Privacy policy

§ 1 Information about the collection of personal data
(1) In the following, we inform you about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In this way, we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular from the EU General Data Protection Regulation (GDPR).
(2) The responsible party pursuant to Art. 4 Para. 7 DS-GVO is.
HENGE Services GmbH
Interpark 23
D-76877 Offenbach/Palatinate, Germany
Telephone: +49 (0) 63 48 / 98 38-0
E-mail: datenschutz@hengegroup.com
(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context, if the inquiry is assigned to a contract, after the time limits for the term of the contract, otherwise after the storage is no longer necessary, or restrict the processing if there are legal obligations to retain data.
(4) If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail about the respective processes below. In doing so, we also state the specified criteria for the storage period.

§ 2 Your rights
(1) You have the following rights vis-à-vis a data controller with regard to personal data concerning you:
– Right to information,
– Right to rectification or deletion,
– Right to restriction of processing,
– Right to object to processing,
– Right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

§ 3 Processing of personal data when visiting our website
When using the website for information purposes, i.e. simply viewing it without registering and without you providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO:
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (page visited)
– Access status/HTTP status code
– amount of data transferred in each case
– previously visited page
– browser
– operating system
– language and version of the browser software.

§ 4 Web tracking using Google Analytics
(1) This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of our use of the tool is to enable the analysis of your user interactions on websites and in apps and to use the statistics and reports obtained to improve our offer and make it more interesting for you as a user.
(2) We collect the interactions between you as a user of the website and our website primarily with the help of cookies, device/browser data, IP addresses and website or app activities. Google Analytics also collects your IP addresses in order to ensure the security of the service and to provide us, as the website operator, with information about the country, region or location from which the respective user originates (so-called “IP location determination”). For your protection, however, we naturally use the anonymization function (“IP masking”), i.e. that Google truncates the IP addresses by the last octet within the EU/EEA.
(3) Google acts as an order processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. For these cases, Google has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws in the international transfer of data. We have also agreed to so-called standard contractual clauses with Google, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
(4) The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your given consent (Art. 6 para. 1 p. 1 lit. a DS-GVO). The revocation of your consent is possible at any time without affecting the permissibility of the processing until the revocation. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to revoke your consent is via our Consent Manager or by installing the Google browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=en/.
(5) For more information on the scope of services provided by Google Analytics, please visit marketingplatform.google.com/about/analytics/terms/en/. Google provides information on data processing when using Google Analytics at the following link: support.google.com/analytics/answer/6004245?hl=en/. General information on data processing, which Google claims should also apply to Google Analytics, can be found in Google’s privacy policy at www.google.de/intl/de/policies/privacy/.

§ 5 Use of the Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
(1) The Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
(2) The use of the Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. Insofar as a corresponding consent was requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

§ 6 Use of Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
(1) The purpose of reCAPTCHA is to verify whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
(2) The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.
(3) The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.
(4) For more information on Google reCAPTCHA and Google’s privacy policy, please refer to the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

§ 7 Google Maps
On our website, we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive (land) maps to visually display geographical information. By using this service, our location is displayed to you and a possible approach is facilitated.
(1) Already when calling up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there, this may also result in a transmission to the servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of Google’s legitimate interest in the insertion of personalized advertising, market research and / or the design of Google websites to meet the needs. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
(2) If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely disabling the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.
(3) The terms of use of Google can be viewed at https://www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html.
(4) Detailed information on data protection in connection with the use of Google Maps can be found on the Google website (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy/

§ 8 Use of the Facebook Pixel
We use the “Custom Audiences” remarketing function of Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland “Facebook”) on our website.
(1) Facebook Ireland and we are jointly responsible for the collection of your data and transmission of this data to Facebook when the service is integrated. This is based on an agreement between us and Facebook Ireland on the joint processing of personal data, which defines the respective responsibilities. The agreement can be accessed at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible in particular for fulfilling the information obligations pursuant to Articles 13, 14 of the GDPR, for complying with the security requirements of Article 32 of the GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations pursuant to Articles 33, 34 of the GDPR to the extent that a personal data breach affects our obligations under the joint processing agreement. Facebook Ireland has the responsibility to enable data subject rights under Art. 15 – 20 GDPR, to comply with the security requirements of Art. 32 GDPR with respect to the security of the Service, and to comply with the obligations under Art. 33, 34 GDPR to the extent that a personal data breach affects Facebook Ireland’s obligations under the Joint Processing Agreement.
(2) The application serves the purpose of targeting the visitors of the website with interest-based advertising on the social network Facebook. For this purpose, the remarketing tag of Facebook has been implemented on the website. Via this tag, a direct connection to the Facebook servers is established when the website is visited. This transmits to the Facebook server which of our pages you have visited. Facebook assigns this information to your personal Facebook user account. When you visit the Facebook social network, you will then be shown personalized, interest-related Facebook ads.
(3) Your data may be transferred to the USA. There is no EU Commission adequacy decision for the USA. The data transfer takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, viewable at: https://www.facebook.com/legal/EU_data_transfer_addendum.
(4) The use of cookies or comparable technologies takes place on the basis of § 15 para. 3 p. 1 TMG. The processing of your personal data is based on Art. 6 para. 1 lit. f DSGVO from our overriding legitimate interest to target the site visitors with interest-based advertising. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation. You can deactivate the “Custom Audiences” remarketing function here.
(5) For more information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy, please refer to Facebook’s privacy policy at https://www.facebook.com/about/privacy/.

§ 9 Use of Facebook Conversion API
We use the Facebook Conversion API on our website, a server-side event tracking tool.
(1) Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (information about the geographical position of a device or person). Extended data processing: email address, phone number, gender, date of birth, first and last name, address, user IDs.
(2) This is a data interface through which we transmit data about your behavior on our website to Facebook for evaluation. This allows us to show you advertisements that match your user behavior on our website.
(3) We do not share your data with third parties. In the area of the Facebook conversion API, however, we work together with Facebook, which compiles user statistics together with us. In the process, data is also processed in the USA. We use the standard contractual clauses approved by the EU Commission as the basis for this data processing.
Facebook Ireland Ltd.
4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
(4) Details/information on data protection
(5) You can revoke your consent for data processing by Conversion API for our web domain at any time with future effect by adjusting your preferences in our cookie settings. To do so, simply deselect the cookie in the “Marketing” section.

§ 10 LinkedIn Insight tags
Furthermore, we use the conversion tracking technology of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”) on our website.
(1) When you visit our website and insofar as you have given us your consent to do so, LinkedIn’s conversion tracking technology can be used to show you more relevant advertising based on your interests. Furthermore, we receive from LinkedIn aggregated and for us anonymous reports of ad activity and information about how you interact with our website. For this purpose, LinkedIn uses a Javascript code (Insight tag), which in turn places a cookie in your web browser or uses a pixel. Via the LinkedIn Insight tag, data about the use of our website is collected, including URL, referrer URL, IP address, device and browser properties, timestamps and page views.
(2) LinkedIn does not share any personally identifiable information with us, but only provides aggregate reports about website audience and ad performance. In connection with the use of LinkedIn Conversion Tracking, the information collected is also processed on servers of LinkedIn Inc. in the USA.
(3) Further information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy#choices.

§ 11 Use of Microsoft Clarity
We use Microsoft Clarity. “Microsoft Clarity” refers to a procedure from Microsoft in which user analysis is possible on the basis of a pseudonymous user ID and thus on the basis of pseudonymous data, such as the evaluation of data on mouse movements or performance data on certain Internet presentations.
(1) In particular, we process usage data (e.g. Internet presentations visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (information on the geographical position of a device or a person), movement data (mouse movements, scrolling movements) in pseudonymous form. We have made the appropriate settings so that the data collection to and by Microsoft alone is pseudonymized, in particular in the form of IP masking (pseudonymization of the IP address).
(2) All users of our website who have consented to the corresponding use via our cookie consent service are affected by this data processing. The data processing is thus carried out solely on the basis of your consent pursuant to Art. 6 (1) a) DSGVO.
(3) The purpose of the processing is tracking (e.g. interest/behavior-based profiling, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creation of user profiles), reach measurement (e.g. access statistics, recognition of returning users), cross-device tracking (cross-device processing of user data for marketing purposes).
You will be informed of your rights to object in accordance with this privacy policy.
Microsoft Clarity: online marketing and web analysis; offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; Internet presentation: https://clarity.microsoft.com; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement; Opt-out: https://choice.microsoft.com/de-DE/opt-out.

§ 12 Use of Typeform
On this website the service Typeform is used. Typeform is operated by TYPEFORM SL, C/Bac de Roda, 163, 08018 Barcelona, Spain. Typeform is a service that we use to display online surveys on our website.
(1) In this context, the following data are collected and processed:
IP address
E-mail address
Duration of visit
Date and time of the visit
If applicable, further data collected within the scope of the survey.
(2) The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a DSGVO. If you do not want the aforementioned data to be collected and processed via Typeform, you can refuse your consent or revoke it at any time with effect for the future.
(3) The personal data will be kept for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose.
(4) Within the scope of processing via Typeform, data may be transferred to the USA. The security of the transfer is regularly secured via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a security level that complies with the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance within the framework of the Usercentrics consent management system pursuant to Art. 49 (1) lit. a DSGVO.

§ 13 Cloudflare
We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f DSGVO). A CDN is a network of [globally] distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files by Cloudflare. Please compare the explanations under “Hosting”.
(1) Cloudflare is a recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f DSGVO not to operate a content delivery network ourselves.
(2) You have the right to object to the processing. Whether the objection is successful is to be determined within the framework of a balancing of interests.
(3) The processing of the data specified under this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.
(4) Your personal data will be stored by Cloudflare for as long as necessary for the purposes described.
For more information on objection and removal options vis-à-vis Cloudflare, please see: Cloudflare DPA
(5) Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf

§ 14 Right of withdrawal
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you wish to exercise your right of revocation or objection, you can contact us at any time via the contact details provided above under “Responsible party” and otherwise on our website or via the following e-mail address: datenschutz@hengegroup.com.