Privacy Policy

Thank you for your interest in our company. Your privacy and the protection of your data are extremely important to us. It is entirely possible to use our website without giving us any of your personal data. However, if you want to take advantage of some of the services we provide on our website, it may be necessary for us to process some of your personal data. Should this be the case, and processing your personal data is necessary, if there is no legal provision which allows us to do so, we will request your consent. If you prefer not to give us this consent, we will not be able to process your personal data.

Processing any personal data, such as name, address, email address or telephone number of the person concerned, always proceeds in accordance with the EU General Data Protection Regulation (GDPR) and in compliance with the relevant data protection regulations. In this Data Protection Statement we want to provide information about the nature, extent and purpose of any personal data that we collect, employ and process. We also wish to inform the persons concerned (data subjects; see def. below) of the rights they possess in this respect.

We have deployed considerable technical and organizational measures in order to ensure that any personal data which is provided to us through this website is protected to the greatest possible degree. However, it is always possible for data collected over the Internet to fall victim to security lapses, so we are unable to guarantee absolute protection. For this reason, anybody who wishes to provide us with personal data by an alternative method, for example by telephone, is perfectly entitled to do so. 

1. Definitions 
Our Data Protection Statement employs the same terminology used in the EU General Data Protection Regulation (GDPR). It is intended to be clear and easily understood for our clients and business partners. To ensure there is no doubt about the meaning of this terminology, we would like to provide certain definitions in advance.

Verwendet werden in dieser Datenschutzerklärung insbesondere die folgenden Begriffe:

§ a) Personal Data
"Personal Data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

§ b) Data Subject
A "Data Subject" is any identified or identifiable natural person whose personal data is being processed by the party responsible for such processing: in this case our company.

§ c) Data Processing
"Data Processing" is any procedure, executed automatically or not, and any such series of procedures relating to personal data. This refers in particular to the acquisition, filing, storage, usage, disclosure, provision, comparison, restriction, processing, modifying, reading, applying, transferring, linking and deleting, as well as to the destruction of personal data of all types.

§ d) Restriction of Processing
"Restriction of Processing" means the marking of stored personal data with the aim of limiting their processing in the future.

§ e) Profiling
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. 

§ f) Pseudonymisierung 
Pseudonymisierung ist die Verarbeitung personenbezogener Daten in einer Art und Weise, auf welche die personenbezogenen Daten ohne weitergehende zusätzliche Informationen nicht mehr einer konkreten betroffenen Person zugeordnet werden können, sofern diese zusätzlichen Informationen separiert aufbewahrt werden und technischen und/oder organisatorischen Maßnahmen unterliegen, die gewährleisten, dass die personenbezogenen Daten nicht einer identifizierten oder identifizierbaren natürlichen Person zugewiesen werden. 

§ g) Controller
The „Controller" is the natural or legal person, public authority, agency or other body which, alone or together with others, decides upon the means and purpose of the processing of personal data.  

§ h) Processor
The "Processor" is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller. 

§ i) Recipient
The "Recipient" is the natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.

§ j) Third Party
A "Third Party" is a natural or legal person, public authority, agency or other body other than the data subject, the Controller, the processor and persons who, under the direct authority of the Controller or processor, are authorized to process personal data.

§ k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

2. Name and Address of the Controller 

The Controller in this instance, responsible for data protection in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection regulations, is:


HAVER & BOECKER OHG

Carl-Haver-Platz 3, 
59302 Oelde, Germany

Phone: +49 2522 30-0

E-Mail: haver(at)haverboecker(dot)com

Website: www.haverboecker.com

3. Name and Address of our Data Protection Officer  
The Data Protection Officer for the Controller in this instance is: 

Phone: +49-2522-30 346

E-Mail: datenschutzbeauftragter(at)haverboecker(dot)com 
Website: www.haverboecker.com

Any person concerned can address any questions and comments regarding data protection directive to our Data Protection Officer.

4. Collection of General Data and Information
Our website collects a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in log files on our server. The data which may be collected includes: 

i. the browser type and version employed

ii. the operating system used by the accessing system

iii. the website which directed the accessing system to our webpage (the "referrer")

iv. the sub-website which was directed to our webpage by the accessing system

v. the date and time of the access

vi. the IP address involved

vii. the Internet service provider of the accessing system and

viii. any other data and information which may serve to repel any threats in the case of attacks to our information technology systems.

The way we employ your general data and information does not itself draw any conclusions about the data subject. Instead, this information is required in order to

i. present the content of our website in appropriate fashion

ii. optimize the content of our website and the relevant advertisements

iii. ensure the sustainable functional capacity of our IT system and the technology of our website, and

iv. compile information necessary for pursuing a prosecution which can be supplied to the appropriate authorities in the case of cyber-attack.

This anonymously acquired data and information is therefore statistically evaluated for the purpose of optimizing data protection and data security in our company, so that we may provide an appropriate level of protection for the personal data that we process. The anonymous data in the server log files is stored separately from all personal data relating to a data subject.


5. Deleting and Blocking Personal Data
The Controller and/or processor only processes and stores personal data relating to the data subject in so far as this is required in order to achieve the purpose of the data storage and insofar as this is permitted by the relevant laws or regulations relating to the processing of data by the Controller.

Should the purpose of the data storage no longer be applicable, or the period of storage established by the relevant law or regulation (duty to preserve records) have expired, then this personal data is routinely blocked or deleted in accordance with legal requirements.

6. Rights of the Data Subject 
§ a) Right to Confirmation 
Every data subject affected by the processing of personal data also has the right to obtain from the Controller, free of charge, information about the personal data referring to his or her person and to obtain a copy of this information. Furthermore, each data subject has the right to receive the following information:

§ b) Right to Information
Every data subject affected by the processing of personal data also has the right to obtain from the Controller, free of charge, information about the personal data referring to his or her person and to obtain a copy of this information. Furthermore, each data subject has the right to receive the following information: 

  • § The reason or reasons for processing the data;
  • § The category of personal data which is being processed; 
  • § The recipients or categories of recipients of the personal data, if any, especially if the Controller intends to transfer personal data to a third country or international organization; 
  • § If possible, the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; 
  • § The existence of the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to this processing:
  • § The right to lodge a complaint with a Controller; 
  • § If the personal data has not been obtained from the data subject in person, all available information about the origin of the data;
  • § The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • Furthermore, the data subject has the right to information about whether the Controller intends to transfer personal data to a third country or international organization. Should this be the case, the data subject further has the right to information about suitable safeguards in association with such transfer. 

If any data subject desires to take advantage of this right, he or she can approach our Data Protection Officer at any time.

§ c) Right to Rectification 
The data subject has the right to secure from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement. 

If any data subject desires to take advantage of this right, he or she can approach our Data Protection Officer at any time.

§ d) Right to Erasure 
Every data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: 

  • § The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • § The data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2) of the GDPR, and where there is no other legal ground for the processing;
  • § The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2); 
  • § The personal data have been unlawfully processed; 
  • § The personal data have to be erased for compliance with a legal obligation to which we are subject; 
  • § The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.

Should one or more of the above reasons apply and the data subject wishes to secure the erasure of personal data which is stored with us, he or she can approach our Data

Protection Officer at any time. Insofar as this request from erasure is legitimate, the erasure will be performed without delay. 

Where we have made the personal data public and are obliged pursuant to Article 17 (1) of the GDPR to erase the personal data, we shall, taking account of available technology

and the cost of implementation, take reasonable steps, including technical measures, to inform Supervisory Authorities which are processing the personal data that the data

subject has requested the erasure by such Supervisory Authorities of any links to, or copy or replication of, those personal data. Our Data Protection Officer will ensure that all

necessary steps are taken in each individual case.

§ e) Right to Restriction of Processing.
Every data subject has the right to obtain from the Controller restriction of processing where one of the following applies:

  • § The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data; 
  • § The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • § We as Controller no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims
  • § The data subject has objected to processing pursuant to Article 21 (1) of the GDPR pending the verification whether the legitimate grounds of the Controller override those of the data subject. 

Should one or more of the above reasons apply and the data subject wishes to restrict the processing of personal data which is stored with us, he or she can approach our Data Protection Officer at any time. Insofar as this request from erasure is legitimate, the restriction will be put in place without delay.

§ f) Right to Data Portability
Every data subject has the right to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit those data to another Controller without hindrance from us, where the processing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract pursuant to point (b) of Article 6 (1) of the GDPR, and the processing is carried out by automated means, insofar as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. 

Pursuant to Article 20 (1) of the GDPR, the data subject also has the right to have the personal data transmitted directly from us to another Controller, where technically feasible, as long as this does not adversely affect the rights and freedoms of others. 

Should the data subject wish to exercise this right to data portability, he or she can approach our Data Protection Officer at any time.

§ g) Right to Object
Every data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) of the GDPR, including profiling based on those provisions. 

In such a situation we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. 

Where we process personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, we will no longer process the personal data for such purposes. 

Furthermore, where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) of the GDPR, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest. 

Should the data subject wish to exercise this right to object, he or she can approach our Data Protection Officer at any time. Furthermore, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

§ h) Automated Individual Decision-Making Including Profiling
Every data subject has the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (i) is necessary for entering into, or performance of, a contract between the data subject and a data Controller, or (ii) is authorized by the law to which we are subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (iii) is based on the data subject's explicit consent. 

In the cases referred to in points (i) and (ii) above, we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express his or her point of view and to contest the decision. 

Should the data subject wish to exercise this right not to be subject to a decision based solely on automated processing, he or she can approach our Data Protection Officer at any time.

§ i) Right to Withdrawal Permission for Data Processing. 

Every data subject whose personal data is being processed has the right to withdraw permission for such processing at any time. 

Should the data subject wish to exercise this right to withdraw permission for data processing, he or she can approach our Data Protection Officer at any time.


7. Data Protection Regulations and the Use of Google Analytics (incl. Anonymization Function) 
We have integrated into our website the component Google Analytics (with Anonymization Function). This is a web analysis service, which involves obtaining, gathering and evaluating data about the behaviour of visitors to websites. Among other things, a web analysis service assesses data concerning the Internet page which directed an individual to this website, the individual pages of our website which a visitor accesses, and how often and during which period an individual page is visited or accessed. The main reason for web analysis is to optimize Internet pages and improve the efficiency of advertisements on the Internet. The operating company for Google Analytics is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The Controller for processing our website uses the suffix "_gat._anonymizeIp" for web analysis via Google Analytics. By employing this suffix, the IP address of the Internet connection of the data subject is shortened and anonymized by Google whenever access to our website comes from a member state of the European Union or another signatory country to the Agreement on European Economic Area.

We employ the Google Analytics component of our website in order to analyze visitors to that website. Google uses the data and information it gathers, among other things, to evaluate the use of our website, to draw up online reports for us indicating activities on our website, and to develop further services in association with the use of our website.

In each case, Google Analytics places a cookie on the information technology system of the data subject, the visitor to our website. This cookie enables Google to analyze the way visitors use our website. Each time individual pages of the website are accessed, the Internet browser of the information technology system of the data subject is automatically called upon by the Google Analytics component to transfer data to Google for the purpose of online analysis. Within the context of this technical procedure Google obtains knowledge about personal data such as the IP address of the data subject, which enables Google - among other things - to conclude the origin of the visitor and the clicks and, in consequence, to draw up a commission statement.

By using this cookie, personal data is stored, including the time of access, the location from which access proceeded and the frequency of visits to our website by the data subject. For each visit to our website this personal data, including the IP address of the Internet connection employed by the data subject, is transferred to Google in the USA. This personal data is also stored by Google in the USA. Under certain circumstances, Google provides the personal data collected by means of this technical procedure to third parties.

The data subject can prevent the use of cookies on our website at any time by choosing an appropriate setting for the Internet browser being used; in this way the planting of cookies is permanently prohibited. If such a setting is chosen on the Internet browser that is being used, it denies Google the possibility to place cookies on the Internet technology system of the data subject. Furthermore, cookies already placed by Google Analytics can be deleted at any time via the Internet browser or other software programs. It is possible that the use of our website will then be subject to restrictions.

Furthermore, the data subject has the opportunity at any time to refuse permission for Google Analytics to evaluate data obtained about use of this website or to process this data, thus preventing the data from being processed in any way. In order to do this, the data subject has to download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics by means of JavaScript that no data and information about the visitor to the webpage can be transferred to Google Analytics. Installing this browser add-on will be perceived by Google as a denial. If the information technology system of the data subject is deleted at a later time, reformatted or reinstalled, the data subject must once again install this browser add-on in order to deactivate Google Analytics. It is possible that the use of our website will then be subject to restrictions.

Should this browser add-on be uninstalled or deactivated by the data subject or another person who has been allocated access to this domain, it is possible for it to be reinstalled and reactivated.

Further information about Google data protection regulations can be found at https://policies.google.com/privacy and https://www.google.com/analytics/terms/gb.html. Google Analytics is explained in detail at https://www.google.com/analytics/analytics/.


8. Lawfulness of Processing 
Article 6 1 (a) of the GDPR provides the legal basis for us to process personal data if the data subject has given consent to the processing of his or her personal data for one or more specific purposes. If the processing is necessary for the performance of a contract to which the data subject is party, such as a contract for the delivery of goods or the performance of other services or obligations, then the legal basis is provided in Article 6 1 (b) of the GDPR. This also applies in such processing situations as the execution of measures prior to entering into a contract, in cases such as enquiries about our products or services. Should processing be necessary to comply with the legal obligation to which we are subject, such as the fulfilment of taxation obligations, then the processing of data is granted legal validity by Article 6 1 (c) of the GDPR. In rare cases, the processing of data could be necessary in order to protect the vital interests of the data subject or of another natural person; this would be the situation, for example, if a visitor to our company is injured and as a consequence his or her name, age or other vital information must be provided to a doctor, hospital or similar third party. In such cases the processing of information is granted legal validity by Article 6 1 (d) of the GDPR. Finally, the legal basis for processing data is provided by Article 6 1 (f) of the GDPR for situations where none of the above apply but where processing is necessary for the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are in particular permitted to conduct such processing when these interests have been specifically mentioned by the relevant legal regulation. It is stated here that a legitimate interest on our behalf exists when the data subject is a client of the Controller - a client of ours in this case (Recital 47, Overriding Legitimate Interest, 2).


9. Legitimate Interest in Processing
Should the processing of personal data from the data subject be pursued on the basis of Article 6 1 (f) of the GDPR, our legitimate interest is the performance of our business activities for the benefit of all our staff and shareholders.


10. Period of Storage of Personal Data
The criteria for determining the period that personal data is stored are set out in the relevant legal stipulations. When this period has expired the appropriate relevant data is routinely deleted unless it is required further for the execution or preparation of a contract.


11. Legal or Contractual Regulations for the Provision of Personal Data; Requirement for Conclusion of a Contract; Obligation of the Data Subject to Disclose Personal Data; Possible Consequences of Non-Disclosure
We wish to inform you that providing personal data is a legal requirement in certain circumstances (e.g. with reference to tax regulations), and that this may also be required due to contractual considerations (e.g. providing information to a contractual partner). Furthermore, in order to conclude a contract it may be necessary for a data subject to provide us with personal data which we then process. For example, the data subject is obliged to provide us with personal data if our company enters into a contractual agreement with that person. Failure to provide this personal data would then make it impossible to conclude that contract. Before providing personal data, the data subject must contact one of our staff. Our staff member will then explain to the data subject, based on the individual case, whether providing this personal data is legally or contractually required, or necessary for the conclusion of the contract, whether there is an obligation to provide this personal data and what consequences non-disclosure of this data would have.


12. Automated Decision-Making
As a responsible company we choose on principle not to employ automated decision-making or profiling.

Top