This page describes the manner, scope and purpose of processing of personal information (from here on simply refered to as 'data') by the Haynl-Elektronik GmbH.

The processing of data is conducted in accordance with the requirements of the General Data Protection Regulation (GDPR) and the country-specific legislation that apply to this company.

Controller

Responsible for adherence of data protection during the processing of data while visiting this site or business operations of this company is:

Haynl-Elektronik GmbH

Magdeburger Str. 117a
39218 Schönebeck (Elbe)
Germany


Email: info@haynl.de
Telefon: +49 3928-69414
Internet: www.haynl.de

More information can be found in the legal notice.

Legal Terms

All legal terms to be found in this text (such as 'processing', 'data subject' or 'controller') refer to definitions found in article 4 GDPR.

Children as defined by article 6 para. 1 GDPR are natural persons younger than 16 years. EU countries may set this age limit lower but not lower than 13 years.

Legal Basis

In accordance with article 13 GDPR we will provide information on the legal basis of our data processing activities. If no specific legal basis is stated in this data protection policy, then one of the following applies:

  • Consent as obtained in accordance with article 6 para. 1 lit. a and article 7 GDPR
  • For the performance contracts a data subject is party to and respond to requests made by a data subject in accordance with article 6 para. 1 lit. b GDPR
  • For the fulfilment of our legal duties in accordance with article 6 para. 1 lit. c GDPR
  • For the purposes of our legitimate interests in accordance with article 6 para. 1 lit. f GDPR
  • In order to protect the vital interests of the data subject or of another natural person in accordance with article 6 para. 1 lit. d GDPR
Transfer of Data

Any disclosure, transfer or access of data provided by our company to third parties (both natural persons and other companies) as part of our business operations is done with a legal basis for this action. This basis may be a legal permission (such as access to data for a payment service provider as part of contract fulfilment in accordance with article 6 para. 1 lit. b GDPR), the consent of data subject affected, a legal requirement or a legitimate interest of our company (employment of an agent, webhoster).

Any data processing delegated to a third party is based upon contract between our company and the third party in question in accordance with article 28 GDPR.

Our company does not collected any data for advertisement or promotional purposes, does not process data for such purposes and does not provide access to data to third parties for such purposes.

Transfer of Data to third countries

Our company does not transfer any data to third countries (countries outside of the European Union (EU) or the European Economic Area (EEA)) nor is any data processed in such countries.

Rights of Data Subjects

Subjects have in accordance with article 15 GDPR the right to receive confirmation whether any data related to their person has been collected and to receive full disclosure on the data collected, categories of data collected, third parties and categories of third parties receiving data, storage period for data as well as purpose and scope of data processing taking place.

Subjects have in accordance with article 16 GDPR the right to complete or rectificate their data.

Subjects have in accordance with article 17 GDPR the right to request the immediate erasure of their data or in accordance with article 18 GDPR to demand that the processing of their data be severly limited.

Subjects have in accordance with article 20 GDPR the right to request for their data to be transfered to a different controller.

Subjects have in accordance with article 77 GDPR the right to file a complaint with a supervisory authority.

Subjects have in accordance with article 7 para. 3 GDPR the right to retract a previously given consent with impact on all future data processing actions.

Subjects have in accordance with article 21 GDPR the right to object to future processing of their data.

Erasure of Data

Data processed by our company is erased in accordance with article 17 GDPR or limited in the way it is processed in accordance with article 18 GDPR. All data stored and processed by our company is erased as soon as their purpose for data processing no longer applies and no other legal requirement to further retain the data applies, unless stated otherwise in this data protection policy. If the data is not erased because they are required for other purposes permitted by law, then the data will only be processed in a limited fashion. This means that the data will be partially locked and not be used for other purposes. This applies for example to data that have to be retained for commercial or tax related reasons.

German laws require for commercial data to be retained for 6 years in accordance with § 257 para. 1 HGB (Handelsbücher, Inventare, Eröffnungsbilanzen, Jahresabschlüsse, Handelsbriefe, Buchungsbelege, etc.) and for 10 years in accordancewith § 147 para. 1 AO (Bücher, Aufzeichnungen, Lageberichte, Buchungsbelege, Handels- und Geschäftsbriefe, für Besteuerung relevante Unterlagen, etc.).

Automated Decision Making

Data processed by our company is not used by any automated system to make legally binding decisions in our company.

Profiling

Data processed by our company is used in any scope to create profiles of data subjects.

Data of Subjects younger than 16 years

Our company does not conduct profiling of minors.

Supervisory Authority

Commissioner for data protection Saxony-Anhalt
Dr. Harald von Bose

Postfach 19 47
39009 Magdeburg

Leiterstraße 9
39104 Magdeburg

Telefon: 03 91/81803-0
Telefax: 03 91/81803-33
E-Mail: poststelle@lfd.sachsen-anhalt.de
Homepage: http://www.datenschutz.sachsen-anhalt.de


Business Operations

Categories of processed Data

  • Personal Information (name, forename)
  • Contact Information (telephone number, email-address)
  • Contract Information (i.e. object of contract, duration, customer category)
  • Payment Information (z.B. account details, payment history)
  • Insurance Information (only for patients, such as health insurance company and insurance number)
Categories of Data Subjects

  • Customers
  • Suppliers
  • Patients
  • Interested parties
Purpose of Data Processing

  • Fulfilment of contractual obligations
  • Customer support
Erasure of Data

Data is erased when legal requirements and similar obligations to retain data no longer apply. The necessity to retain data is checked every three years. Data that has been retained because of legal requirements for data retention is erased once it is no longer obligatory to keep the data. Information in customer accounts is retained until the account is erased.


Inquiries

Categories of processed Data

  • Personal Information (name, forename)
  • Contact Information (telephone number, email-address)
Categories of Data Subjects

  • Customers
  • Patients
  • Interested parties
Purpose of Data Processing

  • Processing of inquiry

In order to respond to an inquiry sent to us (whether by email or telephone) we require some data about the person making the inquiry. The processing of this data for the purpose of answering the inquiry is in accordance with article 6 para. 1 lit. b) GDPR. The data may be stored in a Customer-Relationship-Management System ("CRM System") or similar system.

Erasure of Data

We erase inquiries and their associated data when they are no longer relevant. This is checked every two years. Beyond that data is archived as demanded by law.

Children

If our company is provided with data on children as part of an inquiry, then the person contacting us declares themself to be authorized to do so and able to verify this.


Online-Services

The services provided by our company online, such as this website and any functions or content part of it, are refered to as 'online-services'.

Using our online-services is in general possible without providing any personal data.

Categories of processed Data

  • User data (z.B. visited websites, requested files, access times)
  • Meta-/Communication data (z.B. browser-information, anonymized IP-address)
Categories of Data Subjects

  • Users of online-services ('users')
Purpose of Data Processing

  • Providing online-services, their functions and content
  • Security measures
  • Statistical surveys
Erasure of Data

Information in log file is kept by our webhost for a maximum of 6 weeks after being recorded and automatically erased after that period. No additional archiving of log files is conducted either by our company or our webhost.
In the event of an incident log files of the relevant time frame may be stored until the incident in question has been resolved.

Children

Our online-services are not aimed at children. Data on children is neither purposeful gathered nor are targeted efforts made to gather data on children. Children require the permission of their parent/legal guardian to access our online-services.

Cookies

'Cookies' are small files placed upon a user's device by a website. Cookies permit to store data locally. The primary function of cookies is for them to hold concerning the user or his device while or after he accessed an online-service.

'Temporary Cookies', also called 'Session-Cookies' or 'transient Cookies', are cookies which are deleted once the user leaves their associated online-service and closes his browser. Such cookies usually hold login-information or the content of a shopping cart in online-shops.

'Permanent' or 'persistent' Cookies do remain on a device even after the browser is closed. This can be used to retain the Login-state of a user when he revisits an online-service after several days.

'First-Party-Cookies' are created by the provider of an online-service a user visits.

'Third-Party-Cookies' are created by a party who is not the provider of an online-service a user visited.

No cookies are created when using our online-services.

Log Files

Our webhoster records data on every access request of the server, on which our online-services are located, in log files. This access data includes:

  • Name of requested web page
  • Name of requested file
  • Timestamp
  • Transfered volume of data
  • Result of access request (success, failed, etc.)
  • Browser type and version
  • Referrer URL (last site visited)
  • Anonymized IP-address and ISP

The legal basis for this practice for both our company and our webhoster is legitimate interests in accordance with article 6 para. 1 lit. f. GDPR for identifying and resolving misuse or fraudulant actions as well as general statistical surveys without relation to individual users.

IP-addresses in log files are only stored in anonymized form. This anonymisation is done automatically by our webhost by use of a hash-function. This function transforms any 'real' IP to the same 'anonymized' IP. The same 'real' IP results in the same 'anonymized' IP for a maximum of 24 hours. Thus permanent tracking of access requests from the same (anonymized) IP-address is not possible.
If possible our webhost attempts to resolve the top-level-domain of an IP-address and stores the ISP alongside the anonymized IP.

None of the data points listed here, whether alone or in combination with each other, can be used to resolve a user's identity nor do they provide information that can be used when attempting to identify a user. Thus no personal data is processed when recording access data.

Tracking

If our ISP employs tracking on IP-layer, then this occurs without influence or prior consent by our company. We do not employ any measures to track users who visit our online-services.

Integration of Services and Content from Third-Parties

We employ content and services provided by third-parties such as videos or fonts (refered to as 'content' from here on) as part of our online-services. This is within our legitimate interests in accordance with article 6 para. 1 lit. f. GDPR.

This requires for the IP-address of users to be transmitted to said third-parties that provide the content in question. Without transfering the IP-address the requested content cannot be sent to the device making the request. Thus transfering the IP-address is required for our online-services. We try to only include content of parties that use the provided information solely to deliver the requested content.

Third-parties may employ so called 'pixel-tags' (invisible graphics, also known as 'web beacons') for statistical surveys or marketing purposes. These pixel-tags may be employed to analyse traffic on websites that use content of the content provider in question. Pseudonymised information may be stored in cookies on user devices and include technical information such as type and/or version of browser and/or operation system, referer website, timestamp as well as further information on the use of the content. This information may be linked with data from other sources.

Google Web Fonts
Our online-services include fonts ("Google Fonts" oder "Web Fonts") provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Upon accessing our website a browser will attempt to load fonts from Google into its cache (unless they are already present) in order to correctly display all texts on this website that use those fonts.

In order to access Google's Web Fonts a browser must establish a connection to Google's servers. This way Google becomes aware that a request to access our website was made by a browser and the IP-address its internet connection is using. Requesting fonts from Google does not create any cookies on the device making the request. Using Google Web Fonts allows for a uniform and pleasant presentation of our online-services. This is within our legitimate interests in accordance with article 6 para. 1 lit. f. GDPR. If a browser does not support Web Fonts or no connection to Google's servers can be established, it will default to fonts available on its device.

Google LLC has its seat in USA is certified to uphold the US-European Data Protection Agreement "Privacy Shield", which ensures compliance with data protection levels effective with the EU.

Google's privacy police
Information about Google Web Fonts
Opt-Out (requires Google user account)

Deutsch - German Englisch - English

© 2018 Haynl-Elektronik GmbH
Alle Rechte vorbehalten - All rights reserved