Effective: June 2025

We appreciate your interest in the offerings of HANSA‑FLEX AG (‘HANSA‑FLEX’). The protection of your personal data (‘data’) is very important to us. These privacy notices inform you about the processing of your data when using our online services as well as in the context of other business and communication processes with us.  

The following data processing activities are the responsibility of:

HANSA‑FLEX AG
Zum Panrepel 44
28307 Bremen
Federal Republic of Germany

Telephone: +49 421 48 90 70
Fax: +49 421 48 90 748
Email: info@hansa-flex.de 
https://www.hansa-flex.de/en/

Data Protection Officer of HANSA‑FLEX AG:

Max Danne
HANSA‑FLEX AG
Zum Panrepel 44
28307 Bremen
 

Telephone: +49 421 48 90 7 221
Fax: +49 421 48 90 7 930
Email: datenschutz@hansa-flex.de 

To the extent that we process your personal data, you have the following rights:

1.1 Right to information

You have the right to request free information about whether data concerning you is being processed and, if so, which data we process about you (Art. 15 GDPR). You may repeat this request within a reasonable timeframe. You also have the right to receive a copy of your data that is subject to our processing.

1.2. Right to rectification

You may also request the rectification of inaccurate data concerning you pursuant to Art. 16 GDPR. Additionally, you have the right, considering the purposes of the processing, to request the completion of incomplete data about you.

1.3. Right to erasure

Under the conditions of Art. 17 GDPR, you may request the erasure of your data.

1.4. Right to restriction of processing

You have the right to request the restriction of processing from us if the conditions of Art. 18 GDPR are met. This is the case, for example, if the processing of your data is no longer necessary for our purposes but you require it for the establishment, exercise or defence of legal claims. If the processing of your data is restricted, such data may only be processed – apart from storage – with your consent or in the special cases listed in Art. 18(2) GDPR.

1.5. Right to data portability

Under the conditions of Art. 20 GDPR, you may request the provision of your data in a structured, commonly used and machine-readable format. In this case, you may also request that we transfer this data to another controller.

1.6. Right to withdraw consent

If we process your data based on your consent, you have the right to withdraw the given consent at any time with effect for the future (Art. 7(3) GDPR).

1.7. Right to object

You have the right to object at any time to data processing for direct marketing purposes. Additionally, for specific reasons, you may object at any time to data processing carried out based on legitimate interests pursuant to Art. 6(1)(f) and Art. 21 GDPR.

1.8. Exercising your data subject rights

To exercise your data subject rights, please contact our Data Protection Officer by email or letter (contact details below).

1.9. Contact channels

You can exercise your rights through the following contact channels:

HANSA‑FLEX AG
Zum Panrepel 44
28307 Bremen
Federal Republic of Germany

Telephone: +49 421 48 90 70
Fax: +49 421 48 90 748
Email: datenschutz@hansa-flex.de 

1.10. Right to lodge a complaint with a data protection supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement (Art. 77 GDPR).

1.11. Other information

The provision of personal data is neither legally nor contractually required nor necessary for the conclusion of a contract. Furthermore, we do not use automated decision-making (including profiling).  

In this section, we inform you about the processing of your data when you visit our online platforms. This information applies in particular to our websites (corporate website, customer portal and online shop).

2.1. Operation of all online platforms

2.1.1. Scope of data processing

When accessing our online platforms, the following data are transmitted to our web server and stored in a log file:

• Information about the browser type and version used,
• The user’s operating system,
• The user’s internet service provider,
• The user’s IP address,
• Date and time of access,
• Websites from which the user’s system reached our website (referrer URL),
• Websites accessed by the user’s system via our website.

2.1.2. Purposes of data processing

The processing of these data is necessary to display the content of the online platforms optimally on your device. Additionally, we process these data to defend against, investigate and clarify attacks on our IT systems and to prevent and detect criminal activities.

2.1.3. Legal basis for data processing

The processing of these data is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in displaying the online platforms optimally to you, tracing attacks on our IT systems and preventing and detecting criminal activities.

2.1.4. Recipients of the data

Our web hosting provider processes the aforementioned data strictly on our behalf based on a data processing agreement pursuant to Art. 28 GDPR.  

2.1.5. Storage duration

The log data are stored for a period of 30 days and then deleted, unless they need to be retained longer for the purpose of tracing an identified attack or for other exceptional reasons. 

2.2. Use of cookies and tracking technologies

When visiting our online platforms, we use so-called cookies. These are small text files stored on your device. Cookies typically contain a unique character string, the so-called cookie ID, which allows your browser to be identified when you revisit our websites.

Cookies save you from having to re-enter data multiple times, facilitate the transmission of specific content and help us identify particularly popular areas of our online presence. This enables us to continuously improve the structure and content of our online presence.

2.2.1. Purposes and legal bases

‘Functional’ cookies: To the extent that the cookies used on our online platforms are necessary to enable the operation of the online platforms or to ensure IT security, the legal basis for the use of these cookies is Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG). The legal basis for the further processing of these data is Art. 6(1)(f) GDPR.

‘Measurement’ cookies: To the extent that the cookies used on our online platforms are for statistical purposes (e.g. evaluating visitor behaviour, measuring reach), the legal basis is your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

‘Marketing’ cookies: To the extent that the cookies used on our online platforms are for marketing purposes (tracking cookies), the legal basis is your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.

Specific information about the cookies used on our respective online platforms can be found in the respective cookie banners displayed on your first visit to the site. You can also provide the necessary consent for the use of certain cookies via the cookie banner.

2.2.2. Deactivation of cookies

You have full control over the use of cookies and can delete cookies in your browser, completely deactivate the storage of cookies, selectively accept certain cookies and, if applicable, set your browser to notify you when a cookie is used. Please use your browser’s help functions to learn how to change these settings. This may restrict the functionality of our online platforms.

2.3. Consent Manager

2.3.1. Description and scope of data processing

On our online platforms, we use the cookie consent technology of ‘Consent Manager’, a service provided by consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden. We have entered into a data processing agreement with consentmanager AB pursuant to Art. 28 GDPR.

With the help of the Consent Manager, we document whether you have consented to the setting of certain cookies in the cookie banner, withdrawn consents or objected to data processing. The following data are stored:

• Your IP address in anonymised form (the last three digits are set to ‘0’),
• Date and time of your consent,
• User agent of your browser,
• URL from which your consent was sent,
• An anonymous, random and encrypted key,
• Your consent status, which serves as proof of consent.

Details about the Consent Manager can be found here: https://www.consentmanager.net/datenschutz/   

2.3.2. Purposes and legal bases of data processing

The use of the Consent Manager is to meet data protection requirements for the setting and documentation of cookies. We use the Consent Manager to demonstrate compliance with legal obligations, pursuant to Art. 6(1)(c) GDPR.

2.3.3. Storage duration and control options

The cookie is active for 12 months. Beyond that, the collected data are deleted if you request us to do so, you delete the Consent Manager cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. 

2.4. Google Analytics & Google Signals

2.4.1. Description and scope of data processing

On our online platforms, we use Google Analytics and Google Signals, web analytics services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). Cookies are used for this purpose. After you grant your consent by clicking the confirmation button in our cookie banner, the advertising analysis process by Google Analytics and Google Signals begins.

The collected usage data include, in particular, your IP address, the specific selection of links, the time spent on individual pages, the order of use of the respective online platform and the frequency of page views. If you are logged into your Google account and have activated personalised advertising, these data may be linked to your Google account and used by Google for personalised advertising and for aggregated, anonymised usage statistics. Further information can be found in Google’s privacy policy: https://policies.google.com/privacy.  

2.4.2. Purposes and legal bases of data processing

Google Analytics collects information to create usage statistics for our online platforms. The use of the web analytics services Google Analytics and Google Signals only occurs after you have given your consent by clicking the consent button in the cookie banner on the respective online platform. The legal basis for the processing of data when using our online platforms is Art. 6(1)(a) GDPR (consent) and Section 25(1) TDDDG.  

2.4.3. Recipients of the data

The information generated by the cookies about the use of the online platforms is usually transferred to a Google server in the USA and stored there. We have no influence over the type and extent of the data processed by Google, the manner of processing and use or the transfer of these data to third parties. Adequate guarantees for third-country transfers are provided by the EU Standard Contractual Clauses. Additionally, Google LLC is certified under the EU-U.S. Data Privacy Framework. Further information from Google can be found at:

• Website: https://marketingplatform.google.com
• Privacy policy: https://policies.google.com/privacy 

2.4.4 Storage duration, right to withdraw consent and right to object

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired.

You may withdraw your consent regarding Google Analytics and Google Signals at any time with effect for the future in the settings of the Consent Manager. Alternatively, you can object to data processing by Google Analytics at any time by downloading and installing the browser add-on provided by Google at tools.google.com/dlpage/gaoptout?hl=de. We automatically delete the analysis data processed and stored by Google Analytics after 14 months.

2.5. Google Ads Conversion Tracking & Remarketing

2.5.1. Description and scope of data processing

On our online platforms, we use Google Ads Conversion Tracking, including Remarketing, an advertising analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). Cookies are used for this purpose. After you grant your consent by clicking the confirmation button in our cookie banner, the analysis process by Google Ads Conversion Tracking begins.

The collected usage data include, in particular, your IP address, information about whether you reached our online platform via our Google Ads advertisement and which actions you subsequently performed on our website. Further information can be found in Google’s privacy policy: https://policies.google.com/privacy.  

When using Google Ads Remarketing (also known as ‘Retargeting’), users who have visited our online service are added to a pseudonymous Remarketing list. User behaviour on our website is recorded to enable targeted advertisements to be displayed to the relevant individuals on other websites later. This data processing is carried out using cookies and similar technologies.

2.5.2. Purposes and legal bases of data processing

We use Google Ads Conversion Tracking to optimise our advertising presence and advertisements and for the targeted delivery of interest-based advertising based on previous user behaviour. The use of Google Ads Conversion Tracking only occurs after you have given your consent by clicking the consent button in the Consent Manager on the respective online platform. The legal basis for the processing of data when using our online platforms is Art. 6(1)(a) GDPR (consent) and Section 25(1) TTDSG.

2.5.3. Recipients of the data

This information is usually transferred to a Google server in the USA and stored there. We have no influence over the type and extent of the data processed by Google, the manner of processing and use or the transfer of these data to third parties. As such, we also have no effective monitoring options. The basis for data transfers to third countries is the EU Standard Contractual Clauses. Additionally, Google LLC is certified under the EU-U.S. Data Privacy Framework.  

Further information on:

• Types of data processing: https://business.safety.google/adsservices/  
• Data processing terms and information on Standard Contractual Clauses for third-country transfers: https://business.safety.google/adscontrollerterms 

2.5.4. Storage duration, right to withdraw consent

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired.

You may withdraw your consent regarding Google Ads Conversion Tracking at any time with effect for the future in the settings of the Consent Manager. We automatically delete the analysis data processed and stored after 14 months. 
 

2.6. Meta Pixel

2.6.1. Description and scope of data processing

On our online platforms, we use Meta Pixel, a JavaScript code provided by Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (‘Meta’).

After you grant your consent by clicking the confirmation button in our cookie banner, the data processing process by Meta Pixel begins.

The collected data include:

• HTTP header information, such as information about the web browser used (e.g. user agent, country/language settings),
• Online identifiers, such as IP addresses and, where provided, Meta-related identifiers or device IDs (e.g. advertising IDs for mobile operating systems),
• Actions performed by you on the respective online platform (so-called ‘events’), such as completing a registration, selecting items for the shopping cart or initiating contact via our online platforms.

This information may be linked with your user data on Facebook and Instagram.

Both we and Meta are jointly responsible for the processing of these data. The basis for data processing by Meta is an agreement between us and Meta on the joint processing of personal data, which specifies the respective responsibilities. The agreement can be accessed at https://www.facebook.com/legal/controller_addendum. According to this, we are primarily responsible for fulfilling the information obligations under Art. 13 and 14 GDPR and for complying with the obligations under Art. 33 and 34 GDPR, insofar as a personal data breach affects our obligations under the joint processing agreement. Meta is responsible for enabling data subject rights under Art. 15–20 GDPR, complying with the security requirements of Art. 32 GDPR regarding the security of processing and fulfilling the obligations under Art. 33 and 34 GDPR, insofar as a personal data breach affects Meta’s obligations under the joint processing agreement. However, you may still contact us to exercise your rights.

Further information on data processing by Meta can be found in Meta’s privacy policy: https://www.facebook.com/privacy/policy/. 

2.6.2. Purposes and legal bases of data processing

Meta Pixel collects information to create usage statistics for our advertisements and online platforms. This allows us to measure the effectiveness of our advertising and improve our advertisements. The use of Meta Pixel only occurs after you have given your consent by clicking the consent button in the Consent Manager on the respective online platform. The legal basis for the processing of data when using our online platforms is Art. 6(1)(a) GDPR (consent) and Section 25(1) TTDSG.

2.6.3. Recipients of the data

The processed data may be transferred to the parent company Meta Platforms, Inc., based in the USA. We have no influence over the type and extent of the data processed by Meta, the manner of processing and use or the transfer of these data to third parties. As such, we also have no effective monitoring options. The basis for data transfers to third countries is the EU Standard Contractual Clauses. Additionally, Meta Platforms, Inc., is certified under the EU-U.S. Data Privacy Framework.

2.6.4. Storage duration, right to withdraw consent

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired.

You may withdraw your consent regarding Meta Pixel at any time with effect for the future in the settings of the Consent Manager. We automatically delete the analysis data processed and stored with Meta Pixel after 14 months. 

2.7. LinkedIn Insight Tag and LinkedIn advertisements with Lead Gen Forms

2.7.1. LinkedIn Insight Tag

2.7.1.1. Description and scope of data processing  

On our online platforms, we use LinkedIn Insight Tag, an advertising analysis service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (‘LinkedIn’). Cookies are used for this purpose. After you grant your consent by clicking the confirmation button in our cookie banner, the analysis process by LinkedIn begins.  
The collected usage data include, in particular, your IP address, device and browser properties and information about whether you reached our online platform via our LinkedIn Ads advertisement and which actions you subsequently performed on our website. Further information can be found in LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy. 

2.7.1.2. Purposes and legal bases of data processing

We use LinkedIn Insight Tag to optimise our advertising presence and advertisements. The use of LinkedIn Insight Tag only occurs after you have given your consent by clicking the consent button in the Consent Manager on the respective online platform. The legal basis for the processing of data when using our online platforms is Art. 6(1)(a) GDPR (consent) and Section 25(1) TTDSG.

2.7.1.3. Recipients of the data  

This information may be transferred to LinkedIn in the USA and stored there. We have no influence over the type and extent of the data processed by LinkedIn, the manner of processing and use or the transfer of these data to third parties. As such, we also have no effective monitoring options. The basis for data transfers to third countries is the EU Standard Contractual Clauses.

2.7.1.4. Storage duration, right to withdraw consent  

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired.  
You may withdraw your consent regarding LinkedIn Insight Tag at any time with effect for the future in the settings of the Consent Manager. We automatically delete the analysis data processed and stored after 14 months.  

2.7.2. LinkedIn advertisements with Lead Gen Forms

2.7.2.1. Description and scope of data processing

We use advertisements with Lead Gen Forms from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (‘LinkedIn’), to provide relevant content to users. LinkedIn advertisements with Lead Gen Forms are directed at LinkedIn members and use data that users have provided on LinkedIn. Personal settings for data use on LinkedIn can be adjusted here: https://de.linkedin.com/legal/privacy-policy. 

If you fill out the lead form of a displayed advertisement, the following personal data are transmitted to us:

• Last name,
• First name,
• Job title,
• Company name,
• Telephone number (if provided),
• Email address (if provided).  

Further information can be found in LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy. 

2.7.2.2. Purposes and legal basis of data processing

With LinkedIn advertisements with Lead Gen Forms, you have the option to explicitly consent (‘opt in’) to the processing of your data for advertising purposes. In this case, we use the data listed in section 2.7.2.1 to contact you personally by telephone and/or email to provide you with further information about our services and products. The legal basis for the processing of the data is Art. 6(1)(a) GDPR (consent) and Section 25(1) TTDSG.  

2.7.2.3. Recipients of the data

The information listed in section 2.7.2.1 may be transferred to LinkedIn in the USA and stored there. We have no influence over the type and extent of the data processed by LinkedIn, the manner of processing and use or the transfer of these data to third parties. As such, we also have no effective monitoring options. The basis for data transfers to third countries is the EU Standard Contractual Clauses.  

2.7.2.4. Storage duration and right to withdraw consent

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired. You may withdraw your consent to the use of your data for advertising purposes at any time by contacting datenschutz@hansa-flex.com.   

We automatically delete the analysis data processed and stored after 14 months at the latest. 

2.8. Google reCAPTCHA

2.8.1. Description and scope of data processing

To protect our online platforms against misuse by bots, we use Google reCAPTCHA, a captcha service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). Cookies are used for this purpose. As part of this service, Google processes your IP address and other data, such as information about the operating system, language settings, time, screen resolution and mouse and keyboard behaviour.

Further information can be found in Google’s privacy policy: https://policies.google.com/privacy.   

2.8.2. Purposes and legal bases of data processing

Google reCAPTCHA collects data to determine whether the actions performed on our online platforms are carried out by a human or a bot. The legal basis for the processing of the data is Art. 6(1)(f) GDPR. Our legitimate interest lies in protecting our online platforms from bot attacks.

2.8.3. Recipients of the data

The information generated by the cookies about the use of our online platforms is usually transferred to a Google server in the USA and stored there. We have no influence over the type and extent of the data processed by Google, the manner of processing and use or the transfer of these data to third parties. Adequate guarantees for third-country transfers are provided by the EU Standard Contractual Clauses. Additionally, Google LLC is certified under the EU-U.S. Data Privacy Framework.

2.8.4. Storage duration

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired.

2.9. Google Maps

2.9.1. Description and scope of data processing

On our online platforms, we use the Google Maps map service. This allows us to display interactive maps directly on our online platform and enable you to use the map function conveniently. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data are regularly transferred to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as part of the data processing. Google Ireland Limited and Google LLC are hereinafter collectively referred to as ‘Google’. To use the functions of Google Maps, it is necessary to store your IP address.  

2.9.2. Purposes and legal bases of data processing

The use of Google Maps is in the interest of an appealing presentation of our services and the easy findability of the locations specified on the respective online platform. The processing of the data is based on Art. 6(1)(a) GDPR (consent) and Section 25(1) TTDSG.

2.9.3. Recipients of the data

This information is usually transferred to a Google server in the USA and stored there. We have no influence over the type and extent of the data processed by Google, the manner of processing and use or the transfer of these data to third parties. As such, we also have no effective monitoring options. The basis for data transfers to third countries is the EU Standard Contractual Clauses. Additionally, Google LLC is certified under the EU-U.S. Data Privacy Framework.

2.9.4. Storage duration, right to withdraw consent

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired.

You may withdraw your consent regarding Google Maps at any time with effect for the future in the settings of the Consent Manager.  

2.10. YouTube plugins

2.10.1. Description and scope of data processing

Our online platforms use YouTube plugins. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter ‘Google’). The integration of YouTube videos is carried out in the so-called ‘enhanced data protection mode’, which, according to the provider, only triggers the storage of user information when the video(s) are played.  

When you visit one of our online platforms equipped with a YouTube plugin, a connection to the YouTube servers is established. This informs the YouTube server which of our online platforms you have visited. If you are logged into your YouTube account, you enable YouTube to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.  

Further information on the handling of user data can be found in YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy.   

2.10.2. Purposes and legal bases of data processing

The legal basis for the data processing is Art. 6(1)(f) GDPR, whereby our interest lies in the seamless integration of videos and the appealing design of our website.

2.10.3. Recipients of the data

The integration of YouTube may result in personal data being transferred to Google. Google processes your personal data also in the USA. We have no influence over the type and extent of the data processed by Google, the manner of processing and use or the transfer of these data to third parties. As such, we also have no effective monitoring options. The basis for data transfers to third countries is the EU Standard Contractual Clauses used by Google.

2.10.4. Storage duration, right to withdraw consent

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired.

You may withdraw your consent regarding YouTube plugins at any time with effect for the future in the settings of the Consent Manager.  

2.11. Contact options on our online platforms

2.11.1. Scope of data processing

You can contact us via our online platforms in various ways. For example, you may use a:

• Contact form,
• Mobile rapid hydraulic service request form.

If you wish to contact us through these channels, we require the following data from you:  

• Form of address,
• Last name,
• Email address (if contact by email is desired),
• Telephone number (if contact by telephone is desired),
• Company details (name, address).

2.11.2. Purposes and legal basis of the data processing:

We process your data to respond to your enquiry as effectively as possible. We process your data based on Art. 6(1)(f) GDPR. Our legitimate interest lies in responding to your enquiry directed to us.

2.11.3. Recipients of the data

The data are only processed by the internal contact persons responsible for handling enquiries.

2.11.4. Storage duration

The storage duration depends on the content of your enquiry. In general, the data are deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired. 

2.12. Newsletter

2.12.1. Scope of data processing

You can subscribe to newsletters on our online platforms, including the customer magazine ‘HYDRAULIKPRESSE’. The following data are processed:

• Form of address,
• First name, last name,
• Email address,
• Company name.

2.12.2. Purposes and legal basis of the data processing:

We process your data for the purpose of sending the newsletter to business customers by email. We process your data based on Art. 6(1)(a) GDPR. You have the right to withdraw your consent at any time with effect for the future (Art. 7(3) GDPR).

2.12.3. Recipients of the data

The data are processed by the internal contact persons responsible for sending the newsletter.

For the sending of the newsletter, we are supported by the provider Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin), with whom we have also concluded a data processing agreement pursuant to Art. 28 GDPR.

2.12.4. Storage duration

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired.

2.13. White paper

2.13.1. Scope of data processing

We offer the possibility to download white papers on our online platforms to provide our visitors with current or relevant information. The following data are processed:

• Form of address,
• Last name,
• Email address,
• Company name,
• Telephone number (optional).

2.13.2. Purposes and legal basis of the data processing

We process your data for the purpose of providing downloads to business customers. We process your data based on Art. 6(1)(a) GDPR. You have the right to withdraw your consent at any time with effect for the future (Art. 7(3) GDPR).

2.13.3. Recipients of the data

The data are processed by the internal contact persons responsible for sending the customer magazine.

For the sending of download information, we are supported by the provider Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin), with whom we have also concluded a data processing agreement pursuant to Art. 28 GDPR.

2.13.4. Storage duration

Your data will be deleted as soon as they are no longer necessary for the purpose of their collection and any statutory retention obligations have expired. 

2.14. Data security

To protect your personal data against manipulation, loss, destruction or access by unauthorised persons, ongoing technical and organisational security measures are taken. In particular, we use TLS encryption for the transmission of data via our online platforms You can recognise this by the closed lock symbol in your browser’s status bar and the address line starting with . 

3.1. Scope of data processing

Via the website hansa-flex.de, you can access the HANSA‑FLEX corporate website.

3.2. Purposes and legal basis of data processing

We process your data for the purpose of providing the HANSA‑FLEX corporate website based on Art. 6(1)(f) GDPR.  

3.3. Recipients of the data

For hosting purposes, we are supported by the service provider neusta infrastructure services GmbH (Konsul-Smidt-Straße 24, 28217 Bremen).

For the operation of the corporate website, we are supported by the advertising agency team neusta GmbH (Konsul-Smidt-Straße 24, 28217 Bremen).

The service providers have committed, under a data processing agreement pursuant to Art. 28 GDPR, to comply with appropriate technical and organisational measures for data security and act on our instructions.

3.4. Use of cookies and tracking technologies

For more information on the cookies used on the website, please refer to sections ‎2.2 to ‎2.9. 

5.1. Scope of data processing

On the website shop.hansa-flex.de, we offer the HANSA‑FLEX online shop. The online shop is aimed at commercial customers. You (e.g. as an employee of a commercial customer) can create a personal profile there. The following data are required for registration:  

• First name, last name,
• Professional contact details (address, telephone, fax, email).

In addition, the following data may be processed in the context of an order via the online shop:

• Order information (item and date of the order, delivery times),
• Payment information.

5.2. Purposes and legal basis of data processing

We process your data for the purpose of providing the HANSA‑FLEX online shop and in the context of an order placed through the online shop for a commercial customer, based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the effective and practical cooperation with our business partners and their employees and the processing of orders via an online shop.

5.3. Recipients of the data

For the provision of the online shop, we use the SAP Cloud of the external hosting provider SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 77, 69190 Walldorf. We also use Arvato Systems S4M GmbH, Am Coloneum 3, 50829 Cologne, as a hosting provider. The service providers have committed, under a data processing agreement pursuant to Art. 28 GDPR, to comply with appropriate technical and organisational measures for data security and act on our instructions. We process your data exclusively within the European Union or the European Economic Area.

For the operation of the online shop, we are supported by the advertising agency team neusta GmbH (Konsul-Smidt-Straße 24, 28217 Bremen).

For the purpose of processing credit card payments, we use the financial service provider Unzer GmbH, Schöneberger Str. 21a, 10963 Berlin.

The service providers have committed, under a data processing agreement pursuant to Art. 28 GDPR, to comply with appropriate technical and organisational measures for data security and act on our instructions.

To the extent necessary for the execution of an order, we transfer your data to company branches, group companies, partner companies and representatives, as well as other external service partners we engage to fulfil contractual obligations. These include, in particular, the shipping company commissioned with delivering the ordered goods, the payment institutions and payment service providers responsible for processing payments, as well as the company branches (https://hansa-flex.de/en/branch-finder/), group companies, partner companies and representatives and other external service providers commissioned with carrying out maintenance, repair work and other work and services, as well as support services.

5.4. Storage duration

Your data will be stored by us for as long as necessary for the specific processing purpose. We regularly store your data for at least the duration of your use of our online shop.

Certain data are stored by us beyond this period for the duration of statutory limitation periods (generally three years, in individual cases up to thirty years) and as long as statutory retention periods (e.g. under the German Commercial Code or Tax Code) require (generally a maximum of ten years).

Under certain circumstances, we may need to retain your data for a longer period. This is the case, for example, when a prohibition on data deletion is ordered for the duration of an administrative or judicial proceeding.  

5.5. Use of cookies and tracking technologies

For more information on the cookies used on the website, please refer to sections ‎2.2 to ‎2.9

6.1. Scope of data processing

In the context of our business relationship with you as a business customer, service provider, supplier or employee of our business partners, we process the data we receive from you or your employer.

This primarily includes data we receive when you or one of your colleagues contact our employees. Contact may be made electronically (e.g. via email) or in person (e.g. at trade fairs or through the exchange of business cards).

In this context, we may process the following categories of data:

• First name, last name,
• Professional contact details (position, department, address, telephone, fax, email),
• Data relating to professional circumstances (job title, tasks, activities, qualifications),
• Additionally, we may process further data that you provide during interactions with our employees.

We use your data to communicate with you for business purposes (e.g. via email) and to send you offers, for example. In this context, we store your contact details in our CRM system and, where applicable, in other contact directories (e.g. in Outlook).

6.2. Purposes and legal bases of data processing

Your data are processed by us for the purpose of establishing and performing the contractual relationship with you as a business customer and to comply with legal requirements.  

If you are personally our business partner, the processing is carried out on the basis of Art. 6(1)(b) GDPR for the performance or initiation of a contract.

For the purpose of fulfilling legal obligations, the processing is carried out on the basis of Art. 6(1)(c) GDPR in conjunction with statutory and regulatory requirements (e.g. from tax and commercial law).

6.3. Recipients of your data

On the basis of contracts pursuant to Art. 28 GDPR, personal data may be processed by external service providers (e.g. cloud, support, hosting or analytics service providers). These external service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are regularly monitored by us.

To the extent necessary for the aforementioned purposes, we transfer your data to company branches, group companies, partner companies and representatives, as well as other external service partners we engage to fulfil contractual obligations. These include, in particular, the shipping company commissioned with delivering the ordered goods, the payment institutions and payment service providers responsible for processing payments, as well as the company branches (http://hansa-flex.de/en/branch-finder/), group companies, partner companies and representatives and other external service providers commissioned with carrying out maintenance, repair work and other work and services, as well as support services.

6.4. Transfer of your data to a third country

We strive to process your data within the European Union or the European Economic Area. If we transfer your data to a third country, i.e. outside the European Union or the European Economic Area, this will only be done in accordance with legal requirements.  

Should a transfer of your personal data nevertheless occur, this will only take place if an adequate level of data protection in the third country is ensured by an adequacy decision of the European Commission or if appropriate safeguards (e.g. data protection agreements using the European Commission’s Standard Contractual Clauses) can guarantee an adequate level of protection for your personal data.

With our subsidiaries in non-EU countries for which no adequacy decision exists, we have concluded Standard Contractual Clauses.

6.5. Storage duration

Your data will be stored by us for as long as necessary for the specific processing purpose. We regularly store your data for at least the duration of our business relationship with you or the business customer for whom you work.

Certain data are stored by us beyond this period for the duration of statutory limitation periods (generally three years, in individual cases up to thirty years) and as long as statutory retention periods (e.g. under the German Commercial Code or Tax Code) require (generally a maximum of ten years).

Under certain circumstances, we may need to retain your data for a longer period. This is the case, for example, when a prohibition on data deletion is ordered for the duration of an administrative or judicial proceeding. 

We use platforms and applications from other providers (‘third-party providers’) for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we comply with legal requirements. In this context, data of the communication participants are processed and stored on the servers of the third-party providers to the extent that these are part of communication processes with us. These data may include, in particular, login and contact details, visual and vocal contributions as well as entries in chats and shared screen content. If users are referred to third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimisation or marketing purposes. We therefore ask you to observe the privacy notices of the respective third-party providers.

7.1. Scope of data processing

When you participate in our video conferences, online meetings or webinars, we generally process the following data:  

• Master data (e.g. names, addresses),  
• Meta/communication data (e.g. device information, IP addresses).

In individual cases, the following data may also be processed, for example, if you have provided this information in your user profile or if you share content with us:

• Contact details (e.g. email, phone numbers),  
• Content data (e.g. text entries, photographs, videos),  
• Usage data (e.g. visited websites, interest in content, access times).

7.2. Purposes and legal bases of processing  

We use the applications to conduct video and audio conferences, webinars and other types of video and audio meetings. If we ask users for their consent to the use of third-party providers or certain functions (e.g. consent to the recording of conversations), the legal basis for the processing is consent pursuant to Art. 6(1)(a) GDPR. Furthermore, their use may be part of our (pre)contractual services pursuant to Art. 6(1)(b) GDPR, if the use of third-party providers was agreed in this context. Otherwise, user data are processed on the basis of our legitimate interests in efficient and secure communication with our communication partners pursuant to Art. 6(1)(f) GDPR.  

7.3. Recipients of the data

We currently use Microsoft Teams. In this context, personal data are transferred to the operator of both services – Microsoft Ireland Operations Ltd., The Atrium Building, Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18, Ireland (‘Microsoft’) – and processed on our behalf in accordance with a data processing agreement pursuant to Art. 28 GDPR.  

Microsoft Teams  

• Website: https://products.office.com   
• Privacy policy: https://privacy.microsoft.com/de-de/privacystatement
• Security information: https://www.microsoft.com/de-de/trustcenter 

7.4. Transfer of your data to a third country

We have agreed with the third-party providers that the data will generally be processed within the EU. However, it cannot be technically ruled out that personal data may also be transferred to the USA when using the aforementioned services. To ensure adequate safeguards for data transfers to the USA, EU Standard Contractual Clauses have been concluded. Additionally, Microsoft is certified under the EU-U.S. Data Privacy Framework.

7.5. Storage duration

Your data will be stored by us for as long as necessary for the specific processing purpose. Metadata from calls and conversations are stored for a maximum of 180 days (depending on the date). Chats are stored for 90 days after the end of the chat and then automatically deleted. Logged administrative events are stored for 90 days and then automatically deleted. If the contract with Microsoft is terminated, the data are deleted after 90 days. 

8.1. Scope of data processing

In the application process, we only collect data that you provide to us. To carry out the application process, we require the following data:  

• First name, last name,
• Contact details (address, email address, and phone number),
• Information about your educational background and, where applicable, professional experience,
• Data on your professional qualifications, such as school and educational qualifications, language skills, as well as your place of study or training and certificates,
• If you send us your CV, we process the data contained therein, such as photos of you or, where applicable, the possession of a driving licence,
• Any other data you provide in the context of the application.

We seek the best employees regardless of ethnic origin, gender, religion or belief, disability, age or sexual identity. Please do not provide information regarding:

• Pregnancy,
• Ethnic origin, political opinions, philosophical or religious beliefs, trade union membership or sexual life,
• Information that is unrelated to the job profile of the position you are applying for.

8.2. Purpose and legal basis of data processing

We treat your information confidentially and exclusively for the purpose of applicant selection. We require your personal data to process your application and to contact you regarding your application process. Without this data, we are unfortunately unable to offer you a position. The legal basis for the data processing is Art. 6(1)(b) GDPR and Section 26(1) of the German Federal Data Protection Act (BDSG). To the extent that the data you provide include special categories of data (e.g. ethnic origin, trade union membership, data concerning health) and these data are necessary for us to comply with our labour or social law obligations, the legal basis is Art. 9(2)(b) GDPR.

8.3. Recipients of the data

Internally, only those individuals who need your data for the stated purposes have access to it. This primarily includes the responsible partners, HR staff and all individuals necessarily involved in the applicant selection process.

For the management of applications, we are supported by the provider Haufe Service Center GmbH (Munziger Straße 9, 79111 Freiburg).

For the processing of applications via digital channels, we are supported by the provider PitchYou GmbH (Campusallee 9, 51379 Leverkusen).

The service providers have committed, under a data processing agreement pursuant to Art. 28 GDPR, to comply with appropriate technical and organisational measures for data security and act on our instructions.

8.4. Transfer of your data to third countries

We do not transfer your personal data to countries outside the European Union or the European Economic Area (currently EU states plus Iceland, Liechtenstein, Norway) in the context of the application process.

8.5. Storage duration

If an employment relationship is established with you, we will continue to process your data for the purposes of the employment relationship in accordance with a separate data protection notice, which you will then receive from us.

You may consent to your personal data being included in an applicant pool. We process your data based on Art. 6(1)(a) GDPR.  You have the right to withdraw your consent at any time with effect for the future (Art. 7(3) GDPR). We periodically request renewed consent.

If no employment relationship is established with you, we generally store your data for a period of six months from the date you receive the rejection. Your application documents are then deleted. 

We operate various social media profiles to continuously improve our public presence and to provide information on the respective social media platforms. Below you will find information about the data processing by us on the individual social media platforms.

9.1. Scope of data processing  

You can interact with our profile on the respective social media platform, for example, by following us, sharing posts and commenting on or rating them (e.g. with a ‘like’). In this case, we receive a notification that you have visited or interacted with our account. We can then see your profile name, your interaction and – if available – your profile picture. If you contact us via direct message or send a message, we can see your user profile and your message.

Additionally, the respective social media platforms generally offer analytics tools that we use to improve our online presence and increase our reach. Using the analytics tools provided by the respective social media platform, we can see how many users have viewed or interacted with our posts. The analytics evaluations do not allow any conclusions to be drawn about your identity.  

9.2. Purpose and legal basis of data processing

We process the data to improve our online presence, to interact with you at your initiative and to read and respond to your enquiries or notifications.

We process your data on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our legitimate interest lies in improving our online presence and for marketing purposes.

9.3. Recipients of the data

Your data are accessed by our employees who manage our social media accounts. Additionally, the respective providers of the social media platforms process your data in accordance with their own privacy policies. Specifically, these are the following social media providers: 

Platform: Facebook
Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Privacy notices: https://www.facebook.com/privacy

Platform: Instagram
Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Privacy notices: https://privacycenter.instagram.com/

Platform: LinkedIn
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy notices: https://www.linkedin.com/legal/privacy-policy

Platform: Xing
Provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy notices: https://privacy.xing.com/en/privacy-policy

Platform: YouTube
Provider: Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland
Privacy notices: https://policies.google.com/privacy

The respective platform operators are themselves responsible for the processing of your personal data on their platforms. As a user of the respective platform, you have accepted the corresponding terms of use. As a commercial customer of the respective platform, we have entered into data protection agreements with the respective platform operators. With Meta and LinkedIn, we have concluded agreements on the joint processing of personal data pursuant to Art. 26 GDPR regarding the use of analytics functions. The contents of the agreements can be found here:

• Meta: https://www.facebook.com/legal/controller_addendum
• LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum 

To the extent that the respective platform operators transfer personal data to non-EU third countries, they use the EU Standard Contractual Clauses for this purpose.

9.4. Storage duration

Your data will be stored by us for as long as necessary for the specific processing purpose. Certain data are stored by us beyond this period for the duration of statutory limitation periods (generally three years, in individual cases up to thirty years) and as long as statutory retention periods (e.g. under the German Commercial Code or Tax Code) require (generally a maximum of ten years).