We take data protection seriously!

The protection of your privacy during the processing of personal data is an important concern for us. When you visit our website, our web-servers automatically record the IP address of your Internet service provider, the website from which you visit us, the pages on our website you visit and the date and duration of your visit. This information is absolutely necessary for the technical transmission of the web pages and the secure server operation. A personalized evaluation of this data does not take place.

If you send us data via contact form, this data will be stored on our servers in the course of data backup. Your data will only be used by us to process your request. Your data will be treated strictly confidential. Your data will not be passed on to third parties.

Responsible office:
HSF E-Commerce Sp. z o.o.
ul. Za Motelem 2
62-080 Tarnowo Podgórne / Sady
Poland

Personal data

Personal data is data about your person. This includes your name, address and email address. You also do not have to disclose any personal information to visit our website. In some cases we need your name and address as well as further information to be able to offer you the desired service.

The same applies if we supply you with information material on request or if we answer your enquiries. In these cases we will always point this out to you. In addition, we only store data that you have transmitted to us automatically or voluntarily.

If you use one of our services, we usually only collect the data necessary to provide you with our service. We may ask you for further information, which is voluntary. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial goals.

Automatically stored data

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested.
  • Access status (file transferred, file not found, etc.)
  • web browser and operating system used
  • complete IP address of the requesting computer
  • transferred data volume

This data will not be merged with other data sources. Processing is carried out in accordance with art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to prevent attempts to attack our web server, we store this data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymised at domain level by shortening the IP address so that it is no longer possible to establish a reference to the individual user. In addition, the data is processed anonymously for statistical purposes; it is not compared with other data or passed on to third parties, even in excerpts. Only within the framework of our server statistics, which we publish every two years in our activity report, is the number of page views displayed.

Cookies
When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard drive. Only the Internet protocol address is stored here – no personal data. This information, which is stored in the cookies, allows you to be automatically recognized the next time you visit our website, which makes it easier for you to use. The legal basis for the use of cookies is the legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR.

Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognised the next time you visit, you can also refuse to use cookies by changing the settings in your browser to “refuse cookies”. The respective procedure can be found in the operating instructions of your browser. If you reject the use of cookies, however, there may be restrictions in the use of some areas of our website.

Google Maps
This website uses Google Maps to display maps and to create directions. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
By using Google Maps on this website, you consent to the collection, processing and use of data automatically collected and entered by you by Google, one of its agents, or third parties.
The Google Maps Terms of Use can be found here.
You can view Google Maps’ privacy policy here.

Security
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees as well as service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly revised. Please make sure that you have the latest version.

 

Changes to this Privacy Policy

We reserve the right to change our privacy policy if necessary due to new technologies. Please make sure you have the latest version. If any material changes are made to this privacy statement, we will post those changes on our website.

All interested parties and visitors to our website can contact us with questions about data protection:

Project 29 GmbH & Co. KG
Mr. Christian Volkmer
Ostengasse 14
93047 Regensburg
Germany

Phone: +49 941 2986930
Fax: +49 941 29869316

E-mail: anfragen@projekt29.de
Internet: www.projekt29.de

We hereby wish to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled within the meaning of Art. 13 of the European General Data Protection Regulation (GDPR).

 

Information Duties acc. to Art. 13 GDPR

1. who is responsible for data processing and whom can you contact?

Responsible is

HSF E-Commerce Sp. z o.o.
ul. Za Motelem 2
62-080 Tarnowo Podgórne / Sady
Polen

Telefon: +48 61 64 88 900
E-Mail: info@hsf-ecommerce.com

 

The company data protection officer is

Project 29 GmbH & Co. KG
Mr. Christian Volkmer
Ostengasse 14
93047 Regensburg
Germany

Phone: +49 941 2986930
Fax: +49 941 29869316

E-mail: anfragen@projekt29.de
Internet: www.projekt29.de

 

2. Which data are processed and from which sources do these data originate?

We process the data which we have received from you within the framework of contract initiation or processing, on the basis of consents or within the framework of your application to us or within the framework of your staff.

Personal data includes personal data:

Your master/contact data, for example first and last name, address, contact data (e-mail address, telephone number, fax), bank data for customers.

For applicants and employees, this includes, for example, first and last name, address, contact data (e-mail address, telephone number, fax), date of birth, data from curriculum vitae and job references, bank data, religious affiliation, photographs.

For business partners, this includes, for example, the name of their legal representative, company, commercial register number, VAT number, company number, address, contact person contact data (e-mail address, telephone number, fax), bank details.

For trade fair visitors, this includes e.g. first and last name, address, contact data (e-mail address, telephone number, fax).

For visitors to our company, this includes name and signature.

For journalists, this includes first and last name, e-mail address, fax number.

For lottery participants, this includes first and last name, address, e-mail address.

In addition, we also process the following other personal data:

  • Information on the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents,
  • advertising and sales data,
  • information from your electronic dealings with us (e.g. IP address, log-in data),
  • other data that we have received from you within the framework of our business relationship (e.g. in discussions with customers),
  • We generate this data ourselves from master data, contact data and other data, e.g. by means of customer demand and customer potential analyses,
  • the documentation of your declaration of consent for the receipt of e.g. newsletters.
  • photography in the context of events.

 

3. For what purposes and on what legal basis are the data processed?

We process your data in accordance with the provisions of the Data Protection Basic Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:

  • to fulfil (pre-)contractual obligations (Art. 6 para. 1lit.b GDPR):

The processing of your data takes place for the contract winding up on-line or in one of our branches, for the contract winding up of your coworkers in our enterprise. The data will be processed in particular during the initiation of business transactions and the execution of contracts with you.

  • to fulfil legal obligations (Art. 6 para. 1 lit.c GDPR):

A processing of your data is necessary for the purpose of the fulfilment of different legal obligations, e.g. from the commercial code or the tax code.

  • to safeguard legitimate interests (Art. 6 para. 1 lit.f GDPR):

On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of the contract in order to safeguard the legitimate interests of us or third parties. Data processing to safeguard legitimate interests is carried out in the following cases, for example:

    • advertising or marketing (see No. 4),
    • measures for business management and the further development of services and products;
    • manage a group-wide customer database to improve customer service
    • in the context of legal proceedings
    • sending of non-promoting information and press releases.
  • within the scope of your consent (Art. 6 para. 1lit.a GDPR):

If you have given us your consent to process your data, e.g. to send you our newsletter, to publish photos, competitions, etc., we will not use your data for any other purpose.

 

4. Processing of personal data for advertising purposes

You may at any time object to the use of your personal data for advertising purposes in whole or for individual measures without incurring any costs other than the transmission costs according to the basic tariffs.

In Germany we are entitled under the legal requirements of § 7 Abs.3 UWG (law against unfair competition) to use the email address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter or not.

If you do not wish to receive such recommendations by e-mail from us, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic tariffs. A text message is sufficient for this purpose. Of course, every e-mail always contains a unsubscribe link.

 

5. Who receives my data?

If we use a service provider in the sense of an order processing, we remain nevertheless responsible for the protection of your data. All contract processors are contractually obliged to treat your data confidentially and to process it only within the scope of the service provision. The contract processors commissioned by us will receive your data insofar as they require the data for the performance of their respective services. These are, for example, IT service providers that we need for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.

Your data will be processed in our customer database. The customer database supports the improvement of the data quality of the existing customer data (duplicate cleansing, spoilage/deadness flags, address correction) and enables the enrichment with data from public sources.

This data is made available to the group companies if necessary for the execution of the contract. Customer data is stored separately for each company, with our parent company acting as a service provider for the individual participating companies.

If there is a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.

In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.

 

6. How long will my data be stored?

We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from national commercial Laws, tax laws etc.); furthermore until the termination of any legal disputes in which the data is required as evidence.

 

7. Is personal data transferred to a third country?

In principle, we do not transfer any data to a third country. A transfer will only take place on a case-by-case basis on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate safeguards or your express consent.

 

8. What data protection rights do I have?

You have the right at any time to information, correction, deletion or restriction of the processing of your stored data, a right of objection to the processing as well as a right to data transfer and a right of complaint in accordance with the requirements of data protection law.

Right to information:

You can request information from us as to whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or inaccurate, you may request that we correct or complete it at any time.

Right to deletion:

You can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate deletion, e.g. in the case of legally regulated storage obligations.

Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.

Right to limit the processing:

You can ask us to restrict the processing of your data if

  • you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse to delete it and instead request a restriction on the use of the data,
  • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
  • you have objected to the processing of the data.

Right to data transferability:

You may request that we provide you with the information you have provided to us in a structured, common and machine-readable format and that you may provide that information to another responsible person without our interference, provided that

  • we process this data on the basis of a consent given and revocable by you or for the fulfilment of a contract between us, and
  • this processing is carried out using automated procedures.

If technically feasible, you may request us to transfer your data directly to another responsible person.

Right of objection:

If we process your data for legitimate reasons, you may object to such processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right of appeal:

If you are of the opinion that we violate German or European data protection law when processing your data, we ask you to contact us in order to clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

The responsible complaints office is:

Urząd Ochrony Danych Osobowych
ul. Stawki 2
00-193 Warszawa
Poland
Hotline: +48 606-950-000

 

9. Am I obliged to provide data?

The processing of your data is necessary to conclude or fulfil your contract with us. If you do not provide us with this data, we will generally have to refuse to enter into the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data which is not relevant for the fulfilment of the contract or which is not required by law.

 

Status: April 2020
Save privacy policy as PDF / print.
If you do not have a PDF reader installed to view or print the General Terms and Conditions, you can download it free of charge e.g. at www.adobe.com.