The following information is intended to provide you, as a "data subject", with an overview of the processing of your personal data by ourselves and of your rights under data-protection legislation. It is possible to use our Internet presence without entering your personal data. If you wish to take advantage of special services provided by our company via our Internet presence, processing of personal data may, however, become necessary. Where the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain consent from you. As the Controller for the processing of data, we have implemented numerous technical and organisational provisions to assure the most complete possible protection of personal data processed via this Internet site. Internet-based data transfers can nonetheless in principle contain security deficiencies, signifying that it is not possible to guarantee absolute protection. For this reason, you also have the option of supplying personal data to us by alternative means, such as by telephone or by post, for example.
The Controller in the sense of the GDPR is:
PTR HARTMANN GmbH
+49 2389 7988-0
III. Data Protection Officer
The Data Protection Officer can be contacted as follows:
All data subjects can contact our Data Protection Coordinator directly at any time for all questions and suggestions concerning data protection.
IV. Terminology and definitions
- Personal data
"Personal data" comprises all information relating to an identified or identifiable natural person. A natural person is considered identifiable when he or she can be identified by means of assignment to an identifier such as a name, to an ID number, to locational data, to an on-line ID or to one or more particular features which express the physical, physiological, genetic, psychic, economic, cultural or social identity of such natural person.
- Data subject
The "data subject" is any identified or identifiable natural person whose personal data is processed by the person responsible for processing (our company).
"Processing" signifies any procedure conducted with or without the assistance of automated processes or any such series of procedures in conjunction with personal data, such as the acquisition, recording, organisation, sorting, storage, adaptation or alteration, reading out, scanning, use, disclosure via transfer, distribution or other form of provision, comparison or interlinking, restriction, deletion or destruction.
- Restriction of processing
The "restriction of processing" is the marking of stored personal data with the aim of restricting its future processing.
"Profiling" signifies any form of automated processing of personal data with the purpose of using such personal data in order to evaluate certain personal aspects relating to a natural person and, in particular, in order to analyse or predict aspects relating to the working performance, economic situation, health, personal preferences, interests, reliability, conduct, location or change of location of such natural person.
"Pseudonymisation" signifies the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the additional assistance of further information, where such further information is stored separately and is subject to technical and organisational provisions which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
- Contract Processor
The "Contract Processor" is a natural or legal person, authority, institution or other body which processes personal data on behalf of the Controller.
The "Recipient" is a natural or legal person, authority, institution or other body to whom or to which personal data is disclosed, irrespective of whether such Recipient is a third-party or not. Authorities which may possibly receive personal data within the scope of a specific investigation under EU law or under the law of the member states shall not constitute Recipients, however.
A "third-party" is a natural or legal person, authority, institution or other body not being the data subject, the Controller, the Contract Processor or the person(s) authorised under the immediate responsibility of the Controller or of the Contract Processor to process the personal data.
"Consent" means every freely given, specific, informed and unambiguous indication of the data subject's wishes in the form of a declaration or any other unequivocally confirmatory action, by means of which the data subject communicates that he or she is in agreement with the processing of the personal data concerning himself or herself.
V. Legal basis of processing
Article 6 Para. 1 lit. a GDPR is used by our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
Where the processing of personal data is necessary for the fulfilment of a contract to which you are one of the contracting parties, as is the case, for example, with processing operations that are necessary for the supply of goods or the furnishing of another service or consideration, such processing shall be deemed to be based on Article 6 Para. 1 lit. b GDPR. The same shall apply to processing operations which are necessary for the implementation of pre-contractual provisions, in cases of enquiries concerning our products and/or services, for instance.
Where our company is subject to a legal obligation, as a result of which processing of personal data is necessary, as for the fulfilment of fiscal obligations, for example, such processing shall be deemed to be based on Article 6 Para. 1 lit. c GDPR.
In rare cases, the processing of personal data may be necessary for the protection of vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our facilities suffered injury and it was necessary then to pass on his or her name, his or her age, his or her medical-insurance data and/or other vital information to a physician, a hospital or another third-party or third-parties. Such processing would then occur on the basis of Article 6 Para. 1 lit. d GDPR.
Finally, processing operations could be based on Article 6 Para. 1 lit. f GDPR. Processing operations covered by none of the above-mentioned legal basis would be founded on this legal basis if the processing is necessary for the maintenance of a legitimate interest of our company or of a third-party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh such interest. Such processing operations are permitted to us, in particular, due to the fact that they are specially mentioned by the European legislator. The legislator thus expressed the view that such a legitimate interest could be assumed if you are a customer of our company (Recital 47 Clause 2 GDPR).
- SSL/TLS encryption
This site makes use of SSL or TLS encryption in order to ensure the security of data-processing and to protect the transmission of confidential contents, such as, for example, orders, login data and contact enquiries which you send to us as the operator. An encrypted connection can be recognised by the fact that, instead of "http://", there is "https://" and a padlock symbol in the address line of your browser.
We use this technology in order to assure the security of your transmitted data.
- Data acquisition when you visit the Internet site
When you use our website solely for information purposes, i.e., when you do not register or transmit information to us in any other way, we obtain only data which your browser transmits to our server (in so-called "server log files"). Whenever you or an automated system load(s) a page, our Internet site records a series of general data and information. This general data and information is stored in the server's log files. The following may be recorded:
- The browser types and versions used
- The operating system used by the accessing system
- The Internet site from which an accessing system reaches our Internet site (the so-called referrer)
- The sub-websites which are actuated on our Internet site via an accessing system
- The date and time of any access to the Internet site
- An Internet Protocol Address (IP address)
- The accessing system's Internet Service Provider
We do not, in using this general data and information, draw any conclusions concerning your person. Instead, this information is needed in order tobr />
- Deliver the contents of our Internet site correctly
- Optimise the contents of our Internet site and the advertising for it
- Assure the continuous correct functioning of our IT systems and the technology of our Internet site
- Provide law enforcement authorities with the information necessary for investigation and prosecution in the event of a cyber attack
This acquired data and information is therefore evaluated by us for statistical purposes, on the one hand, and also with the aim of enhancing data-protection and data security within our company, in order, ultimately, to assure an optimum level of protection for the personal data which we process. The data in the server log files is stored separately from all personal data provided by a data subject.
The legal basis for data processing is provided by Article 6 Para. 1 Clause 1 lit. f GDPR. Our legitimate interest derives from the above-listed purposes of data gathering.
VII Transfer of data to third-parties
Other than for the purposes listed below, there is no transfer of your personal data to third-parties.
We provide your personal data to third-parties only in cases in which:
- You have granted your express consent for this in acc. with Article 6 Para. 1 Clause 1 lit. a GDPR;
- Such passing-on is admissible in acc. with Article 6 Para. 1 Clause 1 lit. f GDPR for the maintenance of our legitimate interests and where there are no grounds for the assumption that you possess an overriding legitimate interest in the non-passing-on of your data;
- Where there is a legal obligation for passing-on in acc. with Article 6 Para. 1 Clause 1 lit. c GDPR;
- This is legally admissible and is necessary in acc. with Article 6 Para. 1 Clause 1 lit. b GDPR for the implementation of contractual relations with you.
- General information on cookies
The cookie stores information resulting in conjunction in each case with the specific terminal device used. This, however, does not mean that we thus obtain direct knowledge of your identity.
In addition, we use temporary cookies, which are stored for a pre-specified time on your terminal device for the purpose of optimisation of our user friendliness. When you visit our site again, in order to make use of our services, the fact that you have already been on our site and the entries and settings you made are automatically detected, in order that these need not be made again.
The data processed by cookies, which is needed for the correct functioning of the website, is therefore necessary for the maintenance of our legitimate interest and those of third-parties in acc. with Article 6 Para. 1 Clause 1 lit. f GDPR.
The ruling for all other cookies is that you have granted your consent in the sense of Article 6 Para. 1 lit. a GDPR via our opt-in cookie banner.
IX. Contents of our Internet site
- Registering as a user
You have the opportunity of registering on our Internet site, providing personal data.
What personal data is provided to us in this context depends on the respective input mask used for registering. The personal data which you enter is acquired and stored solely for internal use and for our own purposes. We can effect the passing on to one or several Contract Processors – a parcels service, for example – who will also use such personal data solely for internal purposes, for which we take responsibility.
Registering on our Internet site also causes storage of the IP address assigned by your Internet Service Provider (ISP), and also the date and time of registration, to be stored. Storage of this data is effected against the background that misuse of our services can be prevented only in this way and that this data makes it possible when necessary to investigate any criminal acts committed. To this extent, the storage of this data is necessary for our own protection. This data is under no circumstances passed on to third-parties unless there is a legal obligation to pass it on and/or unless such passing on serves the purpose of the investigation of criminal acts.
Your registering with the voluntary provision of personal data also serves the purpose of enabling us to provide for you contents or services which can, by the very nature of things, be offered only to registered users. Registered persons have the opportunity to modify the personal data provided at registration at any time or to delete it entirely from our data records.
Processing of your data is performed in the interests of convenient and easy use of our Internet site. This constitutes a legitimate interest in the sense of Article 6 Para. 1 lit. f GDPR.
- Data processing upon opening of a customer account and for implementation of contracts
In acc. with Article 6 Para. 1 lit. b GDPR, personal data is acquired and processed when you communicate this data to us for the implementation of a contract or when you open a customer account. The data collected can be seen in the respective input forms. Deletion of your customer account is possible at any time and can be effected by means of notification to the Controller's above-stated address. We store and use the data provided by you for the purpose of contract implementation. After completed implementation of the contract or the deletion of your customer account, your data will be access-barred, taking account of fiscal-law and trade-law retention periods, and deleted after the expiry of such periods unless you have expressly consented to further utilisation of your data or unless we reserve the right to legally admissible further use of such data. Further corresponding information on this is provided to you below.
- Data processing for implementation of orders
Where this is necessary for delivery of the goods ordered, the personal data obtained by ourselves will be passed on to the transport organisation commissioned for delivery within the scope necessary for implementation of your order. Your payment data will passed on to the bank providing payment services in the context of processing of payment where this is necessary for processing of payment. Where payment service providers are used, we provide explicit information on this below. The legal basis for the passing on of data in this context is Article 6 Para. 1 lit. b GDPR.
- Making of contracts via the online shop, traders and shipment of goods
We pass on personal data to third-parties only where this is necessary in the context of contract implementation, to companies entrusted, for example, with the delivery of the goods or to the bank involved in processing of payment. Any further passing on of data either does not occur or occurs only if you have given express consent to such passing on. Passing on of your data to third-parties without express consent, for advertising purposes, for example, does not occur.
The basis for data processing is provided by Article 6 Para. 1 lit. b GDPR, which permits the processing of data for the purpose of fulfilment of a contract or of pre-contractual provisions.
- Contact / Contact form
Personal data is gathered in the context of contacts with us (e.g. via the contact form or via e-mail). The data gathered in the case of the contact form can be seen from the particular contact form itself. This data is stored and used solely for the purpose of processing of the matter on which you have contacted us or for contacting you, and for the associated technical administration. The legal basis for processing of this data is our legitimate interest in providing an answer for you in acc. with Article 6 Para. 1 lit. f GDPR. Where the aim of you contacting us is the making of a contract, Article 6 Para. 1 lit. b GDPR provides the additional legal basis for processing. Your data will be deleted after concluding processing of your enquiry; this will be the case, for instance, where the circumstances indicate that the matter in question has been conclusively clarified and that there are thus no legal retention obligations which would prevent this.
- Services / Digital goods
We pass on personal data to third-parties only where this is necessary in the context of contract implementation – to the bank involved in processing of payment, for example.
Any further passing on of data either does not occur or occurs only if you have given express consent to such passing on. Passing on of your data to third-parties without express consent, for advertising purposes, for example, does not occur.
The basis for data processing is provided by Article 6 Para. 1 lit. b GDPR, which permits the processing of data for the purpose of fulfilment of a contract or of pre-contractual provisions.
- Application management / Vacancies
We acquire and process the personal data of applicants for the purpose of implementation of the application procedure. Such processing may also take place using electronic means. This is the case, in particular, when an applicant submits corresponding application documentation to us by electronic means, by e-mail, for example, or via a web form on our website. Where we make a contract of employment with an applicant, the data provided will be stored, taking due account of the legal requirements, for the purpose of implementation of the employment. Where no contract of employment is made with the applicant, the application documentation will be deleted automatically two months from announcement of the failure of the application provided we have no other legitimate interests which would argue against deletion. Another legitimate interest could, in this sense, be a duty of proof in a procedure under the General Act on Equal Treatment (AGG), for example.
Data processing in such a case thus takes place on the basis of our legitimate interest in acc. with Article 6 Para. 1 lit. f GDPR.
X Sending of Newsletters
- Sending of Newsletters to existing customers
Where you have provided your e-mail address to us in the context of the purchase of goods and/or services, we reserve the right to send to you at regular intervals offers concerning goods / services included in our range and similar to those already purchased by e-mail. We are not obliged in acc. with Article 7 Para. 3 of the Act against Unfair Competition (UWG) to obtain from you for this purpose any separate declaration of consent. Data processing thus takes place solely on the basis of our legitimate interest in providing personalised direct advertising in acc. with Article 6 Para. 1 lit. f GDPR. We will not send such mails to you if you initially declined the use of your e-mail address for this purpose. You have the right to reject the use of your e-mail address for the above-mentioned advertising purpose at any time with effect for the future by means of a notification to the Controller initially named. In this case you will incur only transmission costs in accordance with the standard rates. The use of your e-mail address for advertising purposes will be discontinued immediately upon receipt of your notification of rejection.
- Advertising Newsletters
Our Internet site provides you with the opportunity of subscribing to our company's Newsletter. The personal data which is provided to us when subscribing to the Newsletter can be seen in the input mask used for this purpose.
We inform our customers and business partners at regular intervals concerning our products, services, etc., by means of a Newsletter. You can receive our company's Newsletter only if:
- You have a valid e-mail address and
- You have registered to receive the Newsletter.
For legal reasons, a confirmation mail exercising the double opt-in procedure will be sent to the email address which you initially entered for receipt of the Newsletter. This confirmation mail serves the purpose of verifying that you have, as the owner of the e-mail address, authorised sending and receipt of the Newsletter.
When you register for the Newsletter, we also store the IP address assigned by your Internet Service Provider (ISP) to the IT system used by yourself at the time of registration, and also the date and time of the registration. Obtainment of this data is necessary in order to be able at a later time to trace any (possible) misuse of your e-mail address and thus serves for our own legal protection.
The personal data acquired in the context of a registration for the Newsletter is used solely for the purpose of sending of our Newsletter. In addition, subscribers to the Newsletter may be informed where this is necessary for operation of the Newsletter service or where such a registration is necessary, as could, for example, be the case in the eventuality of changes to the Newsletter service or of changes in technical circumstances. Personal data acquired in the context of the Newsletter service will not be passed on to third-parties. You can cancel a subscription to our Newsletter at any time. Your consent to the storage of personal data granted to us for the purpose of sending of the Newsletter may be revoked at any time. A corresponding link is included in every Newsletter for the purpose of revocation of your consent. You can also cancel your subscription to receiving our Newsletter directly on our Internet site at any time or notify your cancellation to us in any other manner.
The legal basis for data processing for the purpose of sending of the Newsletter is provided by Article 6 Para. 1 lit. a GDPR.
XI Google Analytics
We use Google Analytics, a web analysis service provided by Google Ireland Limited (https://www.google.de/intl/de/about/; Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as "Google") on our websites. Pseudonymised user profiles are created in this context, and cookies are used (see "Cookies" above). The information generated by the cookie concerning your use of this website, such as
- Browser type/version,
- The operating system used
- The referrer URL (the site previously visited)
- The accessing computer's host name (IP address)
- The time of the server enquiry
is transmitted to a Google server in the USA and is stored there. The information is used to evaluate utilisation of the website, to compile reports on website activities and to furnish further services associated with website utilisation and Internet use for the purposes of market research and needs-orientated design of these Internet sites. This information may also be passed on to third-parties where this is legally required or where third-parties contract process this data. In no case is your IP address kept together with other Google data. IP addresses are anonymised, with the result that identification is not possible (IP masking).
You can prevent the installation of cookies by means of a corresponding setting in your browser software; we must, however, point out that it may, in this case, not be possible to use all the functions of this website to their full extent.
These processing operations take place only in case of the granting of express consent in acc. with Article 6 Para. 1 lit. a GDPR.
You can, in addition, prevent the recording of the data generated by the cookie and relating to your use of the website (inc. your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to a browser add-on and, in particular, in the case of browsers installed on mobile terminal devices, you can also prevent data acquisition by Google Analytics by clicking on the following link: Deactivate Google Analytics. An opt-out cookie will then be set and will prevent future acquisition of your data when you visit this website. The opt-out cookie is valid only in this browser and only for our website and will be installed on your device. You will need to set the opt-out cookie again if you delete the cookies in this browser.
You can also prevent the acquisition of your data by Google Analytics by clicking on the following link. An opt-out cookie will then be set and will prevent the acquisition of your data when you visit this website in future:
Link zu Google Analytics deaktivieren
Further information on data protection in conjunction with Google Analytics can be found, for example, in the Google Analytics help function (https://support.google.com/analytics/answer/6004245?hl=de).
XII Handling of customer and supplier data
We process your in some cases personal data for the purpose of the initiation, implementation and completion of contractual relationships, for the drafting of quotations and for invoicing purposes, and also for the purpose of contacting and providing information within the framework of customer support.
- Legal basis of processing activities
Processing is necessary for the fulfilment of a contract or a pre-contractual provision in acc. with Article 6 Para. 1 lit. b GDPR or for the maintenance of our legitimate interests in acc. with Article 6 Para. 1 lit. f GDPR and where there are no interests or fundamental rights and fundamental freedoms of the data subject which outweigh this.
- Categories of recipients
The following are internal recipients: Consulting, Contract management, Accounting, Controlling, Back office. We also commission service-providers (contract processors) for the performance of our tasks, such as IT service-providers and hosting providers, for example, and forward data to authorities and/or courts within the scope of our legal obligations.
XIII Handling of visitors' data
We process your in some cases personal data for the purpose of verification of entry authorisation. In this context, we store the following data:
- Visitor's contact information (form of address, surname, forename, date of birth, place of birth, e-mail address)
- Data on the visit itself (location, building, date, time)
- Legal basis for processing activities
Processing is necessary for regulated access control and, in acc. with Article 6 Para. 1 lit. f GDPR, serves our legitimate interest in this where there are no overriding interests or fundamental rights and fundamental freedoms on the part of the data subject.
- Categories of recipients
The following are internal recipients: Reception
- Period of storage
Your personal data will be stored for a period of one year from your most recent visit.
XIV Your rights as a data subject
- Right to confirmation
You have the right to require confirmation from us as to whether personal data concerning you is being processed.
- Right to information (Article 15 GDPR)
You have the right to receive from us at any time free-of-charge information on the personal data stored concerning your person and a copy of this data in accordance with the legal provisions.
- Right to rectification (Article 16 GDPR)
You have the right to require the rectification of any incorrect personal data concerning yourself. You also have the right, taking account of the purposes of processing, to require the augmentation of incomplete personal data.
- Deletion (Article 17 GDPR)
You have the right to require from us that personal data concerning yourself be deleted immediately where one of the legally provided reasons applies and provided processing and/or continued storage is not necessary.
- Restriction of processing (Article 18 GDPR)
You have the right, where one of the legal preconditions exists, to demand from us restriction of processing.
- Data portability (Article 20 GDPR)
You have the right to receive the personal data concerning yourself and provided to us by yourself in a structured, commonly used and machine-readable format. You also have the right to transfer this data without hindrance by ourselves to another Controller to whom the personal data has been provided where processing is based on consent in acc. with Article 6 Para. 1 lit. a GDPR or Article 9 Para. 2 lit. a GDPR or is based on a contract in accordance with Article 6 Para. 1 lit. b GDPR where processing takes place using automated procedures where such processing is not necessary for the performance of any task which is in the public interest or does not take place in the exercise of official authority which has been vested in ourselves.
You also have the right in exercising your right to data portability in acc. with Article 20 Para. 1 GDPR to cause the personal data to be transferred directly from one Controller to another Controller where this is technically feasible and where this does not infringe on the rights and freedoms of other persons.
- Objection (Article 21 GDPR)
You have the right to lodge for reasons which derive from your particular situation objection at any time against the processing of personal data concerning yourself which processing takes place on the grounds of Article 6 Para. 1 lit. e (Data-processing in the public interest) or f (Data-processing on the grounds of a due assessment of interests) GDPR.
This same provision shall also apply to any profiling based on these provisions in the sense of Article 4 No. 4 GDPR.
Where you lodge an objection, your personal data will no longer be processed unless we are able to demonstrate for such processing imperative and legitimate reasons which outweigh your interests, rights and freedoms or where such processing serves for the raising, exercise or defence of legal claims or entitlements.
In individual cases, we process personal data in order to practise direct advertising. You are entitled at any time to lodge objection to the processing of personal data for the purposes of such advertising. This same provision also applies to profiling, where this is associated with such direct advertising. Should you lodge an objection to us against the processing for direct-advertising purposes, we undertake no longer to process such personal data for these purposes.
You also have the right to lodge for reasons which derive from your particular situation an objection against the processing of personal data concerning yourself which takes place at our company for scientific or historical research purposes or for statistical purposes in acc. with Article 89 Para. 1 GDPR unless such processing is necessary for the performance of a task which is in the public interest.
You are entitled in conjunction with the use of services of the information society and irrespective of Directive 2002/58/EC to exercise your right of objection using automated procedures in which technical specifications are used.
- Revocation of a data-protection-law consent
You have the right to revoke any consent to the processing of personal data at any time and with effect for the future.
- Complaint to a supervisory authority
You have the right to lodge a complaint concerning our processing of personal data with a supervisory authority responsible for data protection.
XV Routine storage, deletion and access-barring of personal data
We process and store your personal data only for the period necessary for the attainment of the purpose of storage or only where this is specified by the legal provisions to which our company is subject.
Where the purpose of storage no longer exists and/or where a specified storage period expires, the personal data in question will be routinely access-barred or deleted in accordance with the legal provisions.
XVI Period of storage of personal data
The criterion for the period of storage of personal data is the respective legal retention period. Upon expiry of this period, the corresponding data will be routinely deleted where it is no longer needed for the performance or initiation of a contract or contracts.
XVII Data transfer to a third-country
No transfer of data to outside states is planned.