Data Privacy Statement
At HARPAINGAS GMBH & CO KG, ABC-Straße 15, 20354 Hamburg, („Harpain“), we respect your privacy. The protection of your personal data (such as your name, email address or telephone number) is therefore of particular importance to us. Our data protection practice complies with the provisions of the General Data Protection Regulations (GDPR) of the European Union as well as with additional legal requirements.
I. Names and Addresses of the Controller
The “controller” within the meaning of the General Data Protection Regulations (GDPR) and of other national data protection and privacy laws of the EU Member States as well as other data protection provisions is:
II. Names and Addresses of the Data Protection Officer(s)
The data protection officer for the aforementioned is:
Mr. Dimokratis Tatanis
We value your trust. Should you have any questions regarding the collecting, processing or use of your personal data, in the case of revocation of consent, information, correction, blocking or deletion of data, please contact:
HARPAINGAS GMBH & CO KG, ABC-Straße 15, 20354 Hamburg
III. General Information on Data Processing
1. Scope of the processing of personal data
As a matter of principle, we only collect and use the personal data of our users as much as is necessary to provide a functional website as well as our contents and services. The collecting and use of the personal data of our users regularly takes place only on a legal basis. An exception applies in such cases in which a legal basis is not apparent and the processing of the data can only be authorized via a consent.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject to process his or her personal data, Art. 6 para. 1 Lit. a of the GDPR serves as legal basis.
In the processing of personal data required to fulfill a contract whose contracting party is the data subject, Art. 6 para. 1 Lit. b of the GDPR serves as legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures and actions.
Insofar as the processing of personal data is necessary in order to fulfill a legal obligation to which our company is subject, Art. 6 para 1 Lit. c of the GDPR serves as legal basis.
If the processing of data is necessary to safeguard a legitimate interest of our Company or of a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 Lit. f of the GDPR serve as legal basis for the processing.
3. Data erasure and storage period
The personal data of the data subject will be erased or blocked as soon as the purpose of storing the data ceases to apply. Furthermore, data may be stored if doing so has been provided for by European or national lawmakers in EU regulations, laws or other provisions to which the controller is subject. The data will likewise be blocked or erased if a storage period stipulated by the aforementioned rules expires, unless it is necessary to continue storing the data in order to conclude or fulfill a contract.
IV. Provision of the Website and Creation of Log Files
As a basic principle, you are able to use our internet site without providing your personal data.
Webserver log files
Every time our internet pages are accessed, information transmitted from your browser is automatically saved in webserver log files. In particular, this information includes the name of your provider, your anonymized IP address, your browser type, your operating system, internet sites you have previously visited, and the server request time. Neither this data nor other associated personal data of the user are stored.
The legal basis for the temporary storage of data is Art. 6 para. 1 Lit. f of the GDPR.
The temporary storage of the IP address by the system is necessary in order to make it possible for the website to be delivered to the user’s computer. To do this, the user’s IP address must remain stored for the duration of the session. The log files are stored in order to ensure the functionality of the website. In addition, the data helps us optimize the website and safeguard the security of our information technology systems. In this context, no analysis of the data is conducted for marketing purposes.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. As relates to the collection of data for the provision of the website, this is the case when the respective session has ended.
The collection of data for the provision of the website as well as the storage of data in log files is absolutely necessary for the operation of the website. For this reason, there is no option to object on the user’s side.
V. Third-Party Access and Data Disclosure
The recording, processing and use of personal data is carried out by us as well as other companies in the Corporate Group or by external service providers who are contracted by us and both contractually and legally bound to data protection. In these cases, we ensure that Group companies and these external service providers abide by the relevant legal data protection rules.
Otherwise, no third parties have access to your personal data. We will only forward data to the responsible authority in the event of official or legal demands as well as legal obligations to transmit data. This also applies in the event of a court order for transmission. In the case of an official, legal or judicial obligation to transmit data, we will examine in each individual case whether the transmission complies with the basic principles of the GDPR and/or the applicable national law.
We have implemented extensive security provisions and measures to protect personal data stored by us from unauthorized access, misuse, altering, misappropriation, destruction and loss. However, we must point out that unencrypted data transfer via the internet cannot provide any guarantee that access to your data by third parties is prohibited. Complete protection of your data during unencrypted transfer from your system to our server is not possible in technical terms.
VII. Rights of the data subject
If your personal data is processed, then you are a “data subject” within the meaning of the GDPR. You have the following rights vis-à-vis the controller:
- Right of access: You may request information about your data processed by us, in particular about the purposes of processing, the category of personal data, the categories of recipients to whom the data have been or will be disclosed by us, the envisioned period of storage, the existence of a right of rectification, erasure, restriction of processing or objection to it, the existence of a right to lodge a complaint, where your data are collected from (if these are not collected by us), and the existence of automated decision-making, including profiling.
- Right to rectification: You have the right to demand without undue delay the rectification of inaccurate personal data stored by us as well as to have incomplete personal data stored by us completed.
- Right to erasure: You have the right to demand that personal data stored by us be erased as long as the processing of this data is not necessary to fulfill a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
- Right to block data: You have the right to demand that your personal data be blocked. Data that is blocked will not be deleted from our databases, but they will not be processed as long as the block is in effect.
- Right to data portability: You have the right to receive the personal data on you that you have provided us in a structured, commonly used and machine-readable format or to demand that it be transmitted to another controller.
- Right to object: Consent given to process your personal data can be revoked at any time. As a result of this, we will no longer be permitted to continue processing data based on this consent in the future.
- Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. To do so, you can contact the supervisory authority of the place of business of our company.
In order to exercise your rights as a data subject, please contact our Data Protection Officer (cf. Section II of this Data Privacy Statement). As an alternative, you may also contact a customer service representative or other contact person you know at Harpain.
If an individual exercises his or her rights in accordance with the GDPR, we will not charge any fees. However, a reasonable fee may be charged if your inquiry is demonstrably abusive improper or if you make a repeated inquiry without relevant justification.
We may need to collect information on you that will enable us to clearly identify you as a data subject. In doing so, we will endeavor not to complicate or even hinder your request. Rather, we want to make sure that none of your personal data falls into the hands of unauthorized persons.
Our internet sites may contain hyperlinks (i.e., electronic cross-references) with which internet sites from other companies can be called up. This Data Privacy Statement does not apply to these linked internet sites belonging to other companies.
IX. Amendment of this Data Privacy Statement
It may be necessary to adapt our Data Protection Statement to changing framework conditions of a factual and legal nature. The Data Privacy Statement published on our pages is kept up to date.
As of: August 2019