PRIVACY POLICY

Privacy Policy of the HÄRTHA GROUP (as of April 2023)

Thank you for your interest in our website www.haertha.de and in our company, products and services. We at HÄRTHA GROUP are aware that the protection of your privacy is important to you when using our websites. Therefore, compliance with legislation on data privacy is a matter of course for us. Furthermore, it is important to us that you as a customer always know when, how and what kind of data we collect from you and store, and how we use it.

 

In the following we inform you about the collection and other processing of personal data (e.g. storage, retrieval, modification, forwarding) when using our website. Personal data is all data that are personally referable to you, such as name, address, email addresses and user behaviour.

 

If we process personal data during the use of our website or if we make use of commissioned service providers for data processing concerned with individual functions, offers or services of our website, or if we wish to use your data for advertising purposes, we provide detailed information about the respective processes below, in particular which data is thereby processed. We also specify the intended storage period or in all cases the defined criteria for the storage period and the relevant legal basis for the respective processing.

 

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States as well as other data protection regulations is:

HÄRTHA GROUP GmbH, Joseph-von-Fraunhofer-Straße 3a, 52477 Alsdorf, info@haertha.de, www.haertha.de

For further information please follow the link below to our legal notice:

 

II. Contact details of the data protection officer

Our data protection officer can be reached at datenschutz@haertha.de or via our postal address, for the attention of the "Data Protection Officer".

 

III. Collection and storage of personal data as well as type, purpose, legal basis and duration of its use

 

§1 When visiting the website

If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we collect only the personal data that your browser transmits to our server. The following data is collected in the framework of the server log files:

 

  • IP address
  • Date and time of request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Request status/HTTP status code
  • The amount of data transmitted
  • The website making the request
  • Browser
  • Operating system and device
  • Language and version of your browser software.

 

This data is evaluated exclusively to ensure stable and secure operation of the site and to improve our offer. It is subsequently discarded. The legal basis for data processing is Art. 6 para. 1 p.1 (f) GDPR. Our legitimate interest derives from the aforementioned purposes for data collection.

The data is also stored in the log files of our system. These data are not stored together with other personal user data.

Collection of data for provision of the website and storage of data in log files is absolutely necessary for website operation. Consequently, there is no option to object on the part of the user.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection for provision of the website, this will be undertaken once the respective session has ended.

In addition, we use cookies and analytical services when you visit our website. For further information, please refer to sections V and VI of this Privacy Policy.

 

§2 The use of further services, functions and offers of our website

In addition to the purely informational use of our website, we offer various services that you can use, if interested. For this purpose, you must provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply. These services, offers and functions are described below.

 

(1) Contacting us via contact form or e-mail

When you contact us via our enquiry form or a general enquiry, the data you provide voluntarily (your e-mail address, your first and last name and, if applicable, telephone number, place of residence and postcode) is stored by us in order to answer your query. E-mail address and first and last name are required, all other information is voluntary. The answer will be sent by e-mail or, if specified, by telephone.

 

The legal basis for processing is your consent under Art. 6 para. 1 (a) and (b) of the GDPR on the basis of your voluntary consent or to answer your enquiry.

 

The data arising in this context will be deleted after your request has been dealt with or we will limit the processing insofar as there are statutory storage obligations.

 

 

(2) Job Applications

If you apply for a position at the HÄRTHA GROUP via the e-mail address provided on this website, the personal data you voluntarily submit will be used exclusively for the purpose of filling the advertised position and checking and processing your application submitted in this connection. After completion of the application process with regard to the specific position advertised, this data will be blocked for further use and deleted upon expiry of any statutory retention obligations. The legal basis for processing is Art. 88 DS-GMO in conjunction with § 26 Para. 1 GDPR.

 

 

IV. Data Sharing

Your personal data will not be transmitted to third parties for reasons other than those listed below.

We will disclose your personal data to third parties only if:

  • you have expressly consented to this under Art. 6 para. 1. page 1 (a) GDPR,
  • disclosure is necessary in accordance with Art. 6 Para. 1 page 1 (f) DGPR to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest in not disclosing your data,
  • in the event that disclosure in accordance with Art. 6 para. 1 page 1 (c) GDPR is a statutory obligation, provided
  • this is legally permissible and in accordance with Art. 6 para.1 page 1 (b) GDPR is required for the processing of contractual relationships with you.

 

 

V. Use of cookies

Scope of data processing

In order to make your visit to our website more pleasant and to enable you to use certain functions, we use "cookies" on certain pages. Cookies are small files that are stored on your hard drive and save specific settings and data for exchange with our system via your browser. Certain information is transmitted via the cookies to the body that sets the cookie (in this case us). Cookies cannot run programmes or deliver viruses to your computer.

 

Cookies do not contain any personal data and can therefore not be directly assigned to any user. Please note that certain cookies are set as soon as you enter our website. This website uses the following types of cookies:

 

  • Necessary / functional Cookies: These cookies are necessary to enable the operation of our website. This includes, for example, cookies that allow you to log into the customer area or add something to your shopping cart.
  • Transient cookies are automatically deleted when you close the browser. These especially include session cookies. These store a session ID which assigns the various requests made by your browser during the joint session. This allows your computer to be recognised when you return to the site. Session cookies are deleted when you log out or close the browser.
  • Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie in question. You can delete cookies at any time in the security settings of your browser.
  • Third-party cookies: These cookies belonging to some of our advertising and analysis partners help to make our website more interesting for you. For this reason, cookies from partner companies are also stored on your hard drive when you visit our website. These are cookies that are automatically deleted after a predefined period. Cookies from partner companies are usually deleted after a few days or up to 24 months, in some cases even after several years. The cookies belonging to our partner companies do not contain any personal data either. Pseudonymous data is collected only by means of a user ID. This pseudonymous data will never be combined with your personal data.

 

You can configure your browser settings as desired and refuse to accept third-party or any cookies. Your browser can also be configured so that a message is always displayed when a cookie is created. Please consult the provider of your browser. Please note that if you refuse cookies you may not be able to use all functions of this website.

 

The legal basis for the use of the plugins is Art. 6 paragraph 1 S. 1 (f) GDPR. Our legitimate interest arises from the above-mentioned purposes to make the offer of our website more user-friendly and effective.

 

For more information on Analytical Cookies, see VI.

 

VI. The use of analytical tools

Web analysis services are used on our website for the purposes of demand-oriented design and advertising.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various types of usage data, such as page views, length of stay, operating systems used, and origin of the user. This data is assigned to the respective end device of the user. Assignment of the data to a user-ID does not take place.
Furthermore, Google Analytics allows us to record such additional information as your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to augment the collected data sets, as well as machine learning technologies during data analysis.
Google Analytics uses technologies that make possible the recognition of the user for the purpose of analysing user behaviour patterns (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the United States and stored there. The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) of TTDSG [German act on telecommunication and telemedia data protection]. You may revoke your consent at any time.
Data transmission to the United States is based on the Standard Contractual Clauses of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

 

IP anonymisation

On this website, we have activated the IP anonymisation function. As a result, prior to its transmission to the United States, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to one of Google’s servers in the United States and abbreviated there. On behalf of the operator of this website, Google will use this information to analyse your use of this website, to generate reports on the website activities, and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser will not be merged with other data in Google’s possession.

 

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s Privacy Policy at: https://support.google.com/analytics/answer/6004245?hl=en.

Order processing

We have concluded an order-processing contract with Google, and when using Google Analytics we fully implement the requirements of the German data protection authorities.

Leadinfo

We use the lead generation service of Leadinfo B.V., Rotterdam, Netherlands. This service recognises visits by companies to our website, based on IP addresses, and for this purpose shows us publicly available information, such as company names or addresses. The IP addresses are not stored after use. In addition, Leadinfo sets two first-party cookies to evaluate user behaviour on our website, and processes domains from form entries (e.g. "leadinfo.com") to correlate IP addresses with companies and improve the services.
We have concluded an order processing contract with Leadinfo, and we implement the requirements of the data protection authorities.
For more information, visit www.leadinfo.com. To opt out, visit this website: www.leadinfo.com/en/opt-out. Once you have opted out, your data will no longer be recorded by Leadinfo.

Google Tag Manager

This website uses Google Tag Manager. Tags (labels) are used to complement content with additional information. Tagging is primarily used to make information easier to find and link. Google Tag Manager can be used to manage website tags via a user interface. As Google Tag Manager does not actually set cookies, only markings (tags), it does not collect any personal data. The service triggers other tags, which, in turn, may collect data. However, Google Tag Manager does not access this data. If a deactivation has taken place at the domain or cookie level, this deactivation remains in effect for all tracking tags implemented using Google Tag Manager.
“Google” is a group of companies and consists of Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and other affiliated companies of Google LLC.
We have concluded an order processing contract with Google. For more information about Google Tag Manager, please consult Google’s Privacy Policy.
Please note that, due to American laws such as the Cloud Act, American authorities, such as intelligence agencies, could potentially gain access to personal data that is inevitably exchanged with Google due to the Internet Protocol (TCP) when this service is integrated.

Hotjar

This privacy policy applies to the use on our website of the Hotjar web analysis software (hereafter referred to as "Hotjar"). The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a web analysis service that allows us to analyse user behaviour on our website. Hotjar uses cookies and similar technologies to collect information about the use of our website and to give us insights into user behaviour. This information is usually transmitted to a Hotjar server and stored there.
The information that Hotjar collects includes:
● IP address of the user (is collected in anonymised form)
● Device screen size
● Device type (unique device identifier)
● Browser information
● Geographical location (only the country)
● First and last name (if entered)
● E-mail address (if entered)
● Mouse events (movement, clicks, scrolling)
● Keystrokes

Hotjar uses this information to analyse user behaviour on our website and to provide us with reports about it. Hotjar commits not to disclose this information to third parties or to use it for purposes other than the provision of the service.
If you want to disable the use of Hotjar, you can do so by activating the opt-out feature on the Hotjar website: https://www.hotjar.com/opt-out. Enabling this feature disables the use of Hotjar on all websites that use Hotjar.
We use Hotjar to optimise the content we offer on our website and to improve the user experience. The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) of TTDSG [German act on telecommunication and telemedia data protection]. You may revoke your consent at any time.
Further information on data privacy at Hotjar can be found in Hotjar's privacy policy: https://www.hotjar.com/legal/policies/privacy.

HubSpot

On this website, we use the service HubSpot for various purposes. The service provider is HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA. Phone: + 1 617 812 5820.
HubSpot is an integrated software solution that we use for various aspects of our online marketing. These include: E-mail marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages, and contact forms. Our sign-up service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all collected information exclusively to optimise our marketing measures.

As part of the optimisation of our marketing measures, the following data may be collected and processed via Hubspot:
• Geographical location
• Browser type
• Navigation information
• Referral URL
• Performance data
• Information about how often the application is used
• Mobile app data
• HubSpot subscription service credentials
• Files viewed on site
• Domain names
• Pages viewed
• Aggregated usage
• Operating system version
• Internet service provider
• IP address
• Device identifier
• Duration of visit
• From where the application was downloaded
• Operating system
• Events that occur within the application
• Access times
• Clickstream data
• Device model and version
We also use HubSpot to provide contact forms.

The legal basis of the processing is your consent pursuant to Art. 6(1)(a) GDPR. If you do not want HubSpot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future. Your personal data will be kept for as long as necessary to fulfil the purpose of processing, and will be deleted afterwards. Data may be transferred to the United States. The security of the transfer is secured through agreement to Standard Contractual Clauses of the European Commission. In this way, we ensure that the processing of personal data is subject to a level of security that complies with European data protection standards. If the Standard Contractual Clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49(1)(a) GDPR can serve as the legal basis for transfer to third countries.

Google Ads

The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data held by Google, e.g. location data and interests (target group targeting). As the website operator, we can analyse this data quantitatively, for instance by analysing which search terms resulted in the display of our ads, and how many ads led to corresponding clicks.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) of TTDSG [German act on telecommunication and telemedia data protection]. You may revoke your consent at any time.
Data transmission to the United States is based on the Standard Contractual Clauses of the European Commission. For details, visit: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With the assistance of Google Conversion Tracking, we and Google are able to recognise whether the user has performed certain actions. For instance, we can analyse how frequently which buttons on our website have been clicked, and which products are viewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn the total number of users who have clicked on our ads, and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) of TTDSG [German act on telecommunication and telemedia data protection]. You may revoke your consent at any time.
For more information about Google Conversion Tracking, please review Google’s privacy policy at: https://policies.google.com/privacy?hl=en.

LinkedIn Insight Tag

Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyse professional data about our website visitors, and thus better tailor our site to the respective target groups. Furthermore, LinkedIn Insight Tags allow us to measure whether visitors to our websites make a purchase or take any other action (conversion measurement). Conversion measurement can also be performed across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a re-targeting function that allows us to display targeted off-site advertising to visitors to our website, in which, according to LinkedIn, no identification of the advertising addressee takes place. LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of the LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days. The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the United States and use it in the context of its own advertising measures. For details, please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig. The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) of TTDSG [German act on telecommunication and telemedia data protection]. You may revoke your consent at any time.

You can object to the analysis of usage behaviour and to targeted advertising by LinkedIn at the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Moreover, in their account settings, LinkedIn members can control the use of their personal data for advertising purposes. To prevent a link between data collected on our website by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

 

VII. Your rights

If personal data is processed by us, you have the following rights in relation to us with regard to the personal data concerning you:

 

Right to information, Art. 15 GDPR

You can request that the data controller confirm whether we will process personal data that concerns you.
If such processing takes place, you can request the following information from the data controller:

 

  • the purposes for processing the personal data;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed, in particular recipients in third countries or international organisations: in the latter case you may demand, under the guarantees pursuant to Art. 46 GDPR, to be informed about data transmission;
  • the planned storage duration of your personal data or, if specific information in this regard is not possible, criteria for determining the storage period;
  • the existence of a right of rectification or deletion of your personal data or of a restriction on processing by the data controller or of a right to oppose such processing;
  • the existence of a right of appeal to a supervisory authority;
  • the existence of automated decision-making, including profiling, in accordance with Article 22 Para. 1 and 4, GDPR and
  • at least in such cases – meaningful information about the logic involved and the scope and intended effects of such processing for the person concerned.

 

The right of rectification, Art. 16 GDPR

You have a right of rectification and/or completion with respect to the data controller if the personal data processed concerning you is incorrect or incomplete. The data controller shall make the correction immediately.

 

Right to deletion, Art. 17 GDPR:

a) Duty to delete

You have the right to demand deletion of personal data concerning you from the data controller without undue delay and the data controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

 

  • the personal data are no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • you withdraw your consent on which the processing is based according to Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) GDPR, and where there is no other legal ground for its processing.
  • you object pursuant to Art. 21 Paragraph 1, GDPR, and there are no overriding legitimate grounds for processing, or you submit an objection pursuant to Art. 21 Paragraph 2 GDPR to the processing;
  • the personal data concerning you has been unlawfully processed.
  • the personal data concerning you must be deleted for compliance with a legal obligation under Union or Member State law to which the data controller is subject.
  • the personal data concerning you has been collected in relation to services offered by information society services pursuant to Art. 8 Para. 1, GDPR.

 

b) Information to third parties

If the data controller has made personal data that concerns you public and is subject to the obligation to delete it pursuant to Art. 17, Para. 1 GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist insofar as processing is necessary

 

  • to exercise the right of freedom of expression and information;
  • for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the person responsible is subject or for the performance of a task in the public interest or in the exercise of official authority conferred to the person responsible;
  • for reasons of public interest in the field of public health in accordance with Art. 9 Para. 2 lit. h and i, as well as Art. 9 Para. 3, GDPR;
  • for archiving purposes in the interest of public, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, to the extent that the law referred to in Clause (a) is likely to render impossible or seriously prejudicial the attainment of the objectives of such processing; or
  • to assert, exercise or defend legal claims.

 

The right to restriction of processing, Art. 18 GDPR:

Under the following conditions, you may request that the processing of personal data concerning you be restricted if:

 

  • you contest the accuracy of your personal data for a period that enables the data controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  • the data controller no longer needs the personal data for processing purposes, but it is required by you for the establishment, exercise or defence of legal claims or
  • you have objected to processing pursuant to Art. 21 Para. 1 GDPR pending the verification of whether the legitimate grounds of the data controller override your reasons.

 

Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.

If you have obtained a processing restriction in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

 

Right to information, Art. 19 GDPR:

If you have exercised your right to have the data controller correct, delete or limit the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

It is your right to have the data controller inform you regarding such recipients.

 

- Right to data portability, Art. 20 GDPR

You have the right to obtain your personal data that you have provided to the data controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, insofar as

 

  • the processing is based on consent pursuant to Art. 6 Para. 1(a), GDPR or Art. 9 Para. 2(a) GDPR or on a contract pursuant to Art. 6 Para. 1 (b) GDPR and
  • the processing is carried out using automated methods.

 

In exercising this right, you shall have the right to have the personal data transmitted directly from one data controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

Your right to cancellation remains unaffected.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.

 

Right to objection, Article 21 GDPR

According to Art. 21 Para. 1 S.1 GDPR you have a case-by-case right of objection to the processing of personal data concerning you on the basis of Art. 6 Para. 1 (e) GDPR (data processing in the public interest) or Art. 6 para. 1 p. 1 (f) GDPR (data processing to protect the legitimate interests of the person responsible or a third party) and pursuant to Art. 21 para. 2 GDPR a right of objection to the processing of personal data for advertising purposes.

 

The right to revoke consent to data protection consent

You can revoke your consent to the processing of your personal data at any time. Please note that such revocation is only with future effect. The legality of the processing carried out on the basis of the consent until revocation is not affected.

 

Automated decision in individual cases including profiling, Art. 22 DSGVO:

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This shall not apply if the decision:

 

  • is required for the conclusion or execution of a contract between you and the data controller;
  • - is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

 

In the cases referred to in (1) and (3), the data controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the data controller, to state his or her own position and to challenge the decision.

Furthermore, decisions based exclusively on automated processing may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.

 

Right to object to a supervisory authority, Article 77 GDPR

You also have the right to file a complaint with a data protection supervisory authority concerning our processing of your personal data. You can lodge your complaint with the supervisory authority in the Member State where you reside, work, or the suspected infringement occurred. The supervisory authority with which the complaint has been filed shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

You can exercise your aforementioned rights by sending us an informal message - if possible with the subject line "objection".

This message can be sent by post to:

 

HÄRTHA GROUP GmbH, Joseph-von-Fraunhofer-Straße 3a, 52477 Alsdorf

or by email to:

info@haertha.de or

datenschutz@haertha.de.

 

VIII. Personal data security

We endeavour to take all possible technical and organisational measures to store your personal data in such a way that it is not accessible to third parties. When communicating by email, complete data security cannot be guaranteed. We therefore recommend that you send confidential information by post

 

This site uses SSL encryption for security reasons and for the protection of the transmission of confidential content, such as the enquiries you send to us as the site operator . You can recognise an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar. When SSL encryption is activated, the data you transfer to us cannot be read by third parties.