Data Protection Statement
This Data Protection Statement applies to the use of the www.hionic.de website, and is made available by hionic GmbH.
How we address the subject of data protection
Data protection law is part of our right to privacy. The meaning of these rights should not be underestimated, in particular in our ever changing and networked world. As a technical consulting company, we attach great importance to data protection law whatever form it takes on and whatever the requirements. We therefore also take the protection of your data very seriously and endeavour at all times to provide a corresponding level of protection on our website, www.hionic.de.
You are free to use the website without stating your personal data details. However, it may be the case that if you wish to make use of one of the services (e.g. a contact request or registering for our newsletter) via our website, recording and processing your data shall be necessary. If this is the case, and there is no legal basis for such processing, we shall in any case obtain your consent for the respective procedure.
Processing your personal data, for example your name, address, e-mail address or telephone number, applies at all times in line with the General Data Protection Regulation and in compliance with the valid, country-specific, data protection provisions. Naturally, we would like to inform you and the public about the type, scope and purpose of the personal data we collect, use and process so that the topic data protection is explained in detail.
As the company responsible for the data processing, we have put in place numerous technical and organisational measures to guarantee as far as possible full protection of the personal data processed via this website. In view of the fact that irrespective of all technical precautions, absolute protection in the case of data transmissions cannot be guaranteed in full, we are free to use other communication channels to forward your personal data.
Data protection law details
1. Definition of terms in accordance with GDPR
This website’s Data Protection Statement is based on terms used by the European body responsible for directives and regulations when enacting the General Data Protection Regulation (GDPR). Our Data Protection Statement is intended to be easy to read and understand both by the general public and you as a customer and business partner. To ensure that this is the case, we would like to explain the used terms in advance.
In this Data Protection Statement we use the following terms inter alia:
- a) Personal data
Personal data comprises all information that refers to an identified or identifiable natural person (hereinafter the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- b) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the control responsible for processing. In the event of doubt, you are, therefore, a data subject.
- c) Processing
“Processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- d) Restriction of processing
A restriction of processing is the marking of stored personal data with a view to restricting the future processing of such data.
- e) Controller or person responsible for the processing
The controller or person responsible for the processing is the natural or legal person, authority, institution or other body who or that alone or jointly with others decides on the purposes and means of the processing of personal data. If the purposes and means of such processing are specified by Union law or the law of the Member States, the controller or the certain criteria of the controller’s appointment may be specified in accordance with Union law or the law of the Member States.
- f) Recipient
A recipient is a natural or legal person, authority, institution or other body who or that discloses personal data irrespective of whether or not these disclosing parties are third parties. However, authorities that may receive personal data as part of a certain investigation in accordance with Union law or the law of the Member States are not deemed recipients.
- g) Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- h) Consent
Consent is any indication of the data subject’s wishes that is freely given, specified, informed and unambiguous by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and address of the controller responsible for the processing
The controller within the meaning of the General Data Protection Regulation, other data protection laws that are valid in the Member States of the European Union and other provisions that have a data protection law character is:
Striesener Str. 31/33
Tel.: 0351.318 43 40
Fax: 0351.318 43 21
hionic GmbH is represented by its managing directors André Girrbach and Falk Röllig.
3. Recording general data and information
When you visit the website, it records a series of general data and information. Such general data and information are stored in the server’s log files. The following can be recorded:
(1) Used browser types and versions,
(2) The operating system used by the system gaining access,
(3) The web page from which a system gains access to our website (so-called referrer),
(4) The-subwebsites that are guided to our website via an accessing system,
(5) The date and time of the access gained to the website,
(6) An Internet Protocol address (IP address),
(7) The internet service provider of the system gaining access and
(8) Other similar data and information aimed at warding off danger in the event of attacks on our IT systems.
In the case of using these general data and information, I do not draw any conclusions about you. Moreover, such information is required to:
(1) Correctly provide the content on our website,
(2) Optimise the content of our website as well as the advertising for it,
(3) Guarantee the permanent functionality of our IT systems and the technology of our website as well as
(4) Make the necessary information available to prosecuting authorities for criminal prosecution in the event of a cyber attack.
I therefore evaluate such data and information, which are rendered anonymous when collected, for statistical purposes on the one hand and furthermore with the aim of increasing the data protection and data security at our company to ultimately guarantee an ideal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all your stated personal data.
This website is operated among other things by using Cookies. Cookies are text files that are placed on your computer system and stored there via your internet browser.
By way of using Cookies, a user-friendly service can be made available to you that would not be possible without setting Cookies.
By way of a Cookie, information and offers can be optimised on the website in your interest. Cookies make it possible for you to be recognised. Cookies are small files that are set when you visit websites. With their help, your internet browser notes that you have already visited this website.
The recognition is aimed at making it easier for users to use this website. If you use this website, you need not, for example, enter your access data every time you visit the website because this is assumed by the website and the Cookie set on your computer system.
You can prevent the setting of Cookies by this website at any time by way of a corresponding setting of the used internet browser and therefore permanently object to the setting of Cookies. Furthermore, Cookies that have already been set can be deleted at any time via your internet browser or other software programmes. This is possible via all common internet browsers. If you deactivate the setting of Cookies in the used internet browser, under certain circumstances not all the functions of the website will be available in full for use.
5. Contact option via the website
As a result of statutory requirements, the website contains details that enable you to quickly establish contact with our company electronically and bring about direct communication with us, which similarly comprises a general address for the so-called electronic mail (e-mail address).
Insofar as you establish contact with us by e-mail or via our contact form, the personal data you forward shall automatically be stored. Such personal data that you forward on a voluntary basis are stored for the purpose of processing or establishing contact with you. Such personal data are not forwarded to third parties.
6. Erasure and blocking of personal data
Your personal data are only processed for the period that is necessary to achieve the storage purpose or insofar as this has been specified by the European body responsible for enacting directives and regulations or by another legislator in laws or requirements to which the controller responsible for the processing is subject.
If the storage purpose is inapplicable or if a storage period specified by the European body responsible for enacting directives and regulations or another relevant legislator expires, the personal data shall be routinely blocked or erased in line with the statutory requirements.
7. Your rights as a data subject
- a) Right to confirmation
You are entitled to request confirmation as to whether or not your personal data shall be processed. If you wish to exercise this right to confirmation, you can contact the contact person for data protection stated below at any time.
- b) Right to obtain information
You are entitled to obtain information at any time and free of charge about your stored personal data (e.g. the processing purpose or the categories of the data that are processed) and receive a copy of such information.
In addition, you are entitled to obtain information about whether or not your personal data have been forwarded to a third country or to an international organisation. Insofar as this is the case, in other respects you are entitled to obtain information about the suitable guarantees in conjunction with the forwarding.
If you wish to exercise this right to obtain information, you can contact the contact person for data protection stated below at any time.
- c) Right to rectification
You are entitled to request the rectification of the incorrect personal data that apply to you, without delay. Furthermore, taking into account the purposes of the processing, you are entitled to have incomplete personal data completed, including by means of providing a supplementary statement.
If you wish to exercise this right to rectification, you can contact the contact person for data protection stated below at any time.
- d) Right to erasure (right to be forgotten)
You are entitled to request that the personal data that apply to you be erased without delay. Furthermore, we undertake to delete personal information without delay insofar as a reason applies that does not justify the processing of the data (e.g. personal data were collected for such purposes or otherwise processed for which they are no longer required).
Insofar as one of the aforementioned grounds applies and you would like to arrange for the erasure of your personal data, you can contact the contact person for data protection stated below at any time.
If your personal data have been publicly disclosed and if we undertake to erase such data, we shall take reasonable steps, including technical measures, taking account of available technology and the cost of implementation, to inform the controller processing your personal data that you have asked us to erase any links to, or copy or replication of, those personal data.
- e) Right to restriction of processing
You have the right to request the restriction of processing if one of the preconditions is met:
- You contest the accuracy of the personal data, namely for a period that enables us to review the accuracy of the personal data.
- The processing is unlawful, you reject the erasure of the personal data and instead request the restriction of the use of the personal data.
- We no longer require the personal data for processing purposes. However, you require such data for the establishment, exercise or defence of legal claims.
- You have objected to the processing in accordance with Section 21(1) GDPR and it has yet to be established whether or not our justified reasons outweigh your justified reasons.
Insofar as one of the aforementioned preconditions is met and you would like to request the restriction of your personal data stored at our company, you can contact the contact person for data protection stated below at any time.
We shall inform you of any rectification or erasure of your personal data or a restriction of the processing unless this proves impossible or is associated with a disproportionate effort. We shall inform you of the recipients if you request such information.
- f) Right to data portability
You are entitled to receive the personal data that apply to you, and which you have provided, in a structured, commonly used and machine-readable format.
If you wish to exercise this right to data portability, you can contact the contact person for data protection stated below at any time.
- g) Right to object
You are entitled at any time to object, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1) letters e or f GDPR. This also applies to profiling based on those provisions.
We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or which are aimed at the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you shall be entitled to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you wish to exercise this right to object, you can contact the contact person for data protection stated below directly.
- h) Right to revoke data protection law consent
You are entitled to revoke at any time consent given to the processing of personal data.
If you wish to revoke the consent, you can contact the following department at any time:
Tel.: 0351.318 43 40
8. Registering to our website
You can set up a user account on our website. As part of the registration, you are informed of the compulsory details to be provided, which shall be processed based on Article 6(1), letter b, GDPR. The processed data include, in particular, the log-in information (name, password as well as an e-mail address). The data provided as part of the registration shall only be used for the purposes of using the user account and for its purpose.
You can be informed by e-mail about information that is relevant to the user account such as technical alterations. If you cancel your user account, the provided data in relation to the user account shall be erased subject to a statutory storage obligation. It is incumbent upon you as the user to save your data, where applicable, once your user account has been cancelled before the end of the contract. We are entitled to irretrievably erase all the user’s data stored during the term of contract.
As part of utilising our registration and log-in functions as well as the use of the user account, we store the IP address and the time of the respective user’s activity. Such storage is based on our justified interests. It is also in your interest as protection against misuse and other unauthorised use. As a matter or principle, such data are not forwarded to third parties unless the forwarding is necessary to pursue our claims or a statutory obligation in accordance with Article 6(1), letter c, GDPR, applies to the forwarding. The IP addresses are rendered anonymous or erased at the latest after 7 days.
If you register to our website, and enter into a contract with us, to honour the contract entered into with you, we shall collect additional data such as your contact and address data, where applicable the company description and the VAT ID of your company.
9. Ordering our Newsletter
You can subscribe to our company’s newsletter via our website. The personal data that are collected when the Newsletter is ordered are set out in the used dialogue box.
We inform all subscribers at regular intervals by way of a newsletter about offers and new developments at our company. As a matter of principle, the newsletter can only be received if
(1) A valid e-mail address has been provided, and
(2) You have registered for the distribution of the newsletter.
For legal reasons, a confirmation e-mail using the double opt-in procedure is sent to the e-mail address newly entered for the distribution of the newsletter. This confirmation e-mail is aimed at reviewing whether or not the e-mail address has authorised the receipt of the newsletter.
In the case of registering for the newsletter, we also store the IP address issued by the Internet Service Provider (ISP) at the time of registration, the used computer system as well as the date and time of the registration. Collecting such data is necessary to understand (potential) misuse of your e-mail address at a later date and is therefore aimed at safeguarding our legal interests.
The personal data collected as part of registering for the newsletter are used exclusively for sending our newsletter. All newsletter subscribers can be informed by e-mail, provided this is necessary to operate the newsletter service or a registration in that respect, how changes to the newsletter subscription or a change in the technical circumstances could apply. The personal data collected as part of the newsletter service are not forwarded to third parties. You can cancel the subscription to our newsletter at any time. The consent that you gave to the storage of your personal data that you have made available to us for the distribution of the newsletter can be withdrawn at any time. For the purpose of withdrawing the consent, each newsletter contains a corresponding link. Alternatively, you can also directly contact our contact person stated below.
10. Data protection provisions on the application and use of Google Analytics (with an anonymization function)
We have integrated the component Google Analytics (with an anonymization function) in our website. Google Analytics is a web analysis service. Web analysis is the collection, structuring and evaluation of data on the behaviour of website visitors. Among other things, an analysis service collects data about the internet page from which you have accessed another internet page (so-called referrer), the sub-pages of the website that are accessed or how often and for which viewing time a sub-page was viewed. A web analysis is largely used to optimise a website page and to provide a cost-benefit analysis of internet advertising.
The provider of Google Analytics is the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We use the “_gat._anonymizeIp” extension for the web analysis of Google Analytics. By way of this extension, the IP address of your internet connection is shortened and rendered anonymous by Google if access to our website is gained from Member State of the European Union or from another contracting state to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the number of visitors to our website. Google uses the gained data and information among other things to evaluate the use of our website, to draw up online reports for us that illustrate the activities on our website and to render additional services associated with the use of our website.
Google Analytics sets a Cookie on your IT system. We have provided an explanation about Cookies above. By way of setting a Cookie, Google is able to analyse the use of our website. By way of each viewing of an individual page operated by us on this website in which a Google Analytics component has been integrated, the internet browser on your IT system automatically instructed by the respective Google Analytics component to forward data to Google for the purpose of online analysis. As part of this technical procedure, Google gains knowledge of personal data such as your IP address, which Google uses among other things to understand the origin of the users and clicks and as a result facilitate commission settlements.
By way of this measure, personal information such as the access time, the place from where access was gained and the frequency of your visits to our website is stored. During each visit to our website, your personal data, including the IP address of the internet access you use, are forwarded to Google, where applicable also to the United States of America, and stored. Under certain circumstances, Google forwards to third parties such personal data collected via the technical procedure.
As described above you can prevent the setting of Cookies at any time by way of a corresponding setting of the used internet browser and therefore permanently object to the setting of Cookies. Such a setting of the used internet browser would also prevent Google setting a Cookie on your IT system. In addition, a Cookie that Google Analytics has already set can be deleted at any time via the internet browser or other software programmes.
For more information and Google’s valid data protection provisions, please visit https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in greater detail via the link https://www.google.com/intl/de_de/analytics/.
11. Data protection provisions on the application and use of mautic
On this website we use mautic, an Open Source tool for marketing automation. This is an analysis and tracking software for the allocation and storing of use data (including used browser, last visited site and viewing time). The software uses this information to individualise our marketing measures and align them better towards the interests of each individual user. In addition, the software helps us to better evaluate the success of individual marketing measures.
We host mautic on servers operated by us. The data are not forwarded to third parties. We only record and process data via mautic insofar as this is necessary to achieve our business goals with you.
mautic’s working method is characterised by:
- a) E-mail marketing and campaigns
In the case of the so-called e-mail marketing, personalised e-mails are sent to you. These are, in part, based on the use behaviour on our website, during the reading of our e-mails and during the interaction with the contained links. Furthermore, we also send e-mails as part of campaigns.
- b) Landing pages
Landing pages are special web pages that have been defined as the goal of advertising campaigns. They mostly contain interaction opportunities such as the downloading of white papers or check lists and forms for the recording of information.
The software uses various technical procedures for the allocation of the individual activities to profiles that have been rendered anonymous or, following prior approval, the profiles of individual users.
- c) Tracking pixels
To identify whether or not an e-mail has been opened, mautic uses so-called tracking pixels. As a result, the provider’s server loads a small chart that has previously been allocated to an individual user profile.
- d) Personalised web links
To identify whether or not, for example, a user views a link from an e-mail, mautic allocates to such links a unique code that has previously been allocated to an individual user profile.
- e) IP address
The currently used IP address of website visitors is forwarded to us each time our website is viewed. Mautic uses these to recognise website users.
The data recorded in that respect are:
- The activity on our website
- The number of page views and the view time of the website visitor
- The click path of the respective visitor
- Downloads of files made available via the website
- Visits to landing pages
- Opening of e-mails from Newsletters and campaigns
As part of registering for our newsletter via the website, the following data can be recorded as a result of the use of mautic:
- Contact data (such as name, postal or e-mail address, telephone or fax number).
- Business contact data (such as your professional description, the name of the business enterprise, business e-mail address, telephone or fax number).
- The IP address of the terminal from which the use of the website occurs (a string of characters that identifies your current computer connection to the internet)
The released data are identified by way of clearly completing a form. In that respect, the data that are required to send the form are marked.
Mautic is only used if you have expressly granted your consent to the use of so-called fist party Cookies as part of the initial use of this website. You can withdraw such consent at any time by contacting the contact person stated by us above. In such a case all tracking data recorded via mautic shall be deleted without delay.
12. Data protection provisions on the application and use of Google Maps
Map material of the “Google Maps” service is incorporated in this site. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data include, in particular, your IP address and your location data which, however, may not be collected without consent (e.g. by way of corresponding settings in your browser). The data may be processed in the USA. For more information and Google’s valid data protection provisions, please visit https://www.google.com/policies/privacy/. The processing of data by Google can be amended and excluded at https://adssettings.google.com/authenticated.
13. Statutory permission for the data processing
Article 6, letter a, GDPR, forms the legal basis for the aforementioned processing procedures in which your consent is obtained for a certain processing purpose. If the processing of personal data is, for example, necessary as a result of honouring a contract with you, such processing is justified by way of Article 6, letter b, GDPR. The same applies to such processing procedures that are necessary for example in cases involving enquiries about our services.
In the event of a legal obligation as a result of which the processing of personal data is necessary, for example to honour tax obligations, the processing is based on Article 6, letter c, GDPR.
It may be the case that the processing of personal data is necessary to protect vitally important interests or the interests of another natural person.
Ultimately, processing procedures may be based on Article 6, letter f, GDPR. This is the legal basis for processing procedures that are not subject to any of the aforementioned legal bases if the processing is necessary to safeguard a justified interest on the part of our company or a third party provided your interests, and fundamental rights and freedoms, are not overriding. We are therefore permitted to perform such processing procedures because they are particularly stated by the European legislator. Such a case applies, for example, if you are a customer of our company. (Recital 47, Sentence 2, GDPR).
14. Protection of minors
The consent to the processing of personal data may only be granted by an adult. The consent of a child who has reached the age of 16 years is permitted for the services of the information company in accordance with Article 8, GDPR.
15. Our justified interest
If the processing of personal data is based on Article 6(1), letter f, GDPR, our justified interest consists of performing our business activity in favour of the well-being of our company and our employees.
16. Duration of storage period
The criterion for the duration of the storage of personal data is the respective, statutory, storage period. Following expiry of the period, the corresponding data are routinely erased unless they are no longer required to honour or initiate a contract.
17. Obligation to provide personal data
The provision of personal data is, in part, specified by law (e.g. tax requirements) or is based on contractual regulations (e.g. details of a contracting party). In addition, it may be necessary to enter into a contract so that you make available to us personal data which, as a result, needs to be processed by our company. You undertake, for example to make personal data available to us if we enter into a contract with you. Non-provision of the personal data would mean that the contract could not be entered into.
Please feel free to contact us if necessary prior to providing your personal data. We shall clarify on an individual case basis whether or not the provision of your personal data is specified by law or by a contract, or such data are required to enter into a contract and whether or not an obligation applies to provide the personal data. Furthermore, we shall set out the consequences of failing to provide the personal data.
18. Supervisory authorities and complaints
If you contact a public authority about your queries about data protection, you can direct your matter and enquiries to the relevant data protection authorities. The relevant data protection authority is the data protection authority of the German federal state in which our company has its registered office.
Saxon Data Protection Officer
PO Box 12 00 16
19. Contact person
You can contact us at any time should you have any questions about data protection and how your data are handled on our website and at our company. The following person is at your disposal for data protection questions:
Tel.: 0351.318 43 40
This Data Protection Statement has been drawn up by