Datenschutz

I. Information on data protection

Thank you very much for your interest in our websites and the companies of the HYDAC group.

In the following privacy notices, we would like to inform you as to what data we process, and for what purpose we process such data, during your visit to our websites, apps, applications or other presences on the Internet.

If you would like to adjust your consent to the use of cookies, you can do this here:





II. Name and address of the responsible person

The controller in accordance with Art. 4 No. 7 GDPR is:

HYDAC International GmbH

Industriestr.

66280 Sulzbach/Saar

Germany

Tel.: +49 (0) 68 97 509-01

E-mail: info(at)hydac.com

Website: https://www.hydac.com

Data transfers outside the European Economic Area ("EEA")

Some of the recipients of your personal data are located outside the European Economic Area, where data protection laws may provide a different level of protection than the laws in your country. We will take necessary steps under applicable data protection law to ensure that transfers from the EEA are adequately protected.


By concluding appropriate safeguards based on the standard contractual clauses (2021/914/EU) pursuant to Art. 46 para. 2 lit. c) GDPR or by other appropriate means, which can be obtained on request from the contact information provided in section 2.7, We have ensured that all recipients located outside the EEA provide an adequate level of protection for personal data and that appropriate technical and organisational security measures are in place to protect such data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and against all other unlawful forms of processing. Any transfer (including to our affiliated companies outside the EEA) is subject to the relevant legal requirements.


Transfer of data to the U.S.: EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework (DPF) (2024 Feb)


The HYDAC companies comply with the EU-U.S. Agreement, the UK Extension to the EU-U.S. Agreement and the Swiss-U.S. Privacy Framework.

For more information, please visit the U.S. Department of Commerce's Data Privacy Framework website. https://www.dataprivacyframework.gov/s/


The personal data that HYDAC collects may be stored and processed in various countries, including the United States. As a rule, it is stored in Germany.

We transfer personal data from the European Economic Area, the United Kingdom and Switzerland to other countries. Some of these countries do not have the same data protection laws as in the European Union. In such cases, we use legal agreements to ensure that your data is protected.


The HYDAC companies based in the U.S., which are listed by us in our self-certification statement (link coming soon), also adhere to the data protection principles.

As part of the transfer of data within the HYDAC companies to the U.S., we send it to our affiliated companies (HYDAC Technology Corporation, Schroeder Industries LLC).


HYDAC complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Switzerland-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce.

HYDAC has determined that we adhere to the EU-U.S. Privacy Framework Principles with respect to the processing of personal data transferred from the European Union pursuant to the EU-U.S. Data Privacy Framework and the United Kingdom (including Gibraltar) pursuant to the UK Extension of the EU-U.S. Data Privacy Framework.


HYDAC has also certified that it adheres to the principles of the Switzerland-U.S. Data Privacy Framework with respect to the processing of personal data transferred from Switzerland pursuant to the Switzerland-U.S. Data Privacy Framework. We are controller for the processing of personal data we receive and transfer to third parties acting on our behalf under the Data Privacy Framework. Under the Data Privacy Framework, we will be liable if our agent processes your personal data in a manner inconsistent with the Data Privacy Framework, unless we can prove that we are not responsible for the damage.


If there is any conflict between the terms of this Privacy Policy and the principles of the EU-U.S. Data Privacy Framework and/or the Switzerland-U.S. Data Privacy Agreement, the principles shall govern. For more information about the Data Privacy Framework and our certification, please visit the U.S. Department of Commerce website.


If you have any questions or complaints regarding our participation in the Data Privacy Framework, you may contact us by email at privacy@hydac.com. For complaints that cannot be resolved directly by us, we will work with the appropriate data protection authorities. Disputes with UK citizens will be resolved by the UK Information Commissioner. Conflicts with Swiss citizens will be resolved in cooperation with the Federal Data Protection and Information Commissioner (FDPIC). If you require contact information for data protection authorities, please contact us. As described in the Privacy Policy, there is a binding arbitration procedure for complaints that cannot be resolved in any other way. HYDAC is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission (FTC).


Further information on the DPF can be found here:

  • EU Data Protection Authorities (DPAs) https://edpb.europa.eu/about-edpb/board/members_en
  • UK Information Commissioner's Office (ICO) https://ico.org.uk/make-a-complaint/uk-extension-to-the-eu-us-data-privacy-framework-complaints-tool/
  • Swiss Federal Data Protection and Information Commissioner (FDPIC) https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt/kontaktformular_uebrige.html

III. Contact details of the data protection officer

We have appointed a data protection officer for our company.

The joint data protection officer of the companies of the HYDAC group can be reached at:


Central Data Protection Department

66280 Sulzbach/Saar

Germany

Telephone: +49 (0) 68 97 / 509 01

E-mail: datenschutz(at)hydac.com

IV. General information on data processing

1. Scope of data processing

As a rule, we process the data of our website users only to the extent required to provide a functioning website along with its contents and services. The user data are processed pursuant to the legal bases and only for the purposes defined by us in advance.

2. Legal bases for the processing of data

HYDAC processes the data in compliance with the provisions of the GDPR.

Consent

Insofar as we obtain consent from the data subject for the processing of data, Art. 6(1) sentence 1 (a) of the GDPR provides the legal basis.

Performance of a contract or implementation of pre-contractual measures

Art. 6(1) sentence 1 (b) of the GDPR provides the legal basis for processing any data required to perform a contract to which the data subject is a party. It also serves as the basis for processing data required to implement pre-contractual measures.

Legal obligation

Insofar as processing of data is necessary to fulfil a legal obligation to which our company is subject, Art. 6(1) sentence 1 (c) of the GDPR in conjunction with the national regulation pursuant to Art. 6(3) of the GDPR provides the legal basis.

Legitimate interest

If processing the data is necessary to safeguard the legitimate interests of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not override the aforementioned interests, Art. 6(1) sentence 1 (f) of the GDPR serves as the legal basis for the data processing.

3. Data erasure and storage duration

The data of the data subject are erased or the processing of the data is restricted as soon as the purpose for processing the data no longer applies. The data can be also be stored if such storage is provided for by European or national legislators in regulations, laws or other rules under Union law to which the data controller is subject. In addition, the data processing is restricted or the data are erased when the storage period stipulated under the aforementioned standards expires, unless a need exists to store the data for a longer period of time to conclude or perform a contract.

V. Rights of the data subject

If your data are processed, then you are the data subject pursuant to the GDPR and you have the following rights with regard to the data controller:

1. Right of access pursuant to Art. 15 of the GDPR

You may request the data controller to confirm if we are processing any data relating to you.

If we are processing your data, you may request the following information from the data controller:

  • the purposes for which the data are processed;
  • the categories of the data which are processed;
  • the recipients or the categories of recipients to whom data relating to you have been disclosed or will be disclosed;
  • the scheduled duration of the storage of your data or, if it is not possible to provide specific information on this matter, criteria for specifying the storage duration;
  • the existence of a right of rectification or erasure of data relating to you, right of restriction of the processing of the data by the controller or right of objection to this processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • any available information regarding the origin of the data if the data are not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) of the GDPR and - at least in these cases - any meaningful information on the logic involved as well as the consequences and the desired effects of such processing for the data subject.

You are entitled to request information on whether your data are transferred to a third country or to an international organisation. In this context, you may request notification regarding the appropriate guarantees pursuant to Art. 46 of the GDPR in connection with such transfer.

2. Right to rectification

If the processed data relating to you are incorrect or incomplete, you have the right to obtain from the data controller the rectification and/or completion of the data. The data controller must rectify the data without delay.

3. Right to restriction of processing

You may request the restriction of the processing of the data relating to you under the following conditions:

  • if you contest the accuracy of your data for a period of time that allows the data controller to verify the accuracy of the data;
  • the processing of the data is unlawful and you oppose the erasure of the data and instead request restricted use of the data;
  • the data controller no longer needs the data for the purpose of the processing, but you require them to assert, exercise or defend legal claims, or
  • if you have filed an objection to the processing of the data pursuant to Art. 21(1) of the GDPR and it is not yet determined whether the legitimate grounds of the data controller override your grounds.

If the processing of these data relating to you is restricted, these data - with the exception of their storage - are permitted to be processed only with your consent or to assert, exercise or defend any legal claims or protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the processing of the data is restricted in accordance with the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to erasure

a. Obligation of erasure

You may demand that the data controller erase your data without delay, and the data controller is required to erase these data without delay if one of the following reasons applies:

  • Your data are no longer required for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent to the processing of the data pursuant to Art. 6(1) sentence 1 (a) or Art. 9(2)(a) of the GDPR and no other legal basis for processing the data exists.
  • You file an objection to the processing of the data pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for processing the data, or you file an objection to the processing of the data pursuant to Art. 21(2) of the GDPR.
  • Your data were processed unlawfully.
  • It is necessary to delete your data to comply with a legal obligation under the Union law or the law of the Member States to which the data controller is subject.
  • Your data were collected in relation to the information society services offered pursuant to Art. 8(1) of the GDPR.

b. Disclosure of information to third parties

If the data controller has made your data public and is required under Art. 17(1) of the GDPR to erase such data, then the data controller, taking account of the available technology and the cost of implementation, will take appropriate measures, including technical measures, to inform data controllers responsible for processing the data that you, as the data subject, have requested the data controllers to erase all links, copies or replication of these data.

c. Exceptions

The right to erasure does not exist if it is necessary to process the data

  • to exercise the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing of the data under the Union law or the law of the Member States to which the data controller is subject, or for the performance of a task which is in the public interest or in the exercise of official authority vested in the data controller;
  • for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and also Art. 9(3) of the GDPR;
  • for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) of the GDPR if the right referred to under Section a is likely to render impossible or seriously impair the achievement of the objectives of processing these data, or
  • for the assertion, exercise or defence of legal claims.

5. Right to notification

If you have asserted the right to rectification, erasure of the data or restriction of the processing of the data to the data controller, the data controller is required to notify all the recipients to whom your data was disclosed of the rectification or erasure of the data or the restriction of the processing of the data, unless this proves impossible or involves disproportionate effort.

You have the right to be notified of these recipients by the data controller.

6. Right to data portability

You have the right to receive your data which you have provided to the data controller in a structured, commonly used and machine-readable format. You also have the right to transfer these data to another data controller without hindrance from the data controller to whom the data were provided, insofar as

  • the processing of the data is based on consent pursuant to Art. 6(1) sentence 1 (a) or Art. 9(2)(a) of the GDPR or on a contract pursuant to Art. 6(1) sentence 1 (b) of the GDPR and
  • the data are processed by automated means.
  • In the exercise of this right, you also have the right to have the data transferred directly from one data controller to another, provided that this is technically feasible. The freedoms and rights of other persons may not be prejudiced by this.

The right to data portability does not apply to the processing of the data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the data controller.

7. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of data relating to you which is based on Art. 6(1) sentence 1 (e) or (f) of the GDPR, including profiling based on these provisions.

The data controller no longer processes the data relating to you unless the data controller can demonstrate compelling legitimate grounds for processing the data which override your interests, rights and freedoms, or the processing of the data serves to assert, exercise or defend legal claims.

If data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your data for the purposes of such marketing, including for profiling if it is related to such direct marketing.

If you object to the processing of the data for purposes of direct marketing, then your data will no longer be processed for these purposes.

In the context of the use of information society services - regardless of Directive 2002/58/EC - you have the option of exercising your right to object by automated means using technical specifications.

8. Right to withdrawal of declaration of consent under the data privacy law

You have the right to withdraw your declaration of consent under the data privacy law at any time. The withdrawal of consent does not affect the lawfulness of the processing of the data based on the consent before it is withdrawn.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based exclusively on automated processing - including profiling - which produces legal effects concerning you or significantly affects you in a similarly negative manner. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and the data controller,
  • is authorised under the laws of the Union or the Member States to which the data controller is subject and these laws include appropriate measures for safeguarding your rights, freedoms and legitimate interests or
  • is taken with your explicit consent.

However, these decisions may not be based on special categories of data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to safeguard the rights, freedoms and your legitimate interests.

With regard to the first two alternatives, the data controller takes appropriate measures to safeguard rights, freedoms and your legitimate interests, including at least the right to obtain human intervention from the data controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you or your workplace are located or the place of the alleged infringement, if you are of the opinion that the processing of your data represents an infringement of the GDPR.

The supervisory authority with which the complaint was lodged shall notify the complainant regarding the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.


You have the option of preventing the actions that you perform here being analysed and linked. This will protect your privacy but will also prevent the owner from learning from your actions and improving the usability for you and other users.

Your visit to this website is currently recorded by Matomo Your visit to this website is currently recorded by Matomo web analytics. Deselect this checkbox to opt out.

VI. Provision of the website and creation of log files

1. Description and scope of data processing

If the website is used for information purposes only, i.e. if you do not register or otherwise transfer any information to us, we collect only the data transferred to our server from your browser. If you would like to view our website, we collect the following data which we require for technical reasons to display our website and to ensure its stability and security.

The following data are processed:

  • Information on the type of browser and the version used
  • The user's operating system
  • The user's Internet service provider
  • The user's IP address
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Websites the user's system accesses via our website

The data are also stored in our system's log files. These data are not stored together with the user's other data.

2. Legal basis for data processing

The safeguarding of legitimate interests pursuant to Art. 6(1) sentence 1 (f) of the GDPR provides the legal basis for the necessary collection and temporary storage of the data.

3. Purpose of the data processing

The collection and temporary storage of the data by the system are necessary to facilitate the delivery of the website to the user's computer.

These purposes also include our legitimate interests in processing the data pursuant to Art. 6(1) sentence 1 (f) of the GDPR.

4. Duration of storage

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. If the data are collected to provide the website, this is the case when the individual browser is closed.

5. Possibility of objection and elimination

The collection of the data to provide the website and the storage of the data in log files is essential to the operation of the website. Consequently, the user does not have the possibility of filing an objection pursuant to Art. 21 of the GDPR

VII. External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website are saved on the hoster's servers. This may involve above all IP addresses, contact queries, metadata and communication data, contract data, contact data, name, website access and other data that are generated via a website.

The hoster is used for the purposes of contract fulfilment vis-à-vis our potential and our existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast and efficient provision of our online offer on the part of a professional provider (Art. 6(1)(f) GDPR).

Our hoster will process your data only insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions in relation to these data.

We use the following hoster:

maxcluster GmbH

Technologiepark 8

33100 Paderborn

info@maxcluster.de

Data processing

We have concluded a data processing contract with the above-named provider. This is a contract prescribed by data protection law that ensures that the provider process the personal data of visitors to our website only in accordance with our instructions and in compliance with the GDPR.

VIII. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the website operator, this site uses SSL or TLS encryption. You can identify an encrypted connection from the padlock icon in the address bar of your browser and the fact that the "http://" in your browser bar changes to "https://".

If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after concluding a contract for which a fee applies, you are obliged to send us your payment data (e.g. account number for direct debit authorisation), these data will be used for processing the payment.

Payment transactions using standard means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can identify an encrypted connection from the padlock icon in the address bar of your browser and the fact that the "http://" in your browser bar changes to "https://".

In the case of encrypted communication, the payment data that you transmit to us cannot be read by third parties.

IX. Matomo

1. Description and scope of data processing

On some of our web pages, we use the open-source software tool Matomo to analyse our users' surfing behaviour. The software places a cookie on the user's computer (for information on cookies, see above). The following data are saved when the individual pages of our website are opened:

  • Two bytes of the IP address of the user's system accessing the site
  • The website opened
  • The website from which the user accessed the website opened (referrer)
  • The sub-pages opened from the website accessed
  • The length of stay on the website
  • Frequency of visits to the website
  • Information on the type of browser and the version used
  • The user's operating system
  • The user's Internet service provider

The software runs exclusively on our website servers. The data are stored exclusively there. The data are not passed on to third parties.

The software is configured not to store full IP addresses, instead masking 2 bytes of the IP address (e.g.: 192.168.xxx.xxx). This renders attribution of the truncated IP to the accessing computer impossible.

2. Legal foundation for data processing

The legal basis for the processing of the users' data is the consent pursuant to Art. 6(1) sentence 1 (a) GDPR.

3. Purpose of the data processing

Processing user data allows us to statistically analyse user behaviour for optimisation and marketing purposes. Analysing the data obtained enables us to compile information on the use of individual components of our website. That helps us improve our website and its user friendliness.

Data are only processed with express consent from the user. Anonymisation of the IP address takes the user's interest in protecting his or her data sufficiently into account.

4. Duration of storage

The data are deleted as soon as they are no longer required for our statistical recording purposes.

5. Possibility of objection and elimination

Cookies are stored on the user's computer and sent from there to our page. As a result, you have full control over the use of cookies as a user. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all the functions it offers to their full extent.

On our website, users can opt out of the analytics process. To do so, follow the corresponding link. This sets another cookie on your system, which tells our system not to save the user's data. If the user deletes the corresponding cookie on his or her own system, he or she must set the opt-out cookie again.

For further details on the privacy settings of the Matomo software, see the following link: https://matomo.org/docs/privacy/ .

X. Google Analytics and Google Tag Manager

1. Description and scope of data processing

On some of our web pages, we use the web tracking service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Analytics"). As part of the web tracking, Google Analytics uses cookies which are saved on your computer and allow your use of the website and your surfing behaviour to be analysed (tracked). We perform these analyses on the basis of Google Analytics' tracking service in order to continuously optimise our online offering and improve its accessibility. Data are sent to servers of Google Ireland Limited in connection with the use of our website, in particular your IP address and your user activities. We perform these analyses on the basis of Google's tracking service in order to continuously optimise our online offering and improve its accessibility. We also require web tracking for security reasons. The web tracking allows us to track whether third parties are attacking our website. The information provided by the web tracker allows us to take effective countermeasures and protect the personal data we process from these cyber attacks. Activating IP anonymisation in the Google Analytics tracking code for this website causes Google Analytics to anonymise your IP address before it is transferred. This website uses a Google Analytics tracking code that includes the operator gat._anonymizeIp(); so that IP addresses can only be collected in anonymous form (IP masking).

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to incorporate tracking or statistics tools and other technologies into our website. Google Tag Manager does not create any user profiles itself, does not save any cookies and does not perform any independent analyses. Its only purpose is the management and utilisation of the tools that it has been used to incorporate. Google Tag Manager does, however, collect your IP address, which can also be sent to the parent company of Google in the United States.

The use of the Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in rapid and straightforward incorporation and management of various tools on its website. If corresponding consent has been asked for, the processing is performed exclusively on the basis of Art. 6(1) (a) GDPR; this consent can be withdrawn at any time.

Browser plug-in

You can prevent Google from collecting and processing your data by downloading the browser plug-in available at the following link and installing it: https://tools.google.com/dlpage/gaoptout?hl=de.

More information on how Google Analytic deals with user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Data processing

We have concluded a contract with Google for data processing and fully implement the strict requirements of the German data protection authorities in the use of Google Analytics.

Google Analytics E-Commerce Measurement

This website uses the "E-Commerce Measurement" feature of Google Analytics. The website operator can use E-Commerce Measurement to analyse the buying behaviour of the website visitor to improve its online marketing campaigns. Information is collected such as the orders placed, average order values, shipping costs and the time from viewing a product to purchasing it. Google can then group these data under one transaction ID that is linked to the particular user or the user's device.

Storage duration

Data stored by Google at user and incident level that are linked with cookies, user identification features (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised/erased after 14 months. Related details are available at the following link: https://support.google.com/analytics/answer/7667196?hl=de

2. Legal foundation for data processing

The legal basis for the data processing is your provision of consent in our information banner in relation to the use of cookies and web tracking pursuant to Art. 6(1) sentence 1 (a) GDPR.

The transmission of data to the US is based on the standard contractual clauses of the EU Commission. Details are available here: https://privacy.google.com/businesses/controllerterms/mccs/.

3. Purpose of the data processing

On behalf of us, Google uses this information to evaluate your visit to this website, compile reports on the website activities and provide us with other services relating to website and Internet use. We also require web tracking for security reasons. The web tracking allows us to track whether third parties are attacking our website. The information provided by the web tracker allows us to take effective countermeasures and protect the personal data we process from these cyber attacks.

4. Duration of storage

Google will store the data relevant to the provision of the web tracking for as long as necessary to fulfil the booked web service. The collection and storage of data is performed in an anonymised way. If the data are traceable to a particular person, the data will be erased without delay, provided that no statutory retention requirements apply. In any case, the data are erased after expiry of the retention requirement.

5. Possibility of objection and elimination

You can prevent your personal data (in particular your IP address) from being collected and forwarded to Google and processed by Google by deactivating the execution of script code in your browser or activating your browser's "Do Not Track" setting. Furthermore, you can prevent Google from collecting and processing the data generated by the Google cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available via the following link (http://tools.google.com/dlpage/gaoptout?hl=de). The security and data protection policies of Google are available at https://policies.google.com/privacy?hl=de.

XI. Contact form and e-mail contact

1. Description and scope of data processing

Our websites provide a contact form which can be used to contact us electronically. If a user chooses this option, the data entered on the input screen are transmitted to us and stored.

Among others, the following data are processed:

  • First name and surname
  • E-mail address
  • Telephone number
  • Address
  • Company
  • Enquiry text

The following data are also processed when the message is sent:

  • The user's IP address
  • Date and time of registration

As part of the sending process, your consent is obtained for the processing of the data and reference is made to this privacy policy.

Alternatively, it is possible to contact us using the e-mail address provided. If this is the case, then the user data transmitted with the e-mail are stored.

The data are not disclosed to third parties in this connection. The data are used solely to process the conversation.

2. Legal basis for data processing

Art. 6(1) sentence 1 (a) of the GDPR provides the legal basis for processing the data with the user's consent.

Art. 6(1) sentence 1 (f) of the GDPR provides the legal basis for the processing of data that are transmitted when an e-mail is sent.

If the purpose of contacting us by e-mail is to conclude a contract, then Art. 6(1) sentence 1 (b) of the GDPR forms an additional legal basis for processing the data.

3. Purpose of the data processing

We process the data from the input screen only to process the contact. Contact by e-mail also falls within the required legitimate interest regarding the processing of the data.

Any other data processed when the e-mail is sent is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the data from the input screen of the contact form and the data which were sent by e-mail once the individual conversation with the user has been ended or concluded. The conversation is ended when the circumstances indicate that the matter involved has reached a final conclusion.

5. Possibility of objection and elimination

The user has the option at any time of withdrawing consent to the processing of the data. The user can object to the storage of his or her data by sending us an e-mail. The conversation cannot be continued in such cases.

The objection may be filed at any time to the authority mentioned in Point I with future effect.

In this case, any data stored when the user contacts us are erased.

XII. Application procedure

1. Description and scope of data processing

An application portal hosted by a service provider is used to submit applications. The following application portals are available for this purpose:

  • https://karriere.hydac.com/de/karriere-bei-hydac.html
  • https://ausbildung.hydac.com/
  • https://recruitingapp-2620.umantis.com/Vacancies/InitiativeApplication/1
  • https://recruitingapp-2620.umantis.com/Jobs/1?lang=ger&CompanyID=1&Reset=G

Among others, the following data are processed:

  • Form of address
  • First name and surname
  • E-mail address
  • Password
  • Telephone number
  • Mobile number
  • Address
  • Application documents and other documents
  • Company division
  • Comment text
  • LinkedIn profile
  • Xing profile

Furthermore, cookies of the company Haufe-Lexware GmbH & Co. KG are used. A list of the cookies used can be accessed under the following link: https://de.onlinehelp.umantis.com/index.php/Cookies

2. Legal basis for data processing

Data processing is required for the decision on whether to enter into an employment relationship. The legal foundation for processing the data is Art. 6(1) sentence 1 (b) GDPR, Art. 88(1) GDPR in conjunction with section 26(1) German Data Protection Act (BDSG) or Art. 88(1) GDPR in conjunction with national law.

If a rejected applicant has agreed to further saving of their data, the legal foundation is Art. 6(1) sentence 1 (a) of the GDPR (in conjunction with section 26(2) BDSG).

3. Purpose of the data processing

The purpose of data processing is application management. The data are required to complete the application procedure.

4. Duration of storage

The applicant data are erased six months after the end of a specific recruitment procedure, unless the applicant is hired or has in advance explicitly stated that they wish their data to be erased. If the applicant is also simultaneously involved in further recruitment procedures, the erasure of the applicant data is based on the conclusion of the recruitment procedure that is the last to end.

Applicant data from speculative job applications are erased six months after notification of a lack of vacancies within the HYDAC group.

Entering and storing applicant data in the talent/applicant pool for the purpose of checking for future recruitments is only performed where agreement has been given by the applicant specifically for this purpose and results in the applicant data being erased 12 months after the last contact, unless the applicant is hired or explicitly agrees to the applicant data being updated and stored for a longer period.

5. Possibility of objection and elimination

The applicant has the option at any time of withdrawing consent to the processing of the data. The objection can be submitted in writing or by e-mail to the office stated in Point I with future effect. The objection can also be submitted directly to the Human Resources department of the HYDAC group at HYDAC Verwaltung GmbH at personal@hydac.com.

XIII. Sending advertising

1. Description and scope of data processing

To receive the newsletter offered on our website, you can use this form to subscribe. We use the so-called double opt-in procedure. This involves a confirmation e-mail first being sent to the e-mail address you provided, asking you to confirm. The subscription only comes into effect once you have clicked the activation link in the confirmation e-mail. We will use the data you have sent to us exclusively for sending the newsletter, which may contain information or offers. Furthermore, we send the newsletter to our existing customers under section 7(3) German Act Against Unfair Competition (UWG).

We use the Mailingwork tool to send our newsletter. Your data are therefore sent to Mailingwork GmbH. Mailingwork GmbH is prohibited from processing your data for any purposes other than sending the newsletter. Disclosing or selling your data is not permitted. Mailingwork is a German certified newsletter software provider whose servers are located exclusively in Germany.

Among others, the following data are processed:

  • First name and surname
  • E-mail address

The following data are also processed when the message is sent:

  • The user's IP address
  • Date and time of registration

As part of the sending process, your consent is obtained for the processing of the data and reference is made to this privacy policy.

Alternatively, it is possible to contact us using the e-mail address provided. If this is the case, then the user data transmitted with the e-mail are stored.

2. Legal basis for data processing

Art. 6(1) sentence 1 (a) of the GDPR provides the legal basis for processing the data with the user's consent.

Art. 6(1) sentence 1 (f) of the GDPR provides the legal basis for the processing of data that are transmitted when an e-mail is sent.

The safeguarding of legitimate interests pursuant to Art. 6(1) sentence 1 (f) of the GDPR in conjunction with section 7(3) German Act Against Unfair Competition (UWG) provides the legal basis for the processing of the data in connection with the sending of the newsletter to existing customers.

3. Purpose of the data processing

We process the data from the input screen only to send our newsletter.

Any other data processed when the e-mail is sent is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the data from the input screen of the contact form and the data which were sent by e-mail once the individual conversation with the user has been ended or concluded. The conversation is ended when the circumstances indicate that the matter involved has reached a final conclusion.

5. Possibility of objection and elimination

The user has the option at any time of withdrawing consent to the processing of the data. The user can do this by using the unsubscribe link that is located at the bottom of each e-mail. The user can also declare their withdrawal by sending us an e-mail. If the balancing of interests is applied, the data subject can object to the processing of their personal data at any time.

The withdrawal and the objection may be filed at any time to the authority mentioned in Point I with future effect. In this case, any data stored in the course of sending the newsletter are erased.

Postal advertising

We use your address for sending postal advertising in compliance with all legal provisions.

The legal basis for this is our legitimate interest in direct advertising under Art. 6(1)(f) in conjunction with recital 47 GDPR. If corresponding consent has been asked for, the processing is performed exclusively on the basis of Art. 6(1) (a) GDPR; this consent can be withdrawn at any time. More specific provisions may be communicated to you in connection with the collection of data and take precedence over the present provision.

Your address remains with us until the purpose for the data processing no longer applies. If you assert a legitimate erasure request or withdraw your consent to postal advertising, your data will be erased unless we have other legally permissible grounds for saving your personal data (e.g. data retention periods under tax law or commercial law); in the latter case, the erasure will be performed once these grounds no longer apply.

We use the following service provider for the sending of our postal mailshots:

KERN GmbH

In der Kölling 7

66450 Bexbach

Data processing

We have concluded a data processing contract with the above-named provider. This is a contract prescribed by data protection law that ensures that the provider process the personal data of visitors to our website only in accordance with our instructions and in compliance with the GDPR

XIV. Use of cookies

1. Description and scope of data processing

We use cookies on various pages in order to make our website attractive to visitors and to allow the use of certain features. The so-called "cookies" are small text files which your browser can store on your computer. You may configure your browser based on your requirements to inform you when the cookies are set, to decide on the acceptance of the cookies on a case-by-case basis or to accept or reject the cookies. Cookies may be used for various purposes, including to detect whether your PC has already connected to a website once (permanent cookies) or to store the last viewed items (session cookies).

The following cookies are processed when the website is opened:

  • User language
  • Session cookie
  • Privacy cookie (CookiePolicy)

The following cookies are only processed when certain functions are used:

  • Query list
  • Contact form
  • Goods tag
  • For the login ID (only if the user logs into the system)
  • Mobile/desktop view
  • Openstreetmap error form

We use cookies to offer you a more comfortable user experience. Some elements of our website require the browser that accesses it to be identifiable even after the user exits the page.

The data processed in the cookies include the following:

  • Language settings
  • Log-in information
  • Data which are entered in forms

We use cookies on various pages in order to make our website attractive to visitors and to allow the use of certain features. The so-called "cookies" are small text files which your browser can store on your computer. You may configure your browser based on your requirements to inform you when the cookies are set, to decide on the acceptance of the cookies on a case-by-case basis or to accept or reject the cookies. Cookies may be used for various purposes, including to detect whether your PC has already connected to a website once (permanent cookies) or to store the last viewed items (session cookies).

{Cookie list}

{Cookie Button}

{Cookie Link}

2. Legal basis for data processing

The safeguarding of legitimate interests pursuant to Art. 6(1) sentence 1 (f) of the GDPR provides the legal basis for the processing of the data with the use of technically necessary cookies.

Art. 6(1) sentence 1 (a) of the GDPR forms the legal basis for processing data using cookies for analysis if the user has given consent for such use.

3. Purpose of the data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for the users. Some features on our websites cannot be offered without the use of cookies. These features require the browser to be recognised even after the user exits the page.

We require cookies for the following applications:

  • To remember search terms
  • To store the login ID
  • To store the user's session ID. That allows the user's query list to be preserved even after the browser is closed.
  • To save the contact data in the query list
  • To store the selected user language and country
  • To save whether the user is on the mobile website

The user data collected by means of technically necessary cookies are not used to create user profiles.

Analytics cookies are used to improve the quality of our website and our content. The analytics cookies show us how the website is used. In this way, we continuously optimise our site.

These purposes represent our legitimate interest in processing the data in accordance with Art. 6(1) sentence 1 (f) GDPR.

4. Duration of storage

The storage period depends on the cookie used.

Cookies that are processed when the website is opened:

  • User language and country: 90 days
  • Session cookie: After the browser is closed
  • Privacy cookie (CookiePolicy): 6 months

Cookies that are only processed when certain website functions are used:

  • Query list: 1 year
  • Contact form: 90 days
  • Goods tag: 1 year
  • In the login ID (only when the user logs into the system): The cookie is deleted after the website is closed
  • Mobile/desktop view: the cookie is deleted after the session
  • Openstreetmap error form: the cookie is deleted after the session

5. Possibility of objection and elimination

You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all the functions it offers to their full extent.

If you consented to the use of the analytics cookie and want to withdraw your consent, you can find this setting under hydac.com/privacy.

XV. Cookie-Management via OneTrust

1. Description and scope of data processing

We use OneTrust as a consent tool. With this data protection management software, we provide you with a legally compliant way to consent to cookies being saved and to withdraw your consent. Furthermore, the consent is documented as legal evidence and the setting of cookies is controlled technically. Cookies are used for this purpose that save your cookie settings on our web pages. This means that your cookie settings are retained the next time you visit our platforms, provided that you do not delete the cookies in the meantime. You can adjust your settings at any time. The software is operated by OneTrust as software as a service in the cloud.

Data processing

We have concluded a data processing contract with the above-named provider. This is a contract prescribed by data protection law that ensures that the provider process the personal data of visitors to our website only in accordance with our instructions and in compliance with the GDPR.

The following data are collected:

  • IP address: Technical provision of a GDPR-compliant cookie toolbar. Is not saved.
  • Pseudoanonymous browser ID: Stores whether consent has been given or withdrawn, categorised by groups/solutions, with specification of the time of change to enable legal documentation to be provided that consent has been given
  • If consent has been given: Information on browser, country, device type

2. Legal basis for data processing

The legal obligation pursuant to Art. 6(1) sentence 1 (c) GDPR in conjunction with section 15(3) German Broadcast Media Act (TMG) forms the legal basis for this.

3. Purpose of the data processing

  • Offering of consent for cookies
  • Documentation of the consent
  • Ensuring withdrawal of the consent
  • Control of the setting of cookies

4. Duration of storage

The data are erased after one year.

5. Possibility of objection and elimination

Objection is not possible.

XVI. Registration with our services

1. Description and scope of data processing

Users can register on our websites by entering their data. The data are entered in an input screen, sent to us and stored. The data are not disclosed to third parties.

Depending on the forms to be completed by the user, the data processed during the registration process include the following:

  • First name and surname
  • Address
  • E-mail address
  • Telephone number
  • Company

At the time of registration, the following data are also processed:

  • The user's IP address
  • Date and time of registration

As part of the registration, the user's consent to process these data is obtained.

2. Legal basis for data processing

Art. 6(1) sentence 1 (a) of the GDPR provides the legal basis for processing the data with the user's consent.

If registration is required to fulfil a contract in which the user is a contract party or to perform pre-contractual measures, the legal foundation for processing the data is Art. 6(1) sentence 1 (b) GDPR.

3. Purpose of the data processing

User registration is required for the provision of certain content and services on our website.

User registration may also be necessary to perform a contract with the user or to implement pre-contractual measures.

4. Duration of storage

The data are erased as soon as the user objects to the processing of the data.

5. Possibility of objection and elimination

As a user, you have the option of cancelling the registration at any time. You may have your data changed at any time.

The objection may be filed at any time to the authority mentioned in Point I with future effect.

If the data are required to perform a contract or to implement pre-contractual measures, early erasure of the data is possible only if such erasure is not contrary to the contractual or legal obligations.

XVII. eCommerce and payment providers

Processing data (customer and contract data)

We collect, process and use personal data only insofar as they are required to establish, define or modify the legal relationship (contract data). This is based on Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data concerning the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or to charge them for this use.

The collected customer data are erased after the order has been concluded or the business relationship has ended. Legal data retention periods remain unaffected.

Data transmission for contracts concluded for online shops, distributors and goods dispatch

If you order goods from us, we will forward your personal data to the transport company entrusted with the delivery and to the payment service provider commissioned with processing the payment. Data will only be disclosed that the service provider in question requires to fulfil its task. This is done on the basis of Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. If you have granted corresponding consent in accordance with Art. 6(1)(a) GDPR, we will forward your e-mail address to the transport company entrusted with the delivery so that this company can inform you of the delivery status of your order by e-mail; you can withdraw this consent at any time.

Data transmission for contracts concluded for services and digital content

We only send personal data to third parties if this is necessary in connection with contract fulfilment, for example to the credit institute commissioned with the payment processing.

No further transmission of data is performed, unless you have expressly agreed to the transmission. Your data will not be disclosed to third parties for advertising purposes, for example, without your express consent.

The basis for the data processing is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Payment services

We incorporate payment services from Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, The Netherlands, into our website. If you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purposes of payment processing. The individual contractual and data protection provisions of the individual provider apply for these transactions. The deployment of the payment service provider is based on Art. 6(1)(b) GDPR (contract fulfilment) and in the interest of making the payment process as smooth, convenient and secure as possible (Art. 6(1)(f) GDPR). If your consent is requested for certain actions, the legal basis for the data processing is Art. 6(1)(a) GDPR; consent can be withdrawn at any time with effect for the future.

We have concluded a contract with the payment service provider in accordance with Art. 28 GDPR.

We deploy the following payment services / payment service providers in connection with this website:

  • Immediate transfer

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich ("Sofort GmbH"). With the "immediate transfer" procedure, we receive confirmation of payment from Sofort GmbH in real time and can begin with the fulfilment of our obligations without delay. If you have chosen "immediate transfer" as payment method, you will send the PIN and a valid TAN to Sofort GmbH, which Sofort GmbH will use to log in to your online banking account. After logging in, Sofort GmbH automatically checks the account balance and uses the TAN you have sent to perform the transfer to us. It then sends us a transaction confirmation without delay. After the log-in, your account transactions, the credit limit of the overdraft facility and the presence of other accounts and their balances are checked automatically. In addition to the PIN and TAN, the payment data you have entered and personal data are also sent to Sofort GmbH. The personal data involved are first name and surname, address, phone number(s), e-mail address, IP address and possibly other data required to process the payment. These data need to be sent to determine your identity with 100% certainty and to prevent attempted fraud. Details on payment with immediate transfer are provided at the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

  • American Express

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany ("American Express").

American Express may send data to its parent company in the US. The transmission of data to the US is based on the Binding Corporate Rules. Details are available here: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/.

More information can be found in American Express's privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

  • Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium ("Mastercard").

Mastercard may send data to its parent company in the US. The transmission of data to the US is based on Mastercard's Binding Corporate Rules. Details are available here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

  • VISA

The provider of this payment service is Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, UK ("VISA").

The UK is designated as a safe third country in terms of data protection law. This means that the UK has a level of data protection that is equivalent to the level of data protection of the European Union.

VISA may transmit data to its parent company in the US. The transmission of data to the US is based on the standard contractual clauses of the EU Commission. Details are available here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

More information can be found in VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

XVIII. Audio and video conferencing

Data processing

For communication with our customers, we use online conference tools, among other things. The individual tools that we use are listed below. When you communicate with us in a video or audio conference call via the Internet, your personal data will be collected and processed by us and by the provider of the conference tool in question.

The conference tools collect all data that you provide/use to make use of the tool (e-mail address and/or your phone number). Furthermore, the conference tools process the duration of the conference call, start and end (time) of participation in the conference call, number of participants and other "contextual information" relating to the communication process (metadata).

In addition, the provider of the tool processes all technical data that are required for the execution of the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone and speaker and type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, this content will also be saved on the servers of the tool provider. Such content includes in particular cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of the service.

Please bear in mind that we do not have complete influence over the data processing procedures of the tools used. Our options are substantially dependent on the corporate policy of the provider in question. For further information on the data processing performed by the conference tools, please refer to the data policies of the tools used, which we have listed below this text.

Purpose and legal bases

The conference tools are used to communicate with potential or existing contractors or to provide specific services to our customers (Art. 6 (1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and speed up communication with us / our company (legitimate interest under Art. 6 (1)(f) GDPR). If consent has been asked for, the use of the tools in question is performed on the basis of this consent; the consent can be withdrawn at any time with effect for the future.

Storage duration

The data collected by us directly via the video and conference tools are erased from our systems as soon as you request their erasure, you withdraw your consent to storage or the purpose for storing the data no longer applies. Cookies that have been saved remain on your device until you delete them. Mandatory legal data retention periods remain unaffected.

We have no influence over the duration of storage of data saved by the operators of the conference tools for their own purposes. For details in this regard, please refer to the operators of the conference tools directly.

Conference tools used

We use the following conference tools:

  • TeamViewer

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen. Details on the data processing can be found in the privacy policy of TeamViewer: https://www.teamviewer.com/de/datenschutzerklaerung/.

Data processing

We have concluded a data processing contract with the above-named provider. This is a contract prescribed by data protection law that ensures that the provider process the personal data of visitors to our website only in accordance with our instructions and in compliance with the GDPR.

  • Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Details on the data processing can be found in the privacy policy of Microsoft Teams: https://privacy.microsoft.com/de-de/privacystatement.

Data processing

We have concluded a data processing contract with the above-named provider. This is a contract prescribed by data protection law that ensures that the provider process the personal data of visitors to our website only in accordance with our instructions and in compliance with the GDPR.

  • Webex

We use Webex. The provider of this service is Webex Communications Deutschland GmbH, Hansaallee 249 c/o Cisco Systems GmbH, 40549 Düsseldorf, Germany.

The possibility cannot be ruled out that the data processed by WebEx will be transmitted to third states (e.g. the US). Webex has Binding Corporate Rules (BCR) that have been approved by the Dutch, Polish, Spanish and other relevant European data protection regulation authorities. These rules are internal binding regulations that legitimise the internal data transmission to third countries outside the EU and the EEC. Details are available here: https://www.cisco.com/c/de_de/about/trust-center/data-protection-and-privacy-policy.html and https://konferenzen.telekom.de/fileadmin/Redaktion/conference/cisco-webex/Webex_Compliance_Deutsch_V1.0.pdf.

Details on the data processing can be found in the privacy policy of Webex: https://www.cisco.com/c/de_de/about/legal/privacy-full.html.

Data processing

We have concluded a data processing contract with the above-named provider. This is a contract prescribed by data protection law that ensures that the provider process the personal data of visitors to our website only in accordance with our instructions and in compliance with the GDPR

XIX. Google Ads

1. Description and scope of data processing

We use the services of Google Adwords to draw attention to our attractive offers on external websites by means of advertising material (so-called Google Adwords). We can determine how successful the individual advertising measures are on the basis of the advertising campaign data. In doing this, we are pursuing the interest of showing you advertising that is of interest for you, making our website more interesting for you and achieving a fair calculation of advertising costs. This advertising material is provided by Google via so-called "Ad Servers". Accordingly, we use Ad Server cookies that make it possible to measure certain parameters for measuring success, such as the displaying of the adverts or clicks performed by the user. If you access our website via a Google ad, Google Adwords will save a cookie on your PC. The data saved for this cookie as analysis values are generally the unique cookie ID, number of ad impressions per placement (frequency), most recent impression (relevant for post-view conversions) and opt-out information (marker indicating that the user would prefer not to be addressed in future).

2. Legal basis for data processing

The legal basis for the processing of the data is our legitimate interests pursuant to Art. 6(1) sentence 1 (f) GDPR.

3. Purpose of the data processing

In doing this, we are pursuing the interest of showing you advertising that is of interest for you, making our website more interesting for you and achieving a fair calculation of advertising costs.

4. Duration of storage

If you access our website via a Google ad, Google Adwords will save a cookie on your computer. These cookies generally become invalid after 30 days and are not intended to identify you personally. The data saved for this cookie as analysis values are generally the unique cookie ID, the number of ad impressions per placement (frequency), the most recent impression (relevant for post-view conversions) and opt-out information (marker indicating that the user would prefer not to be addressed in future).

5. Possibility of objection and elimination

You can object to the data processing at any time in accordance with Art. 21 GDPR. You can prevent participation in this tracking procedure in various ways: a) by configuring a corresponding setting in your browser software (in particular, suppressing third-party cookies will stop you from receiving adverts from third-party providers); b) by deactivating your cookies for conversion tracking, by configuring your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, although the setting will be deleted if you delete your cookies; c) by deactivating interest-based ads from providers that are part of the self-regulation campaign "About Ads" via the link http://www.aboutads.info/choices, although the setting will be deleted if you delete your cookies; d) through permanent deactivation in your Firefox, Internet Explorer or Google Chrome browser under the link http://www.google.com/settings/ads/plugin. Please be aware, however, that in this case you may not be able to use all of the functions of this online service to their full extent.

XX. Social media

Our social media presence

Data processing performed by social networks

We maintain publicly accessibly profiles in social networks. The individual social networks that we use are listed further below.

Social networks such as Facebook and Twitter are generally able to analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or ad banners). When you visit our social media presences, numerous processing procedures are triggered that are relevant to data protection. In particular:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can link this visit to your user account. Your personal data may, however, under some circumstances also be collected if you are not logged in or do not have an account with the particular social media portal. In this case, the data collection is performed on the basis of cookies, for example, that are saved on your device or by your IP address being collected.

The operator of the social media portal can use the data thus collected to create user profiles in which your preferences and interests are saved. In this way, interest-based adverts can be displayed to you inside and outside of the particular social media presence. If you have an account with the social network in question, the interest-based adverts can be displayed on all devices on which you are or have been logged in.

Please also be aware that we are not aware of all the processing procedures that take place on the social media portals. Depending on the provider, it is possible that further processing procedures will be carried out by the operators of the social media portals. For details in this regard, please refer to the terms of use and the data protection provisions of the individual social media portals.

Legal basis

Our social media presences are intended to ensure that our presence online is as extensive as possible. This is a legitimate interest under Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on alternative legal bases, which are to be specified by the operators of the social networks (Art. 6(1)(f) GDPR).

Controller and assertion of rights

When you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing procedures initiated by this visit. You can assert your rights (access, rectification, erasure, restriction of processing, data portability and complaints) fundamentally both against us and against the operator of the social media portal (e.g. against Facebook).

Please bear in mind that, despite having joint responsibility with the social media portal operators, we do not have complete influence over the data processing procedures of the social media portals. Our options are substantially dependent on the corporate policy of the provider in question.

Storage duration

The data collected by us directly via the social media presence are erased from our systems as soon as you request their erasure, you withdraw your consent to storage or the purpose for storing the data no longer applies. Cookies that have been saved remain on your device until you delete them. Mandatory legal data retention periods - in particular data retention periods - remain unaffected.

We have no influence over the duration of storage of data saved by the operators of the social networks for their own purposes. For details in this regard, please refer to the operators of the social networks directly (e.g. in their privacy policy - see below).

Social networks in detail

  • Facebook

We have a profile with Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected are transmitted to the US and other third countries.

We have concluded an agreement on joint processing with Facebook (Controller Addendum). This agreement specifies which data processing procedures are our responsibility and which are Facebook's responsibility when you visit our Facebook page. You can access this agreement under the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings in your user account independently. To do this, click the following link and log in: https://www.facebook.com/settings?tab=ads.

The transmission of data to the US is based on the standard contractual clauses of the EU Commission. Details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

More information can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

  • Twitter

We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can adjust your Twitter privacy settings in your user account independently. To do this, click the following link and log in: https://twitter.com/personalization.

The transmission of data to the US is based on the standard contractual clauses of the EU Commission. Details are available here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

More information can be found in Twitter's privacy policy: https://twitter.com/de/privacy.

  • Instagram

We have a profile with Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

The transmission of data to the US is based on the standard contractual clauses of the EU Commission. Details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

Details on how the company handles your personal data can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875.

  • XING

We have a profile with XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how the company handles your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

  • LinkedIn

We have a profile with LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The transmission of data to the US is based on the standard contractual clauses of the EU Commission. Details are available here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Details on how the company handles your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

  • YouTube

We have a profile with YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how the company handles your personal data can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de.

XXI. Facebook

1. Description and scope of data processing

HYDAC maintains a social media profile with the social network Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (so-called "fanpages"; https://www.facebook.com/HydacGroup/; https://www.facebook.com/HydacGroupDACH/). Please be aware that you make use of this Facebook page and its functions under your own responsibility. This applies in particular for the use of the interactive functions (e.g. commenting, sharing, liking).

When you visit our Facebook page, Facebook collects your IP address and other information, which is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information on the utilisation of the Facebook page.

Facebook provides more detailed information in this regard under the following link: http://de-de.facebook.com/help/pages/insights

The data collected about you in this context are processed by Facebook Ltd. and may be transmitted to countries outside the European Union. Facebook provides a general description of what information Facebook receives and how it is used in its data use policy. The policy also includes information on ways to contact Facebook and the setting options for advertising displays. The data use policy can be accessed under the following link: http://de-de.facebook.com/about/privacy

The complete data policy of Facebook can be accessed here: https://de-de.facebook.com/full_data_use_policy

Facebook has not stated conclusively and clearly in what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are linked to individual users, how long Facebook saves these data and whether data relating to a visit to a Facebook page are forwarded to third parties, and this is not known to us.

When you access a Facebook page, the IP address assigned to your device is sent to Facebook. According to information from Facebook, this IP address is made anonymous (in the case of "German" IP addresses). Furthermore, Facebook saves information on the devices of its users (e.g. in connection with the function "login notification"); it may therefore be possible for Facebook to link IP address to individual users.

If you are currently logged into Facebook as a user, there will be a cookie on your device with your Facebook ID. Facebook is therefore able to track that you have visited this page and how you have used it. This applies for all other Facebook pages. Facebook is able to used Facebook buttons incorporated into websites to log your visits to these websites and link them to your Facebook profile. These data can be used to provide content or advertisements that are tailored to suit you.

If you would prefer this not to happen, you should log out from Facebook or deactivate the function "remain logged in", delete the cookies on your device and close and restart your browser. In this way, Facebook information that would allow you to be identified directly will be deleted. This means that you can use our Facebook page without your Facebook ID being disclosed. When you access interactive functions of the page (like, comment, share, messages etc.), a Facebook login screen is displayed. If you log in, Facebook can once again identify you as a particular user.

Information on how you can manage or delete information relating to you can be found on the following Facebook support pages: https://de-de.facebook.com/about/privacy#

We, as the provider of the information service, do not process any further data resulting from your use of this service. An up-to-date version of this privacy policy can be accessed under "privacy" on our Facebook page.

More information on Page Insights

You can access the agreement with Facebook here: https://www.facebook.com/legal/terms/page_controller_addendum

Facebook provides a summary of the main content of this agreement (including the list of Page Insights data) here: https://www.facebook.com/legal/terms/information_about_page_insights_data

2. Legal foundation for data processing

If you have provided consent to Facebook with regard to the creation of the above-mentioned Page Insights, the legal basis for this is Article 6(1) sentence 1 (a) GDPR (consent). Otherwise, the legal basis is Article 6(1) sentence 1 (f) GDPR, where our legitimate interest is the above-mentioned purposes.

3. Purpose of the data processing

Our purpose is sharing our products and services on the social network. We, as the provider of the information service, do not collect or process any further data resulting from your use of this service.

4. Duration of storage

When you access a Facebook page, the IP address assigned to your devices is sent to Facebook. According to information from Facebook, this IP address is made anonymous (in the case of "German" IP addresses) and erased after 90 days. Furthermore, Facebook saves information on the devices of its users (in connection with the function "login notification", for example); it may therefore be possible for Facebook to link IP address to individual users.

5. Possibility of objection and elimination

You can prevent your personal data (in particular your IP address) from being collected and forwarded to Facebook and processed by Facebook by deactivating the execution of script code in your browser or activating your browser's "Do Not Track" setting. Furthermore, you can prevent Facebook from collecting and processing the data generated by the Facebook cookie and relating to your use of the website (including your IP address).

XXII. YouTube

1. Description and scope of data processing

HYDAC uses a YouTube channel that belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Please be aware that you make use of the YouTube channel offered here and its functions under your own responsibility. This applies in particular for the use of the "discussion" function. Information on what data Google processes and what purposes data are used for can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de&gl=de#infocollect

HYDAC has no influence on the type or scope of the data processed by Google, the type of processing or use or the forwarding of these data to third parties. Accordingly, HYDAC also has no effective ways to monitor this. By using Google, your personal data are collected, transmitted, saved, disclosed and used by Google and thus sent, regardless of where you are domiciled, to the United States, Ireland or any other country where Google does business, and saved and used there. Data are transmitted to companies associated with Google and other trustworthy companies or persons commissioned with processing these data by Google. Google processes, on the one hand, data you have entered voluntarily, such as your name and username, e-mail address and phone number. Google also processes content that you create, upload or receive from others while using the services. This includes, for example, photos and videos that you save, documents and spreadsheets that you create and comments that you make on YouTube videos. On the other hand, Google also evaluates the content you have shared to ascertain what topics you are interested in, saves and processes confidential messages that you send directly to other users and can determine your location on the basis of GPS data, information on your wireless network or your IP address in order to provide you with advertising and other content. For the evaluation, Google may use analytical tools such as Google Analytics. HYDAC has no influence on Google's use of such tools and has not been informed of such potential use. In the event of Google using such tools for HYDAC's YouTube channel, HYDAC has neither commissioned this nor supported it in any other way. The data obtained from the analysis are also not made available. HYDAC can only access certain data relating to the subscriber profiles via its account. Furthermore, HYDAC has no way of preventing or stopping the use of such tools on its YouTube channel. Ultimately, Google also receives information when you view content, for example, even if you have not created an account. These so-called "log data" may include the IP address, the browser type, the operating system, information on the previously visited website and the pages accessed by you, your location, your mobile phone provider, the device used by you (including device ID and application ID), the search terms you have used and cookie information. Options for limiting the processing of your data are available in the general settings of your Google account. In addition to these tools, Google also provides privacy settings specific to YouTube. More information in this regard is provided in Google's guide to data privacy in Google products: https://policies.google.com/technologies/product-privacy?hl=de&gl=de

More information on these points can be found in Google's privacy policy under "privacy settings": https://policies.google.com/privacy?hl=de&gl=de#infochoices

You can also use the Google privacy form to request information: https://support.google.com/policies/troubleshooter/7575787?visit_id=6370545323842 99914-2421490167&hl=de&rd=2

2. Legal foundation for data processing

When you communicate with us via YouTube, HYDAC also processes your data. The processing is carried out as part of our legitimate interest (Art. 6(1) sentence 1 (f) GDPR).

3. Purpose of the data processing

The recipient of the data is initially Google, whereby the data may be forwarded to third parties for Google's own purposes and under Google's responsibility. The recipient of publications is also the general public, i.e. potentially anyone. HYDAC does not collect any data via its YouTube channel itself. Incorporating YouTube videos into our website does not cause the IP addresses of the website visitor to be sent to Google. In particular, no tracking is performed on the website. The data you have entered when using YouTube, in particular your username and the content published under your account, are only processed by us insofar as we may respond to your publications under "discussions". Doing so incorporates the data freely published on and disseminated by you on YouTube into HYDAC's online offering and thus makes it accessible to its followers.

4. Duration of storage

Google will store the data relevant to the provision of the web tracking for as long as necessary to fulfil the booked web service. The collection and storage of data is performed in an anonymised way. If the data are traceable to a particular person, the data will be erased without delay, provided that no statutory retention requirements apply. In any case, the data are erased after expiry of the retention requirement.

5. Possibility of objection and elimination

You can prevent your personal data (in particular your IP address) from being collected and forwarded to Google and processed by Google by deactivating the execution of script code in your browser or activating your browser's "Do Not Track" setting. Furthermore, you can prevent Google from collecting and processing the data generated by the Google cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available via the following link (http://tools.google.com/dlpage/gaoptout?hl=de). The security and data protection policies of Google are available at https://policies.google.com/privacy?hl=de.

XXIII. Instagram

1. Description and scope of data processing

HYDAC maintains a social media profile with the social network Instagram (https://www.instagram.com/hydacgroup/; https://www.instagram.com/hydacgroup_dach/). Our website therefore uses social plug-ins ("Plug-ins") from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plug-ins are marked with an Instagram logo, for example in the form of an "Instagram camera".

When you access a page of our online presence containing such a plug-in, your browser establishes a direct connection to the servers of Instagram. The content of the plug-in is sent directly to your browser by Instagram and incorporated into the page. This connection informs Instagram that your browser has accessed the corresponding page of our online presence, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is sent by your browser directly to an Instagram server in the US and saved there. If you are logged into Instagram, Instagram is able to link the visit to our website directly to your Instagram account. If you interact with the plug-ins, for example by clicking the "Instagram" button, this information is also sent directly to an Instagram server and saved there. The information is also published on your Instagram account and shown to your contacts there. If you would prefer Instagram not to link data collected via our online presence directly to your Instagram account, you need to log out of Instagram before visiting our website. More information can be found in Instagram's privacy policy (https://help.instagram.com/155833707900388).

2. Legal foundation for data processing

If you have provided consent with regard to the above-mentioned creation, the legal basis for this is Article 6(1) sentence 1 (a) GDPR (consent). Otherwise, the legal basis is Article 6(1) sentence 1 (f) GDPR, where our legitimate interest is the above-mentioned purposes.

3. Purpose of the data processing

Our purpose is sharing our products and services on the social network. We, as the provider of the information service, do not collect or process any further data resulting from your use of this service.

4. Duration of storage

The data are erased as soon as the user objects to the processing of the data.

5. Possibility of objection and elimination

If consent has been given, the user has the option at any time of withdrawing consent to the processing of the data. A right to objection also applies in accordance with Art. 21 GDPR.

The objection and the withdrawal can be submitted in writing or by e-mail to the office stated in Point I with future effect.

XXIX. LinkedIn

1. Description and scope of data processing

HYDAC maintains a social media profile with the social network LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (https://www.linkedin.com/company/hydacgroup/about/). When our LinkedIn page is visited, LinkedIn will collect the user's personal data as controller. Such data collection on the part of LinkedIn can also take place in relation to visitors to this page/channel who are not logged in to or registered with LinkedIn.

HYDAC has no way of knowing what user data is collected by LinkedIn. Furthermore, HYDAC does not have comprehensive access to the collected data or your profile data. HYDAC can only see the public information of your profile. You can decide what specific data is made public in your LinkedIn settings.

If our page has a chat function, HYDAC uses your data during the use of the chat function in order to answer your query. The sales and customer support information thus collected is used to make contact with you in order to provide you with the desired information and offers.

HYDAC receives anonymous statistics from LinkedIn regarding the use and utilisation of the page on the basis of legitimate interest. The following information is provided:

  • Followers: Number of people following HYDAC - including growth and development over a defined time period.
  • Reach: Number of people who see a specific post. Number of interactions on a post. This can be used to determine what content is more popular with the community, for example.
  • Advert performance: How many people are reached by a post or a paid advertisement and have interacted with it?

HYDAC receives personal data via LinkedIn if you actively share these data with us in a personal message via LinkedIn. These data are used to respond to your concern in our customer support. You data are saved for this purpose. HYDAC also receives personal data via LinkedIn if you send data to us by using a form with fields pre-filled with data from your profile and actively send us the data by clicking a button.

2. Legal foundation for data processing

The legal basis that applies here is Art. 6(1) sentence 1 (f) GDPR.

3. Purpose of the data processing

We use these statistics, which do not allow us to identify individual users, to continuously improve our online service on LinkedIn and better respond to the interests of our users. We are not able to link the statistic data to the profile data of our fans. You can use your LinkedIn settings to decide in what form targeted advertising will be displayed to you.

4. Duration of storage

We only receive anonymous data from LinkedIn. We have no influence on the data collected and data processing procedures and we are not aware of the full extent of the data collection, the purposes of the processing or the retention periods. We also have no information regarding erasure of the collected data on the part of the provider. Information on the data collection and further processing on the part of LinkedIn can be found in LinkedIn's data protection guidelines (https://www.linkedin.com/legal/privacy-policy?_l=de_DE).

5. Possibility of objection and elimination

You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all the functions it offers to their full extent.

XXV. XING

1. Description and scope of data processing

HYDAC maintains a social media platform with the social network Xing of the operator New Work SE, Dammtorstraße 30, 20354 Hamburg (https://www.xing.com/pages/hydacinternationalgmbh). When our Xing page is visited, Xing will collect the user's personal data as controller. Such data collection on the part of Xing can also take place in relation to visitors to this page/channel who are not logged in to or registered with Xing.

HYDAC has no way of knowing what user data is collected by Xing. Furthermore, HYDAC does not have comprehensive access to the collected data or your profile data. HYDAC can only see the public information of your profile. You can decide what specific data is made public in your Xing settings.

If our page has a chat function, HYDAC uses your data during the use of the chat function in order to answer your query. The sales and customer support information thus collected is used to make contact with you in order to provide you with the desired information and offers.

HYDAC receives anonymous statistics from Xing regarding the use and utilisation of the page on the basis of legitimate interest. The following information is provided:

  • Followers: Number of people following HYDAC - including growth and development over a defined time period.
  • Reach: Number of people who see a specific post. Number of interactions on a post. This can be used to determine what content is more popular with the community, for example.
  • Advert performance: How many people are reached by a post or a paid advertisement and have interacted with it?

HYDAC receives personal data via Xing if you actively share these data with us in a personal message via Xing. These data (e.g. first name, surname, vehicle identification number) are used to respond to your concern in our customer support. You data are saved for this purpose. HYDAC also receives personal data via Xing if you send data to us by using a form with fields pre-filled with data from your profile and actively send us the data by clicking a button.

2. Legal foundation for data processing

The legal basis that applies here is Art. 6(1) sentence 1 (f) GDPR.

3. Purpose of the data processing

We use the statistics, which do not allow us to identify individual users, to continuously improve our online service on Xing and better respond to the interests of our users. We are not able to link the statistic data to the profile data of our fans. You can use your Xing settings to decide in what form targeted advertising will be displayed to you.

4. Duration of storage

We only receive anonymous data from Xing. We have no influence on the data collected and data processing procedures and we are not aware of the full extent of the data collection, the purposes of the processing or the retention periods. We also have no information regarding erasure of the collected data on the part of the provider. Information on the data collection and further processing on the part of Xing can be found in Xing's data protection guidelines (https://privacy.xing.com/de/datenschutzerklaerung).

5. Possibility of objection and elimination

You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all the functions it offers to their full extent.

TIMESTAMP