, s.r.o.
Litomerice Data Protection Officer
Assertion of your rights
Your requests to exercise your rights should, if possible, be drawn up in writing to the address of the supervisory body drawn up above or directly to our data protection officer. However, we recommend that you initially always address a complaint to our data protection officer.
IX. Scope of your obligations to provide data
You are, on principle, not committed to provide us with your personal data. However, if you do not we may possibly not be able to place the website with all its technical functionalities at your disposal, may not be able to answer your queries and may not be able to conclude a contract with you.
X. Automated decision making / Profiling
We neither use automated decision making nor profiling (an automated analysis of your personal circumstances).
Information about your right to objection according to Article 21 GDPR
- You are entitled to object at any time to the processing of your data on the basis of Art. 6 Section 1 f DSGVO (data processing on the basis of a weighing of interests) or Art. 6 Section 1 e DSGVO (data processing in the public interest), if there are reasons for this arising from your particular situation.
If you file an objection, we will no longer process your personal data, unless we can provide compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.
- We process your personal data in individual cases also for direct advertising purposes. If you do not wish to receive advertising, you are entitled to object to such processing at any time; this also applies to profiling, in as far as it is connected to such direct advertising. We will observe this objection in future.
We will no longer process your data for the purpose of direct advertising if you object to the processing for this purpose.
The objection may be made without formal requirements and should, where possible, be addressed to the contact data of our company drawn up under Point I or addressed directly to our data protection officer according to Point II.
Last updated in 2018