Icoon Privacy Gegevensbescherming, letters op blokjes

Gegevensbescherming

Hier vindt u informatie over privacy bij HERMA. Kies a.u.b. het juiste gebied.

  • Data Privacy Policy for the HERMA Web Offers

    Information on the processing of your data in accordance with Art. 13 GDPR
    References to legal regulations relate to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

    Status: January 2024
     

    Table of Contents

    1. Validity
    2. Responsibility for the Data Processing
    3. Company Data Privacy Officer Contact
    4. Data Processing – Forms
       4.1 Contact Form
       4.2 Application Form
       4.3 Subscription to our Newsletter
       4.4 Using the Online Shops
       4.5 Visual spare part search
       4.6 Other Registrations on the HERMA Websites
    5. Data Processing – Analysis and Tracking Tools (Cookies)
       5.1 Server Utilization Data
       5.2 Use of Cookies
       5.3. Opt-out - Preventing Cookie Usage
       5.4 Analysis and Tracking Tools
            (1) ConsentManager
            (2) Google Analytics
            (3) YouTube
            (4) Google Ads
            (5) Google reCaptcha
    6. Duration of Storage, Erasure and Barring of Personal Data
    7. Data Security
    8. Your Rights
       8.1 Right to Information
       8.2 Right to Rectification
       8.3 Right of Erasure
       8.4 Right to Restriction of Processing
       8.5 Right to Object
       8.6 Right to Revoke
       8.7 Right to Complain
    9. Automatic Decision Finding
    10. Amendments to the Data Privacy Policy

     

    1. Validity

    This data privacy policy applies for the HERMA GmbH web offers and the personal data collected via these web offers. For websites of other providers which are referred to, for example, by links, the data protection notes and privacy policies of these apply.

    a. HERMA web offers

    The HERMA web offers include websites, B2B online shops and apps.

    Websites:
    herma.de, herma.at, herma.ch, herma.com, herma.co.uk, herma.fr, herma.nl, herma.be, herma.se, herma.com.es, herma.co.it, herma.fi, herma.dk, herma.no, herma.pl, herma.pt, herma.us and herma-china.cn

    B2B online shops:
    shop.material.herma.com, shop.machines.herma.com and shop.labels.herma.com

     

    b. Personal data

    According to article 4 GDPR, personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

     

    2. Responsibility for the Data Processing

    The responsibility for processing of personal data on the HERMA websites lies with
    HERMA GmbH (HERMA)
    Heinrich-Hermann-Straße 14, 70794 Filderstadt, Germany
    Phone: +49 711 / 7702 0
    E-mail: datenschutz(at)herma.de

     

    3. Company Data Privacy Officer Contact

    You can contact the company data privacy officer at HERMA GmbH at:
    DataCo GmbH, Dachauer Str. 65, 80335 München, Germany
    www.dataguard.de
    Phone: +49 89 7400 45840
    E-mail: datenschutz(at)herma.de

     

    4. Data Processing – Forms

    4.1 Contact Form

    Which personal data are communicated to HERMA by the contact forms depends on the input mask that is used for making the contact.

    The personal data communicated to us in this context are used exclusively for processing the respective inquiries.

    The collection and processing of data by the contact form is based on Art. 6 Par. 1 lit. f GDPR (legitimate interest) because HERMA has an economic interest in establishing contact with (potential) customers to enable them to make fast and uncomplicated contact by means of these additional services.

    The recipients of these data are our Web Agencies and our Webhosting service providers who work for us within the scope of a data processing agreement.

     

    4.2 Application Form

    Which personal data are communicated to HERMA by an online application depends on the respective input mask that is used for the online application.

    We use the application data and documents for handling the application procedure and for establishing an employment relationship.

    § 26 BDSG provides the legal basis for this data processing.

    Data are not disclosed to third parties.

    We will delete your data three months after the application procedure has ended providing that we are not legally obliged to keep these data.

     

    4.3 Subscription to our Newsletter

    Which personal data are communicated to HERMA when subscribing to the newsletter depends on the input mask used for this.

    We use the data for dispatching our newsletter.

    Art. 6 Par. 1 lit. a GDPR (your consent) provides the legal basis for this data processing.

    You can revoke the consent that you granted us when subscribing to the newsletter at any time in the future with no consequences for the lawfulness of the processing that took place based on the consent up until its revocation. You will find an appropriate link or e-mail contact address in every newsletter for the purpose of revoking your consent. You will no longer receive the newsletter after a revocation.

    The recipients of these data are our Web Agencies and our Webhosting service providers who work for us within the scope of a data processing agreement.

    When you subscribe to the newsletter, we will also store your IP address as well as the date and time of your subscription. These data must be collected to be able to track (possible) misuse of your e-mail address at a later date. Art. 6 Par. 1 lit. f GDPR (legitimate interest of HERMA) provides the legal basis for this data processing.

    The HERMA newsletters contain tracking pixels with which we can recognize whether and when an e-mail was opened and which links in the e-mail were called. Data collected via tracking pixels in the newsletters are stored and processed anonymously for statistical purposes to optimize the newsletter dispatch and to better adapt the content of future newsletters to the recipients’ interests.

     

    4.4 Using the Online Shops

    a. Registration - Opening an account
    The user can purchase products in the HERMA online shops after previous registration and login. Which personal data are communicated to HERMA in the process depends on the respective input mask that is used for handling the purchase. The user or shop customer is always a legal person because we operate only B2B shops.

    We use the personal data communicated to us for the purpose of handling your order, fulfilling the contractual obligations as well as enabling the customer or user to be contacted insofar as he/she desires or is necessary or legally permitted within the scope of the contract relationship.

    Art. 6 Par. 1 lit. b DS-GVO provides the legal basis for this data processing because the processing is necessary for the performance of a contract between HERMA and you as a customer or in order to take steps at your request prior to entering into a contract.

    The recipients of these data are our Web Agencies and our Webhosting service providers who work for us within the scope of a data processing agreement. Moreover, your data may be passed on to a HERMA subsidiary if this takes over part of the order handling or to our collections agency.

     

    b. Credit assessment
    During the order process, we enlist the services of the credit agencies or credit insurers named below to carry out a credit assessment of the shop customers.

    • Bureau van Dijk Electronic Publishing GmbH, Hanauer Landstrasse 175-179, 60314 Frankfurt a.M.
    • Bürgel Wirtschaftsinformationen GmbH & Co.KG, Gasstrasse 18, 22761 Hamburg
    • Codinf Services SA, 120 Avenue Ledru-Rollin, 75011 Paris
    • Coface Rating GmbH, Isaac-Fulda-Allee 1, 55124 Mainz
    • Creditreform Stuttgart Strahler KG, Theoder-Heuss-Str. 2, 70174 Stuttgart
    • Creditsafe Deutschland GmbH, Schreiberhauerstrasse 30, 10317 Berlin
    • Bisnode D&B Deutschland GmbH, Robert-Bosch-Strasse 11, 64293 Darmstadt
    • Kisys Krediet Informatie Systemen B.V., Hullenbergweg 270, 1101 BV Amsterdam –Zuidoost
    • Kreditschutzverband von 1870, Wagenseilgasse 7, 1120 Wien

    For this purpose, we transfer your customer data (company, address, VAT ID) and receive the address and credit data stored for the customer, as far as available, including those that were determined based on mathematical-statistical methods. We use the received information about your creditworthiness including that information about the statistical probability of possible payment default for a carefully considered decision on offering a suitable payment type as well as the establishment, performance or termination of a contract relationship.

    Art. 6 Par. 1 lit. b GDPR (processing prior to entering into a contract or performance of a contract), Art. 6 Par. 1 lit. f GDPR (maintenance of a legitimate interest of HERMA in preventing payment defaults) as well as Art. 6 Par. 1 lit. a GDPR (consent to a credit assessment with pre-determined payment type advance payment). You can revoke your consent to the credit assessment at any time with effect for the future by using our contact form.

    The creditworthiness information may contain probability values (scores) calculated based on scientifically recognized mathematical-statistical methods and which include address data, among other things, in their calculation. Your interests worthy of protection are considered in accordance with legal regulations.

     

    c. Payment
    During the order process, we enlist the services of the payment service provider Heidelberger Payment GmbH, Vangerowstraße 17, 69115 Heidelberg for the purposes of online payment handling. Hereby, your payment data are collected, processed and stored directly by Heidelberger Payment GmbH as a data processor. The transferred payment data are the data entered in the respective input mask of the means of payment.

    Your payment data will be processed exclusively for handling your order.

    Art. 6 Abs.1 lit. b GDPR (performance of contract) provides the legal basis for the data processing.

     

    d. Sanctions list investigation
    During the order process, we compare your customer data with official sanctions list of the Federal Republic of Germany, EU and USA. Sanctions lists are official records in which persons, groups, organizations and/or companies are listed against whom certain economic or legal sanctions have been imposed.

    Data are not disclosed to third parties.

    The data processing is based on Art. 6 Par.1 lit. c GDPR. HERMA is obliged by national regulations such as German foreign trade regulations (AWG) as well as European directives to conduct the investigation for the purpose of combating terrorism and securing personal embargoes.

       

    4.5 Visual spare part search

    a. Description and scope of data processing
    In general, no personal data is processed. We explicitly point out that no photos with personal data should be uploaded when using our spare parts search tool on our website. Should photos with personal data be uploaded nevertheless, we have no influence on this and the following applies.

    b. Purpose of the data processing
    The purpose is the identification of spare parts by the customer himself, so that he can quickly identify and then order the required spare parts himself. This does not result in a special purpose for the processing of personal data.

    c. Legal basis for data processing
    Should personal data nevertheless be processed through a voluntary upload, the legal basis for the data processing is your express declaration of consent in accordance with Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR. You can revoke your consent at any time with effect for the future. To do so, please send an email to: datenschutz@herma.de
    Please note that a visual search for spare parts will then not be possible. 

    d. Recipient
    We transmit all uploaded photos to our service provider Partium.io
    Partium Technologies GmbH, Dresdner Straße 91 / C2, 1200 Wien 
    The service provider stores the images until the end of the contract period.

     

    4.6 Other Registrations on the HERMA Websites

    Which personal data are communicated to HERMA depends on the respective input mask that is used for the registration.

    We use these data to offer you contents or services which, by nature of the issue, can only be offered to registered users, e.g. storage of label templates in the Label Assistant Online and customer service through the myHERMA customer portal for machines and self-adhesive material. 

    The recipients of these data are our Web Agencies and our Webhosting service providers who work for us within the scope of a data processing agreement.

    Art. 6 Par. 1 lit. b) (provision of the offered (contractual) services) or Art. 6 Par. 1 lit. f) GDPR (legitimate interest of HERMA in customer support by customer services) provides the legal basis for the data processing).

     

    5. Data Processing – Analysis and Tracking Tools (Cookies)

    5.1 Server Utilization Data

    The HERMA websites and B2B online shops collect a number of general data and items of information every time the respective site is called and store these in the server logfiles. These are data that are collected anonymously and allow no inferences to be drawn to your person. The anonymous data of the server logfiles are stored separately from all the personal data entered by you. Your browser transmits the following data to our server every time that you visit the websites concerned:

    • used browser types and versions 
    • used operating system
    • the website from which you access our web offers (so-called referrer)
    • the sub-sites which you visit within our website
    • the date and time of the access to the website
    • the Internet protocol address (IP address)
    • the Internet service provider
    • other similar data and information

    These data are technically necessary for us to show you our website, to ensure the stability and security as well as to provide the necessary information for the law enforcement agencies for prosecution in the event of a cyber-attack.

    Art. 6 Par. 1 lit. b) GDPR (contract establishment or contract) and Art. 6 Par. 1 lit. f) GDPR (legitimate interest) provide the legal basis for the data processing.

    The recipients of these data are our Web Agencies and our Webhosting service providers who work for us within the scope of a data processing agreement.

    Logfile information is stored for a maximum duration of 90 days for security reasons (e.g. to elucidate cases of misuse and fraud) and then erased. Data which must be kept for purposes of evidence are excepted from erasure until final clarification of the respective case.

     

    5.2 Use of Cookies

    Cookies are used by us directly or by third providers on our account when using the HERMA websites. Cookies are text files which are placed and stored on a computer system by an Internet browser. Many cookies contain a so-called cookie ID. A specific Internet browser can be recognized and identified by the unique cookie ID.

    The following types of cookies are used within the scope of our web offers:

    • Technical cookies that are necessary for the function of our web offers (necessary) serve to be able to identify the accessing browser even after switching sites. They do not require consent as, in accordance with Art. 6 I lit. f GDPR, HERMA as the website operator has a legitimate interest in using these cookies.
    • Personalization cookies are cookies which adapt the website to your requirements depending on your settings (personalization). Some function of the website, such as shopping cart, contact form, save login data, save language settings for the website, for example, cannot be used properly without these cookies. You can consent to the use of personalization cookies. Art. 6 I lit. a GDPR provides the legal basis.
    • Analysis and tracking cookies enable us to collect and analyze statistics on the user behavior of visitors to the websites, i.e. to carry out a coverage measurement and use analysis for the purpose of website optimization (tracking). They are not absolutely essential for the actual functions of the website and the tracking data might then be linked or shared with other data and services. You will find more information about the tracking tools that we use in the following sections.

     

    5.3. Opt-out - Preventing Cookie Usage

    You can prevent cookies from being set by our website by

    • making the appropriate section in the cookie banner on your first visit to our website.
    • clicking the fingerprint icon at the bottom left of our website and making the appropriate selection later (during a visit to the website and after already having granted consent).
    • making the appropriate setting in your Internet browser, usually to be found under “Data protection” or “Cookies” of the “Internet options” or “Settings” menu of the browser.

     

    5.4 Analysis and Tracking Tools

    We use the following analysis and tracking tools within the scope of our web presence which we apply dependent on the concrete web offers (websites, B2B online shops, apps).
     

    (1) ConsentManager

    Used in the following HERMA web offers: website, online shops

    We have incorporated the ConsentManager tool of Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) into our websites to inquire consents for the data processing or use of cookies or similar functions. You can also change your settings later (fingerprint icon). In the course of using the ConsentManager, cookies are used and information about the used terminating devices such as the IP address processed to ensure that user settings and preference with regard to the use of cookies and other functionalities are saved.

    Art. 6 Par. 1 lit. c) GDPR (legal obligation, obligation of the website operator to provide proof) provides the legal basis.

    ConsentManager stores your data for as long as your user settings are active. Your consent will be requested again two years after making the user settings. The user settings that you make are then stored again for this period of time.

     

    (2) Google Analytics

    Used in the following HERMA web offers: website, online shops

    We use the web analysis service Google Analytics. Google-Analytics is operated in the EU by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google).

    Google Analytics uses cookies that are stored on your computer or mobile device and enable an analysis of the utilization of the website by the users. With these cookies, Google Analytics can measure the coverage of our web presence on our account. The cookies enable us to track which website you visited before accessing our website and how you have used our website. We use the data collected in this way (Google Analytics reports) to analyze the performance of our website as well as to analyze the success of our marketing-campaigns.

    By using the cookie, Google collects (personal) data such as your IP address, date and time of the visit, usage data, site information, device information and browser information for HERMA. Your IP address is only processed further in abbreviated form (anonymize IP) when you access our website from a member state of the European Union or another contract state of the agreement on the European Economic Community.

    The recipient of the (personal) data collected in this way is Google so that your data may be transmitted by Google to the United States of America and stored. Google may possibly pass on these data under some circumstances.

    Google deletes automatically your personal data linked with Cookies after 14 months.

    The data processing by Google Analytics is based on Art. 6 Par. 1 lit. a) GDPR (consent).

    Right of revocation – Opt out
    In addition to the opt-out options described in section 5.3 you also have the following possibilities of revoking data collection by Google Analytics:

    • Download and install the browser plugins available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
    • Click on the following link. An opt-out cookie is set which prevents your data from being collected the next time that you visit this website: Deactivate Google Analytics

    Further information and the applicable data protection regulations of Google can be found under https://policies.google.com/privacy?hl=en&gl=en and under https://marketingplatform.google.com/about/analytics/terms/us/.

     

    (3) YouTube

    Used in the following HERMA web offers: website

    We have embedded YouTube videos in our websites with activation of the extended data protection mode. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Inc.

    When embedding a YouTube content, YouTube or Google may occasionally collect and process information (also personal data). It cannot be ruled out that YouTube or Google may also transfer this information to a server in a third country. According to the specification of the YouTube platform on the activation of the extended data protection mode, the cookie activity and the subsequently initiated data collection only comes into effect with the utilization of the video play function itself.

    The intended purpose for the incorporation of YouTube is to be able to present various videos to you so that you can watch them directly on our website. Art. 6 Par. 1 lit. f) GDPR provides the legal basis for the processing of personal data described here. Our necessary legitimate interest lies in the aforementioned purpose. The incorporation of external videos also allows us to relieve the load on our servers and to use the appropriate resources elsewhere. This can increase the stability of our servers among other things.

    Opt out
    You can permanently revoke the setting of cookies by our website as already described above in section 5.3. In addition, you can prevent the transmission of information by logging out of your YouTube account before calling our website.

    Further information can be found in the data privacy policies of YouTube or Google which you can access here: www.google.com/policies/privacy/

    Notes on the private sphere settings of Google can be found under https://privacy.google.com/take-control.html?categories_activeEl=sign-in

      

    (4) Google Ads

    Used in the following HERMA web offers: website

    This website uses Google Ads (formerly: AdWords) and within the scope of Google Ads the Conversion-Tracking, an online advertising service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

    Google Ads and the Google Conversion Tracking is an analysis service of Google. When clicking on one of the advertisements which we have placed with Google, a cookie is stored on your device which enables an analysis of the use of the website that you visit. The information about the use of this website (including your IP address) that is generated by the cookie is transmitted to a Google server, possibly in the USA or other third countries, and stored there. These cookies become invalid after 30 days. When you visit certain of our sites and the stored cookie has not yet expired, Google and we can see that someone has clicked the advertisement and been linked to our website. Every Google Ads customer receives a different cookie. Cookies can therefore be tracked by the websites of Google Ads customers.

    Art. 6 Par. 1 lit. a) GDPR (consent) provides the legal basis for the processing of personal data described here.

    Right of revocation – Opt out
    You can permanently revoke the setting of cookies by our website as already described above in section 5.3. The following specific revocation possibilities are also available to you for Google Ads:

    Further information and the applicable data privacy policy of Google can be found under https://policies.google.com/privacy?hl=en&gl=en.

     

    (5) Google reCaptcha

    Used in the following HERMA web offers: websites, B2B online shops

    We also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) on this website. This function serves primarily to distinguish whether an input is made by a real person or improperly by machine or automatic processing. The service includes transmission of the IP address and other data that might be required by Google for the reCAPTCHA service to Google.

    Art. 6 Par. 1 lit. f GDPR provides the legal basis for the data processing based on our legitimate interest in determining the individual personal responsibility on the web and the avoidance of misuse and junk mail. Within the scope of use of Google reCAPTCHA, personal data could be transmitted to the Google LLC. Servers in the USA.

    Opt out
    You can permanently revoke the setting of cookies by our website as already described above in section 5.3.

    Further information about Google reCAPTCHA and the Google data privacy policy can be found under: https://policies.google.com/privacy?hl=en&gl=en

     

     

    6. Duration of Storage, Erasure and Barring of Personal Data

    HERMA processes and stores your personal data only for the period of time necessary to fulfill the purpose of the storage or insofar as this has been provided for by a law or regulation by which the respective responsible person at HERMA is bound – e.g. legal retention periods.

    If the storage purpose is obsolete or a legally prescribed retention period has expired, the personal data are barred or erased routinely and according to the legal stipulations.

    Concrete information about the individual erasure deadlines can be found in the respective topical sections of this data privacy policy (e.g. application form, logfiles) as well as in the ConsentManager Tool with regard to the storage duration of cookies.

     

    7. Data Security

    This site uses an SSL or TLS encryption for security reasons and to protect the transmission of confidential contents such as orders or inquiries which you send to us as the site operator. An encrypted connection is recognizable in that the address line of the browser changes from “http://” to “https://” and the lock icon is displayed in your browser bar.

    The data that you transfer to us cannot be read by third parties when the SSL or TLS encryption is activated.

    We secure our website and other systems by technical and organizational measures against loss, destruction, access, manipulation or distribution of your data by unauthorized persons.

    Please enter data only directly on our website. If you should receive unrequested e-mails asking you to state or confirm personal information or payment data, please ignore these mails and inform our HERMA team under ecommerce(at)herma.de.

     

    8. Your Rights

    The GDPR grants you various rights as user of our websites. Please contact datenschutz(at)herma.de if you have any inquiries regarding exercise of these rights. Please note that we must ensure that you actually are the affected person in case of such inquiries.
      

    8.1 Right to Information

    You are entitled to demand information about your personal data processed by us in accordance with Art. 15 GDPR. Your application for information should specify details of your concern to make it easier for us to collect the necessary data.
     

    8.2 Right to Rectification

    If the data concerned are not (no longer) applicable, you are entitled to demand rectification in accordance with Art. 16 GDPR. If your data are incomplete, you are entitled to demand their completion.
     

    8.3 Right of Erasure

    You may demand erasure of your personal data under the conditions of Art. 17 GDPR. Your right of erasure depends among other things on whether the data concerned are still needed by us to fulfill our legal purposes.
     

    8.4 Right to Restriction of Processing

    Within the scope of the specifications of Art. 18 GDPR you are entitled to demand restriction of processing of the data concerning you.
     

    8.5 Right to Object

    Art. 21 GDPR grants you the right to object on grounds relating to your particular situation, at any time to processing of personal data concerning you on the legal basis of “legitimate interest” according to Ar. 6 Par. 1 lit. f GDPR.
     

    8.6 Right to Revoke

    You are entitled to revoke a granted consent at any time with no consequences for the lawfulness of the processing that took place based on the consent up until its revocation is the data processing is based on a consent according to Art. 6 Abs. 1 lit. a or Art. 9 Abs. 2 lit. a GDPR.
     

    8.7 Right to Complain

    If you are of the opinion that we have not observed legal data privacy regulations in the processing of your data, you can lodge a complaint with the responsible data privacy supervisory authority:
    Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg Königstrasse 10a, 70173 Stuttgart, Germany
    Phone: +49 711 6155 41-0, Fax: +49 711 6155 41-15, E-Mail: poststelle@lfdi.bwl.de

     

    9. Automatic Decision Finding

    HERMA websites do not use automatic decision finding.

     

    10. Amendments to the Data Privacy Policy

    We reserve the right to amend or adapt this data privacy policy at any time under consideration of the valid data privacy regulations.

  • Informatie over het gebruik van persoonsgegevens (Verkoop)
  • Informatie over het gebruik van persoonsgegevens (Inkoop)