Privacy policy

We take data protection seriously!

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit as standard. This information is essential for the technical transmission of the web pages and secure server operation. There is no personalised analysis of this data.

Responsible person:
HSF E-Commerce Sp. z o.o.  
ul. Szkolna 58  
62-070 Gołuski  
Poland

Phone: +48 61 64 88 900 
E-mail: info@hsf-ecommerce.com

Personal data

Personal data is data about your person. This includes your name, your address and your e-mail address. You do not have to disclose any personal data in order to visit our website. In some cases we need your name and address as well as other information in order to be able to offer you the desired service.

The same applies if we supply you with information material on request or if we answer your enquiries. In these cases, we will always point this out to you. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to be able to offer you our service or to pursue our commercial objectives.

Contact us

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the data of the enquiring persons will be processed insofar as this is necessary to answer the contact enquiries and any requested measures.

The response to contact enquiries in the context of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to respond to (pre)contractual enquiries and otherwise on the basis of the legitimate interests in responding to the enquiries.

  • Processed data types: Inventory data (e.g. first name, surname, company name, addresses), contact data (e.g. e-mail, telephone numbers).​
  • Affected persons: Communication partner.​
  • Purposes of processing: Contact enquiries and communication.​
  • Legal bases: Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 lit. f GDPR), Consent (Art. 6 para. 1 lit. a GDPR; Art. 9 para. 2 lit. a GDPR).​

Automatically saved data

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Date and time of the request​
  • Name of the requested file​
  • Page from which the file was requested​
  • Access status (file transferred, file not found, etc.)​
  • Web browser and operating system used​
  • Complete IP address of the requesting computer​
  • Amount of data transferred​

This data is not merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time. It is not possible for us to identify individual persons from this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other databases or passed on to third parties, even in excerpts.

Cookies

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID.

By using session cookies, the controller can provide users of this website with a user-friendly service that would not be possible without the use of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

BUNNY.NET

Our website uses web fonts that are provided by the service provider Bunny.net, BunnyWay d.o.o., Dunajska cesta 165, 1000 Ljubljana, Slovenia. The fonts are integrated to ensure a uniform and appealing presentation of our content. The web fonts are loaded directly from the Bunny.net servers when our pages are accessed. Bunny.net may receive information about your visit to our website, such as your IP address, as this is required to deliver the content.

Further information can be found in Bunny.net's privacy policy: https://bunny.net/privacy.

YouTube

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection is established to the servers of YouTube is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempts at fraud.

If necessary, further data processing operations may be carried out after the start of a YouTube video over which we have no influence. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time.​

Google relies on the Transatlantic Data Privacy Framework of 10 July 2023 (TADPF) for the transfer of data to recipients based in the USA and, in the case of data transfer to other third countries, on standard contractual clauses approved by the EU Commission as a guarantee of a level of data protection comparable to that in the EU. You can obtain a copy of the standard contractual clauses here.można tutaj.

Further information about data protection at YouTube can be found in their privacy policy at: ​https://policies.google.com/privacy?hl=de.

Registration on the website (VNetLPR)

The data subject has the option of registering on the controller's website by providing personal data. The following personal data is collected: ​

  • Name,
  • address, ​
  • telephone number, ​
  • e-mail address.​

By registering on the controller's website, the IP address assigned by the data subject's Internet service provider (ISP), the date and time of registration are also stored. This data is stored against the background that this is the only way to prevent the misuse of our services and, if necessary, to enable criminal offences to be investigated. In this respect, the storage of this data is necessary to safeguard the controller. This data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.

The registration of the data subject with voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database. You undertake to treat the personal access data confidentially and not to make it accessible to unauthorised third parties. We cannot accept any liability for misused passwords unless we are responsible for the misuse.
With the "stay logged in" function, we would like to make your visit to our website as pleasant as possible. This function allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, your personal details need to be changed or you wish to place an order. We recommend that you do not use this function if the computer is used by several users. Please note that the "stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.

 

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended:

  • for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):
    Your data is processed online or at our business location for the purpose of contract processing. The data is processed in particular when initiating business and when executing contracts with you.
  • for the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR):
    The processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.
  • - to safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR):
    Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Data processing to protect legitimate interests takes place in the following cases, for example:
    • advertising or marketing,​
    • Measures for business management and further development of services​
    • Maintaining an internal customer database to improve customer service​
    • In the context of legal prosecution​
  • if you have given us your consent to process your data in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (processing of special categories of personal data)​

 

Who receives my data?

If we use a service provider in the sense of order processing, we nevertheless remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data if they require the data to fulfil their respective service.

Your data is processed in our customer database. The customer database supports the enhancement of the data quality of the existing customer data (duplicate cleansing, moved/deceased indicator, address correction) and enables the enrichment with data from public sources. Customer data is stored separately for each company. If there is a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data. In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of contract initiation and fulfilment.

  

How long will my data be stored?

We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code); in addition, until the termination of any legal disputes in which the data is required as evidence.

 

Is personal data transferred to a third country?

In principle, we do not transfer any data to a third country. In individual cases, data will only be transferred on the basis of an adequacy decision by the European Commission, standard contractual clauses, suitable guarantees or your express consent.

 

Online presence on Instagram, Facebook and LinkedIn

Social buttons from social networks are used on our website. These are only integrated into the page as HTML links so that no connection is established with the servers of the respective provider when our website is accessed. If you click on one of the buttons, the website of the respective social network will open in a new window of your browser where you can click on the Like or Share button, for example.

If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the social media mentioned above, from which user profiles are created using pseudonyms. These can be used, for example, to place adverts within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator as well as a contact option and your rights and setting options for protecting your privacy, please refer to the providers' data protection notices linked below. If you still need help in this regard, you can contact us.

 

Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly being revised. Please ensure that you have the latest version.

 

Rights of data subjects

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.​

Right to information: 
 You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to cancellation:
You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.

Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.

Right to restriction of processing:
You can request that we restrict the processing of your data if

  • you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.​
  • The processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,​
  • we no longer need the data for the intended purpose, but you still need this data for the assertion or defence of legal claims, or​
  • you have objected to the processing of the data.​

Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that

  • we process this data on the basis of a consent given and revocable by you or for the fulfilment of a contract between us, and​
  • this processing is carried out using automated procedures.​

If technically feasible, you can request that we transfer your data directly to another controller.

Right of objection:
If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right of appeal:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.


Changes to this privacy policy
We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website.

All interested parties and visitors to our website can contact us regarding data protection issues at:

Mr. Christian Volkmer
Project 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg
Germany

Phone: +49 941 2986930
Fax: +49 941 29869316
E-Mail: anfragen@projekt29.de
Internet:  www.projekt29.de