Data protection

1. Controller

Service provider pursuant to Article 13 of the Telemedia Act (TMG) and controller pursuant to the Federal Data Protection Act (BDSG) as well as the General Data Protection Regulation (GDPR) is:

Hako GmbH
Headquarters
Hamburger Straße 209-239
D-23843 Bad Oldesloe

Phone: +49 4531 806-0
Fax: +49 4531 806-338
E-mail: info@hako.com
Web: www.hako.com

Managing directors
Joachim Blache
Axel Jensen
Frank Ulbricht

2. Data protection officer

Should any issues on data protection arise, our external data protection officer Astrid Bartel from Vater Solution GmbH will be at your disposal and can be contacted by e-mail under privacy@hako.com.

3. Categories of personal data

We process the following categories of data: master data (such as company, contact(s), address, if applicable), communication data (such as e-mail addresses, telephone & fax numbers, server-log files), contract data, data on claims and receivables as well as payment information and defaults in this respect, where applicable.

4. Data sharing

Your personal data will only be transferred to third parties, if

• you have given your explicit consent to it pursuant to Article 6, sub-section 1, sentence 1a), GDPR;
• it is necessary for the performance of contractual obligations pursuant to Article 6, sub-section 1, sentence 1b), GDPR;
• it is necessary for the compliance with a legal obligation in accordance with Article 6, sub-section 1, sentence 1c), GDPR;
• it is in the public interest in accordance with Article 6, sub-section 1, sentence 1e), GDPR or;
• it is necessary for the purposes of our legitimate interests or legitimate third-party interests pursuant to Article 6, sub-section 1, sentence 1f), GDPR, unless such interests are overridden by your own interests in the protection of your personal data.

5. Third-party recipients

It may well be possible that we have to transfer your personal data to third-party recipients, in order to enable us to deal with your requests in a satisfactory manner. In doing so, we shall always observe the requirements referred to in sub-section 4 hereof. Third-party recipients may be authorised dealers of Hako GmbH, where applicable.

6. Storage duration of personal data

We shall store your data as long as they are required for the purposes on which the relevant processing job is based. Besides, we shall store data only, if we are required to do so by law, e.g. on the basis of statutory retention and documentation obligations (arising from the [German] Commercial Code [HGB], the [German] Criminal Code [StGB] or the Fiscal Code of Germany [AO)] pursuant to Article 6, sub-section 1c, GDPR. We shall inform you about any storage periods deviating therefrom in the sub-sections on the specific processing jobs.

7. Rights of the data subject

In connection with the processing of your data you have the following rights:

(1)  Pursuant to Article 15 GDPR, the right to obtain information about your personal data stored and processed.

(2) Pursuant to Article 16 GDPR, the right to have incorrect personal data immediately rectified and to have incomplete personal data completed;

(3) The right to have stored personal data erased or restrict the processing of your personal data or object to the processing of your personal data (Article 17, 18 and 21 GDPR).      

(4)  If you have given your consent to your personal data being processed or have concluded a data processing contract and your data is processed by means of automated data processing methods, you may have the right to ensure data portability (Article 20 GDPR).

(5) Please address all requests for information, revocation of consent granted or requests to exercise your rights to the data protection officer mentioned under section 2. Should you wish to exercise your above mentioned rights, the responsible data protection officer shall verify the compliance with statutory requirements.

(6) The right to lodge a complaint with a supervisory authority. To do so, you may contact the supervisory authority at your place of residence or at the location of our company headquarters.

8. Automated decision-making

The automated decision-making will not be applied.

9. Information about the right to object

Pursuant to Article 21 GDPR, lodging an objection to the processing of your personal data based on Article 6, sub-section 1e) (data processing in the public interest) or 1f) (data processing for safeguarding legitimate interests on the basis of balancing the interests involved) is possible at any time. In the event of an objection, the personal data will no longer be processed, unless compelling legitimate grounds for the processing override the interests, rights and freedoms of the data subject or the processing of the data is required for establishing, exercising or defending legal claims.

Please address your objection to the e-mail address privacy@hako.com.

If you have given us your consent for the processing of personal data, you can withdraw this consent at any time. This shall, of course, also apply to any declarations of consent given to us before 25 May 2018 (before the GDPR came into effect). An objection can always take effect for the future only. The lawfulness of the data processing cannot be undone with retrospective effect.

Please address your objection to the e-mail address privacy@hako.com.

10. Supervisory authority

Here is the address of our competent supervisory authority:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Holstenstraße 98, 24103 Kiel,

Phone:            +49 431 988-1200, Fax: +49 431 988-1223

E-mail:             mail@datenschutzzentrum.de

Homepage:   www.datenschutzzentrum.de

The following sections provide information how your personal data are collected, processed and utilized, when you visit these Websites and use the services offered there.

1. Data security

We secure our Website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons with the help of suitable technical and organisational measures. However, the complete protection against all dangers is impossible, despite regular controls.

Our Website uses Secure Sockets Layer (SSL), the industry standard for encrypting data. This will ensure the confidentiality of your personal details when being transmitted via the Internet. You will recognize from the closed key or lock symbols on the display of your browser, whether the data transfer is encrypted or not.

2. Storage of access data

(1) Whenever our Internet presentation is accessed, access data will be stored in a log file on the server of our provider.

(2) This dataset may consist, as an example, of your IP address, the date and time of the request, the name of the file requested, the file set transmitted and the access status, a description of the Web browser and of the operating system used as well as the name of your Internet service provider.

(3) These data will be collected exclusively for technical reasons; they will be evaluated for statistical purposes only and without any reference to persons (number of visitors and page popularity). These data will be automatically erased after 14 days, at the latest.

3. Collection of personal data for informational use (cookies)

(1) If the Website is used for informational purposes only, i.e. if you do not register for the use of the Website or do not otherwise transmit information to us, we shall not collect any personal data, except the ones mentioned in section 2 hereof that have been transmitted by your browser to facilitate the visit of our Website technically.

(2) When using the Website, so-called cookies will be stored on your computer. Cookies are little text files saved on your hard disc as allocated by the browser used, so that certain information can be transmitted to the entity setting the cookie (in this case to us). Cookies can neither run programs nor transmit viruses to your computer. They merely help to make Internet offers more user-friendly and effective. We use cookies to enable us, as an example, to identify you on subsequent visits, should you have an account with us. Otherwise, you would have to log in anew at each visit.

(3) This Website uses cookies to the following extent:

4. Google Analytics (Tracking)

This Website uses Google Analytics, a Web analysis service of Google Inc. („Google“). Google Analytics uses so-called „cookies“, i.e. text files that are stored on your computer and that facilitate an analysis how you use this Website. The information generated by the cookie how you use this Website (including your IP address) will be transmitted to a server of Google in the US and stored there. Google will use this information to evaluate, how you use the Website, to compile reports about the Website activities for the Website operators and to render further services associated with the use of the Website and of the Internet. Google may also transfer this information to third parties, if this is required by law or if third parties process these data on behalf of Google. Under no circumstances will Google relate your IP address to other data of Google.

You can prevent the installation of the cookies by setting your browser software accordingly, although we must advise you that you may not be able to use all functions of this Website in such case to the full extent.

This Website uses Google Analytics with the extension _anonymizeIp(), which means that IP addresses can only be stored in a shortened format. This technique will generally exclude any direct reference to persons. A job processing contract with Google has been concluded in this respect.

Article 6, sub-section 1, sentence 1a, GDPR is the legal basis for the data processing activities. We process your data so as to make our Websites available to you in the most comfortable way, to adapt their functionality to the visitors’ requirements and to improve them continuously.

5. Contact form

When getting in touch with us by e-mail or by using the contact form, we shall store your e-mail address as well as your name and telephone number, if stated, in order to answer your questions.

You can send us an encrypted e-mail by using the contact form on our Website and state your request. This may concern questions about our company, our products or our services.

We would like you to enter certain personal data into our input mask, so that we can deal with your request. These are your name, your e-mail address and further details, such as the subject of your inquiry and your message text. Apart from filling in the mandatory fields, you may also provide additional and optional information, such as a postal address and/or a telephone number.

The information thus collected will enable us to deal with your request in the most comprehensive manner. It is understood that the data you have made available to us in this connection have been provided on a strictly voluntary basis.

The personal data transmitted to us in connection with the above information as well as the time of getting in touch with us will only be used for the purpose, for which you make these data available to us, especially for dealing with your request. The information made available to us will exclusively be used to deal with your request. The data transmitted to us will neither be used for any other purposes nor be passed on to any third parties without your express consent. An exception hereto are partner firms of Hako GmbH if they need to be involved in dealing with your inquiry, i.e. our suppliers, carriers as well as logistic and trading partners. If no statutory retention requirements exist, your personal data will be erased after the matter has been dealt with.

Article 6, sub-section 1, sentence 1b), GDPR is the legal basis for the processing of these data. We shall process your data to answer your inquiries.

6. Liability for links

Our pages contain links to external Websites of third parties, whose contents are beyond our control. We can therefore not be held liable for any such external contents, since only the provider of the linked pages or the page operator is always responsible for these contents. The linked pages have been examined at the time of establishing the link, so as to identify possible infringements of the law. Unlawful contents have not been identified at the time of establishing the link. However, a permanent control of the contents of the linked pages cannot be expected and is unreasonable without tangible evidence of an infringement of the law. If we become aware of such an infringement of the law, we shall immediately remove such links.

You can reach the Web shop of Hako Service GmbH via our homepage. Please refer to our Website http://www.hako-service.com/gmz_eng/index.php for more information about the registration, orders, the customer account and the data protection provisions.

With the following information, we wish to give you as user of our Hako-Fleet-Management Portal (hereinafter referred to as “Portal”) an overview of the processing of your personal data by us and of your rights under data protection law.

Who is responsible for the data processing, and who is my point of contact?

Responsible party in accordance with Art. 4 (7) EU General Data Protection Regulation (GDPR) is Hako GmbH, Hamburger Straße 209-239, 23843 Bad Oldesloe, Tel.: +49 4531 806-0, Telefax: +49 4531 806-338, Internet: www.hako.com (hereinafter referred to as “Hako”). Our external data protection officers can be contacted at privacy@hako.com or via our postal address with the addendum “Data protection officer”.

What sources and data do we use?

We process personal data that we receive during your use of the Portal. In addition, we merge existing contract data received from you with the usage data of the Portal, if necessary, in order to enable a contractual correlation. Data are not collected from any other sources.

As operators of the Portal, we also collect data that are automatically collected by our web servers, including

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (concrete page)
• Access status / HTTP status code
• Data volume transmitted in each case
• Website from which the request comes
• Browser
• Operating system and its user interface
• Language and version of the browser software

In order to enable user-friendly operation of our portal, we collect “cookies”, small text files that are stored on the user's computer and inform the system about previous website visits when the portal is used again. These cookies are not used for tracking. You can set your browser so that you are informed when cookies are set and can allow cookies only in individual cases, accept cookies for specific cases or generally exclude them, and activate automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

If you contact us by e-mail or via a contact form, the data you provide us with (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions.

We offer two special functions on the Portal. On the one hand the map service OpenStreetMap for location determination and display of the Hako products used, and on the other hand the Google service reCAPTCHA to differentiate between human and computer-controlled users. OpenStreetMap is operated as a map service by the Open Street Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. When using our portal, the user's IP address and other usage data are passed on to OSMF for location purposes. OpenStreetMap may also store cookies in your browser for this purpose. Please refer to the relevant data privacy statement for details of the data processing by OpenStreetMap (https://wiki.osmfoundation.org/wiki/Privacy_Policy). The Google service reCAPTCHA is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of reCAPTCHA is to check whether the data input on our portal (e.g. in a contact form) is made by a person or by an automated program. To do this, reCAPTCHA analyses the behaviour of the user on the basis of various characteristics. This analysis begins automatically as soon as the user accesses the Portal. Please refer to the Google Privacy Policy (https://policies.google.com/privacy?hl=de) and the Google terms of use (https://policies.google.com/terms?hl=de) for further information on the scope of functions. Please note when using the above two functions that the user’s IP address recorded when using our portal is regularly that of the customer’s company and not of a natural person, because the login to the portal is password-protected exclusively for our commercial customers.

Data categories: Relevant personal data are name, e-mail address or other identification data of the customer's employees registered as users, usage data with regard to Hako products (location of the vehicle used, travel times, sensor messages etc.), order data for processing via our online shop (object of purchase, price, customer contact person, delivery address, bank details etc.) as well as data on the use of our website (IP address, time of call, etc.).

What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for purposes of fulfilling the contract vis-à-vis our customers. The provision of the Portal and the processing of the data provided by the customer are performed by a processor in accordance with Art. 28 GDPR. For this purpose, a separate contract for order processing was concluded between Hako and the customer in which the details of the processing are specified. With respect to the automatic collection of usage data via our web server and the use of cookies, OpenStreetMap and reCAPTCHA, the data are collected in accordance with Art. 6 (1) line1 lit. f) GDPR on the grounds of our legitimate interests. Personal data of individual employees of our customers are also collected on the basis of this regulation when orders are placed via our online shop (e.g. in the box “Contact person”).

Who receives my data?

Within the company, departments requiring access to your data for the fulfilment of our contractual and legal obligations receive your data. Service providers and vicarious agents used by us may also receive data for these purposes if they have been specifically obliged to confidentiality and integrity. These are companies in the IT services, logistics or telecommunications categories.

With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations. We may only pass on information about our customers' employees if this is required by law, if the person concerned has given his/her consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example:

• Public bodies and institutions (e.g. tax authorities, criminal prosecution authorities) where there is a legal or official obligation,
• Companies for risk management on the grounds of legal or official obligations,
• Auditors, or
• Service providers that we use within the framework of contract processing relationships.

Personal data are not passed on to third parties with regard to general use of the Portal, automatic collection via web servers and the use of cookies. When using OpenStreetMap and reCAPTCHA, the specified usage data (e.g. IP address of the customer’s company) are passed on to the respective operators (see above). When orders are placed in our online shop, the forwarding of address data to transport companies is necessary, i.e. possibly also data on the customer's contact person. This disclosure takes place with regard to personal data of the respective users (regularly employees of our customers) on the basis of legitimate interests pursuant to Art. 6 (1) line 1 lit. f) GDPR.

Are data transmitted to a non-member state or to an international organisation?

As a matter of principle, data are not transferred to bodies in countries outside the European Union (non-member states or “third countries”). If OpenStreetMap does not offer any processing within the European Union after Brexit, Hako will receive appropriate guarantees from the operator OSMF in accordance with Article 44 et seq. GDPR (e.g. standard contractual clauses) or will discontinue the service.

How long are my data stored?

We process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations.

If the data are no longer required for the fulfilment of contractual or legal obligations, they are regularly deleted unless their – temporary – further processing is necessary for the following purposes:

• Compliance with commercial and tax retention obligations,
• German Commercial Code (HGB), German Tax Code (AO), German Money Laundering Act (GwG). The time limits for storage and documentation specified there are generally two to ten years.
• Preservation of evidence within the framework of the statutory statute of limitations. According to §§ 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular period of limitation is 3 years.

The usage data automatically collected by our web server (IP address, time of access, etc.) are deleted by us within one week. Cookies, including those set by OpenStreetMap, are deleted by you as a user by activating the cookie deletion function under the settings of your browser.

What data protection rights do I have?

Every data subject has the right of access in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right of objection in accordance with Art. 21 GDPR and the right to data portability in accordance with Art. 20 GDPR. The restrictions according to §§ 34 and 35 BDSG apply to the right of access and the right to erasure. In addition, there is a right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). The address can be found under the following link on the Internet: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Any consent given in exceptional cases to the processing of personal data may be revoked at any time. Please use our contact details at the top of this document.

Is there an obligation for me to provide data?

As part of our business relationship, you must provide us with the personal data necessary to establish, conduct and terminate a business relationship and to fulfil the associated contractual obligations, or which we are legally obliged to collect. Without these data, we will generally not be in a position to conclude, execute and terminate a contract with you.

To what extent does automated decision-making take place?

As a matter of principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR. Should we use these procedures in individual cases (e.g. to improve our products and services), we will inform you separately about this and about your rights in this regard, insofar as this is required by law. This also applies to profiling.

SSL or TLS encryption 

Our portal uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as Hako. An encrypted connection can be recognised from the fact that the address line of the browser changes from "http://" to "https://" and from the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

The registration portal https://www.hako-messe.com/en/ can be reached via our homepage, while the relevant data protection information can be found under https://www.hako-messe.com/en/privacy-policy/.

We make public videos available on a channel and they will be embedded there in the “extended data protection mode“. This means that no data will be transmitted to YouTube, before the videos are viewed. Once videos are clicked and viewed, data will be collected at YouTube, which lies beyond the influence of the controller of this Website.

For the data collection conditions when using YouTube please refer to Google's Privacy Policy and Terms of Service.

Our website uses a link to our social media site on Facebook. Facebook receives no information about your visit on our website. However, when you click on the link, you will be forwarded to Facebook. This is also when Facebook knows that you have visited our website.  

We have no knowledge of or any influence on the use or processing of your data by Facebook after using this link. Please refer to Facebook’s Privacy Policy for more information.

Our website uses links to our social media site on Linkedin by LinkedIn Ireland Unlimited Company. Linkedin receives no information about your visit on our website. However, when you click on the link, you will be forwarded to Linkedin. This is also when Linkedin knows that you have visited our website. 

We have no knowledge of or any influence on the use or processing of your data by Linkedin after using this link. Please refer to Linkedin’s Privacy Policy for more information.

Neben den allgemeinen Hinweisen zur Datenverarbeitung und den Hinweisen zur Verarbeitung Ihrer Daten auf der Homepage der Hako GmbH, beschreiben wir Ihnen im Folgenden, wie wir Ihre personenbezogenen Daten bei der Nutzung für Marketingmaßnahmen verarbeiten.

1. Zweck der Verarbeitung:

Verkaufsförderung auch von Produkten, von kooperativen Zusammenschlüssen.

2. Rechtsgrundlage:

•Art. 6, Abs. 1, S. 1, lit. f (wirtschaftliches Interesse) Direktwerbung. Die Verarbeitung personenbezogener Daten zum Zwecke der Direktwerbung wird als eine einem berechtigten Interesse dienende Verarbeitung betrachtet (EG 47 DSGVO)

•Art. 6, Abs. 1, S.1, lit. a Einwilligungen für Newsletterempfang

3. Kategorien personenbezogener Daten: Namen und Kontaktdaten von Kundinnen und Kunden der Hako GmbH, sowie deren Mitarbeitende

4. Empfänger der personenbezogenen Daten:

•interne Empfänger (andere Fachabteilungen, konzerninterne Weitergabe)

•externe Empfänger (z.B. Fa. Weed Concept GmbH, ggf. Werbeagenturen für Mailingaktionen oder andere Marketingmaßnahmen)

5. Regelfrist der Löschung: Ihre Daten werden nach den gesetzlichen Grundlagen zur Aufbewahrung nach den handelsrechtlichen Bestimmungen gespeichert. Interne Löschfristen sind über die zentrale Kundenverwaltung eingerichtet. Auftragsverarbeiter sind vertraglich verpflichtet, Datensätze nach der konkreten Verarbeitung zu löschen. 

Die Verarbeitung der dienstlichen Kontaktdaten ist unter anderem für Vertragsabschlüsse erforderlich. Ein Widerspruch der betroffenen Personen kann auch bei deren Arbeitgebern geltend gemacht werden.

Eine automatisierten Entscheidungsfindung (einschließlich Profiling gemäß Artikel 22 Absätze 1 und 4 DSGVO) kommt nicht zur Anwendung.