Data Protection

Data Protection Declaration

Name and address of the data controller
The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Herget GmbH & Co.KG
Authorised Representative/Managing Director: Dipl.-Ing. Georg Herget
Wachtküppelstr. 2
36124 Eichenzell
Phone number: 06659/973-0
Fax number: 06659/973-40
Email: info@herget-online.de

I. General information on data processing

1. Scope of the personal data processing

We generally only collect and use the personal data of our users if this is required for the provision of a functional website as well as of our content and services. The personal data of our users are collected and used regularly only if the user agrees. An exception applies in cases in which a prior consent cannot be obtained for factual reasons and if the processing of the data is permitted according to the legal provisions.

2. Legal basis for the processing of personal data

Insofar as we obtain the data subject's consent for the processing of personal data, the art. 6, para. 1, lit. of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the personal data processing.
During the personal data processing required for the performance of a contract to which the data subject is a party, the art. 6, para. 1, lit. b of the GDPR serves as the legal basis. This principle also applies to processing operations required to carry out pre-contractual measures.
Insofar as the processing of personal data is required for the fulfilment of a legal duty to which our company is subject, the art. 6, para. 1, lit. c of the GDPR serves as the legal basis.
If vital interests of the data subject or another natural person require the processing of personal data, the art. 6, para. 1, lit. d of the GDPR serves as the legal basis.
If the processing is required to safeguard the legitimate interests of our company or of a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, the art. 6, para. 1, lit. f of the GDPR serves as the legal basis for processing.

3. Deletion of data and storage duration

The personal data of the involved person will be deleted or blocked as soon as the purpose of the storage is omitted. In addition, a storage can take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations the responsible person is subject to. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further data storage to conclude or perform a contract.

II. External Hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This information is primarily IP addresses, contact requests, meta and communication data, contract data, contact details, names, instances of website access, and other data generated via a website.
The hosting provider is used to fulfil the contract with our potential and existing customers (Article 6 Para. 1, lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online service by a professional provider (Article 6, Para. 1, lit. f of the GDPR).
Our hoster will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

In order to ensure data protection-compliant processing, we have concluded a contract on commissioned processing with our hoster.

III. Provision of the website and creation of log files

1. Description and scope of the data processing

Each time our website is accessed, our system will automatically collect data and information from the computer system of the accessing computer.
In this context, the following data will be collected:

  1. The information about the browser type and used version
  2. the operating system of the user
  3. the internet service provider of the user
  4. The IP address of the user
  5. Date and time of the access
  6. Websites from which the system of the user can reach our website
  7. Websites which are accessed by the system of the user through our website

The data will also be stored in the log files of our system. A storage of these data together with the other personal data of the user will not be carried out.

2. Legal basis for the data processing

The legal basis for the temporary storage of data and the log files is art. 6, para. 1, lit. f GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is required to enable the website to be delivered to the computer of the user. For this purpose, the IP address of the user must remain stored for the season duration.

The log files are saved in order to ensure the functionality of the website. In addition, we use the data to optimise the website and ensure the security of our information technology systems. An evaluation of the data for marketing purposes will not be carried out in this context.

Our legitimate interest in data processing according to art. 6, para. 1, lit. f of the GDPR also consists of these purposes.

4. Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which they were collected. In case of the collection of data to make the website available this is the case if the respective season has been concluded.
If the data is stored in log files, this is the case after three months at the latest. A storage going beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that it is no longer possible to assign them to the calling client.

5.    Opposition and removal options

The collection of the data to make the website available and the storage of the data in log files is absolutely necessary for the website operation. As a consequence, there user has no opposition option.

IV.    Use of cookies

a) Description and scope of the data processing
Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the computer system of the user. If a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string enabling the browser to be clearly identified as soon as the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can also be identified after a page change.

In the cookies, the following data are stored and transmitted:

  1. c4s_session - information about the browser type and version used, the user's operating system, and the date as well as the time of access
  2. c4s_frontend_auth_token (only after the login) - no personal data

b) Legal basis for the data processing
The legal basis for the processing of personal data using cookies is art. 6, para. 1, lit. f) of the GDPR.

c) Purpose of the data processing
The purpose of using technically necessary cookies consists of the simplification of the use of websites for the users. Some functions of our website cannot be offered without using cookies. For the cookies, it is necessary that the browser is also recognised after a page change.
We need cookies for the following applications:

  1. c4s_session - User-specific assignment of browser requests
  2. c4s_frontend_auth_token - Verification of a logged in user

The user data collected through technically necessary cookies are not used for the creation of user profiles.
Our legitimate interest in the processing of personal data according to art. 6, para. 1, lit. f of the GDPR also consists of these purposes.

d) Duration of storage, objection, and removal option
The cookies are stored on the user's computer and transmitted from there to our website. For this reason, as a user you have the full control over the use of cookies. By a modification of the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies which have already been saved can be deleted at any time. This can also be carried out automatically. If the cookies are deactivated for our website, it could not be possible to make use of all functions of the website to their full extent.

V. Registration/Premium Login

1. Description and scope of the data processing

On our website, we offer users the opportunity to register, during which you will be asked to provide personal information. Data is entered into an input screen, transmitted to us, and then stored. This data shall not be passed on to third parties. The following data is collected during the registration process:

Company, surname, first name, street, postal code, city, country, phone number, fax number, internet, e-mail, information about activity (architect/planner, reseller), password

The following data will be stored upon registration:

  1. Date and time of registration

The user's consent to processing this data is obtained during the registration process.

2. Legal basis for the data processing

The legal basis for the data processing is art. 6, para. 1, lit. a of the GDPR, if there is the agreement by the user.

3. Purpose of the data processing

User registration is required for the provision of certain content and services on our website.

4. Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which they were collected.
This is the case for the data collected during the registration process when the registration on our website is cancelled or modified.

5. Opposition and removal options

As a user, you have the option of cancelling your registration at any time. You may at any time change the data we have stored about you.

VI. Email Contact

1. Description and scope of the data processing

Email addresses are provided on our website and our signatures, which can be used to contact us. In this case, the personal data of the user transmitted by e-mail will be stored.

In this context, there is no data transfer to third parties. This data will be used exclusively to respond to your enquiry.

2.    Legal basis for the data processing

The legal basis for the data processing is art. 6, para. 1, lit. f of the GDPR, if the data are sent by e-mail. If the establishment of an email contact aims at concluding a contract, then additional legal basis for the processing will be the art. 6, para. 1, lit. b of the GDPR.

3.    Purpose of the data processing

We only process personal data for the purpose of facilitating contact with you. This also constitutes the legitimate interest in processing the data.

4.    Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which they were collected. For any personal data that were sent by email, this is the case when the respective conversation with the user has been completed. The conversation is concluded when you can infer from the circumstances that the matter in question has been finally clarified.

5.    Opposition and removal options

A user who has contacted us by email can object at any time to the storage of their personal data. In such a case, the conversation cannot be continued.

In this case, all personal data saved during the contact will be deleted.

VII. Contact form

1. Description and scope of the data processing

On our website is a contact form available, which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be submitted to us and then saved. These data are the following:

General contact form: Company, title, first name, surname, street, city, postal code, phone number, e-mail, message

Reseller determination: first name, surname, e-mail, postal code

The following data are also stored at the time the message is sent:

  1. Date and time of the contact request

For the data processing, your consent is obtained as part of the submission process and reference is made to this data protection declaration.

In this context, there is no data transfer to third parties. This data will be used exclusively to respond to your enquiry.

2. Legal basis for the data processing

The legal basis for the data processing is art. 6, para. 1, lit. a of the GDPR, if there is the agreement by the user. If the purpose of the contact is to conclude a contract, then an additional legal basis for the processing is Art. 6 1 lit. b GDPR.

3. Purpose of the data processing

The processing of personal data from the input mask serves us only for the contact processing.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Storage duration

The data will be deleted as soon as it is no longer required to achieve the purpose for which they were collected. For personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation is concluded when you can infer from the circumstances that the matter in question has been finally clarified.

5. Opposition and removal options

The user can revoke his consent to the personal data processing at any time. In such a case, the conversation cannot be continued.

In this case, all personal data saved during the contact will be deleted.

VIII. Right of the data subject

If personal data are processed by you, you are the person concerned in the sense of the GDPR having the following rights towards the responsible person:

1. Right to information

You can ask the responsible person for confirmation of whether we process personal data relating to you.
If there is such a processing, you can request the following information from the responsible person:

  1. the purposes for which the personal data is being processed;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom the personal data relating to you either has been or continues to be disclosed;
  4. the intended period for which the personal data relating to you will be stored or, where specific information pertaining to this is not available, criteria for determining the storage duration;
  5. the existence of a right to rectification or deletion of personal data relating to you, a right to limitation of processing by the data controller, or a right to object to such processing;
  6. the existence of a right to appeal to a supervisory authority;
  7. all available information on the origin of the data, if the personal data is not being collected from the point of access of the data subject;
  8. the existence of automated decision-making, including profiling, in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You are entitled to request information as to whether the personal data related to you will be transmitted to a third country or to an international organisation. In this context, you can request the adequate guarantees according to the art. 46 of the GDPR to be informed in connection with the transmission.

2. Right to rectification

You are entitled to correct and/or complete the data of the responsible person if the processed personal data related to you are incorrect or incomplete. The responsible person must make the correction immediately.

3. Right to restriction of processing

Under the following conditions you are entitled to request the restriction of the processing of your personal data:

  1. Should you dispute the accuracy of the personal data concerning you for a period of time which allows the data controller to verify the accuracy of the personal data;
  2. the processing is unlawful, and you reject the deletion of the personal data and instead request the restriction of the use of your personal data;
  3. the data controller no longer requires the personal data for processing purposes, but they require it to assert, exercise, or defend legal claims, or
  4. you have objected to processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller to process your data outweigh your reasons.

If the processing of your personal data has been restricted, these data - apart from its storage - may only be obtained with your consent or for the assertion, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.

If the processing restriction was carried out according to the conditions mentioned above, you will be informed by the responsible person before the annulment of the restriction.

4. Right to deletion

a) Obligation to erase
You can request the data controller to delete your personal data immediately, and the latter is obliged to delete them immediately if one of the following reasons applies:

  1. the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent, upon which the processing is based in accordance with art. 6 para. 1 lit. a or art. 9 para. 2 lit. a GDPR and there is no other legal basis for its continued processing;
  3. You object in accordance with art. 21 para. 1 GDPR, and there are no overriding legitimate reasons for its continued processing, or you submit an objection to its processing in accordance with Art. 21 Para. 2 GDPR.
  4. Your personal data has been unlawfully processed.
  5. Your personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the data controller is subject.
  6. The personal data concerning you has been collected in relation to services offered by information society services pursuant to Art. 8 para. 1 GDPR.

b) Transfer of personal data to third parties
If the responsible person has published your personal data and if the responsible person is obliged to delete them according to art. 17, para. 1 of the GDPR, then by taking into account the available technology and the implementation costs, appropriate measures, including technical ones, will be implemented to inform those responsible for data processing who process the personal data that you as data subject have requested the deletion of all links to this personal data or copies or replications of the same.

c) Exceptions

The right to deletion does not exist if the processing is required

  1. to exercise the right to freedom of expression and information;
  2. to fulfil a legal obligation which requires the processing in accordance with the law of the Union and Member States to which the data controller is subject, or to perform a task which falls within the public interest or occurs in the exercise of public authority which was transferred to the data controller;
  3. for reasons of public interest in the field of public health in accordance with Art. 9 Para. 2 lit. h and i, as well as Art. 9 Para. 3 GDPR;
  4. for the purposes of archiving, the purposes of scientific or historical research, or statistical purposes which fall within the public interest in accordance with Art. 89 Para. 1 GDPR, to the extent that the right referred to in Section a) is likely to render impossible or seriously inhibit the achievement of the purposes of such processing; or
  5. to assert, exercise or defend legal claims.

5. Right to be informed

If you have asserted the right to correction, deletion, or restriction of processing towards the responsible person, the latter is obliged to inform all recipients to whom the personal data related to you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or requires a disproportionate effort.

Towards the responsible person you have the right to be informed about these recipients.

6. Right to data portability

You are entitled to receive the personal data provided by you to the responsible person in a structured, common, and machine-readable format. In addition, you are entitled to transfer these data to another responsible person without hindrance from this latter to whom the personal data has been transmitted, provided that

  1. the processing is based on your consent in accordance with art. 6 para. 1 lit. (a) GDPR or Art. 9 Para. 2 lit. (a) GDPR or on the basis of a contract in accordance with art. 6 para. 1 lit. b GDPR and
  2. the processing is carried out by using automated procedures.

In exercising this right, you have the additional right to obtain the personal data to be transferred directly from one responsible person to another, if this is technically feasible. Other people’s freedoms and rights must not be affected by this.

The right to data portability does not apply to the personal data processing required for the performance of a task that is in the public interest or in the exercise of official authority transferred to the responsible person.

7. Right to objection

For reasons arising from your particular situation, you have the right, at any time, to object against the Processing of personal data related to you, which was carried out pursuant to Art. 6 para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

The responsible person does not process your personal data anymore, unless the person can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is carried out for the purposes of asserting, exercising or defending legal claims.

If personal data is processed in order to operate Direct mail activities, you have the right to object at any time against the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct mail activities.

If you oppose to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of the Directive 2002/58/EC, you have the opportunity of exercising your opposition right in connection with the use of services of the information society by using automated procedures that use technical specifications.

8. Right to withdrawal of the data protection declaration of consent

You have the right to revoke your declaration of consent under the data protection law at any time. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation. You can send the revocation either by post, e-mail or fax to the contractual partner.

9. Automated decision in individual cases including profiling

You are entitled not to be subjected to a decision based solely on automated processing - including profiling - which has a legal effect on you or limits you significantly in a similar way. This principle does not apply if the decision

  1. is necessary for either the conclusion or performance of a contract between the you and a data controller;
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

However, these decisions may not be based on special categories of personal data according to art. 9, para. 1 of the GDPR, unless the art. 9, para. 2, lit. a or g is applied and appropriate measures have been taken for the protection of your rights and freedoms and your legitimate interests.

For what concerns the cases mentioned under (1) and (3), the responsible person takes adequate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the responsible person, to express your own position and to oppose to the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you are entitled to complain to a supervisory authority, in particular to that in the Member State of your residence, place of work or place of alleged infringement, if you think that the processing of personal data related to you violates the GDPR.
The supervisory authority the complaint was lodged to has to inform the complainant of the status and results of the complaint, including the option of a judicial remedy according to art. 78 of the GDPR.

IX. SSL encryption

For security reasons and for the protection of the transmission of confidential contents, such as the requests you send us as the site operator, this site uses SSL encryption. You can recognize an encrypted connection by the fact that the browser address line changes from "http://" to "https://" and by the lock symbol in your browser line.

With the SSL encryption activated, the data transmitted by you cannot be read by third parties.

X. Google Maps

This site uses the Google Maps map service through an API. The provider is Google Ireland Limited (hereinafter referred to as "Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there.
The provider of the present page has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing presentation of our website and facilitates the location of the places we specify on the website. This constitutes a legitimate interest in accordance with Article 6, Para. 1 lit. f GDPR. If a corresponding consent has been requested, processing takes place exclusively on the basis of article 6 para. 1 lit. a GDPR; consent may be revoked at any time.
For information on the handling of user data, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=de.

XI. Google Web Fonts

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service in order to provide fonts for our online offer. In order to obtain these fonts, connect to the servers of Google Ireland Limited and your IP address will be transmitted.

The use of Google Fonts is based on our legitimate interests, i.e. on our interest in a secure and efficient provision as well as in the optimisation of our online services in accordance with art. 6 para. 1, lit. f of the GDPR.

The specific storage duration of the processed data cannot be influenced by us because it is determined by the company Google Ireland Limited. Further information can be found in the data protection declaration for Google Fonts: https://policies.google.com/privacy .