Assistance and contact

Your direct line to us

Do you have any questions about our services and products? Or do you need help?

Immediate service
+49 800 77 12345

Mon - Fri

8:00 - 18:00

Sat

8:00 - 13:00

Sundays and public holidays are excluded

Or perhaps not quite so direct?

Get in touch with us
Contact options
Help and support directly on site
Locate your nearest branch

Esc

Esc

Data protection

Privacy Policy

Thank you for your interest in the products and services offered by HANSA FLEX AG (“HANSA FLEX”). The protection of your personal data (“data”) is very important to us. With this Privacy Policy, we inform you about the processing of your data in connection with our online services and other business and communication processes with us.

Data controller as defined by the General Data Protection Regulation (GDPR)

We are controller for the data processing described in this Privacy Policy:

HANSA‑FLEX AG
Zum Panrepel 44
28307 Bremen
Germany

Phone: +49 421 48 90 70
Fax: +49 421 48 90 748

E-Mail: info@hansa-flex.com
Internet: http://www.hansa-flex.com

Data Protection Officer of HANSA FLEX AG:

Max Danne
HANSA FLEX AG
Zum Panrepel 44
28307 Bremen

Phone: +49 421 48 90 7 221
Fax: +49 421 48 90 7 930

E-Mail: datenschutz@hansa-flex.com

1.0.  Your rights

If we process your personal data, you have the following rights:

1.1.  Right of access 
You have the right to request and obtain information free of charge as to whether data concerning you is being processed and, if this is the case, what data we are processing about you (Art. 15 GDPR). You can make this request again within a reasonable period of time. You also have the right to obtain a copy of your data undergoing processing.

1.2.  Right to rectification 
You can also obtain the rectification of inaccurate data concerning you in accordance with Art. 16 GDPR. You also have the right to have incomplete data concerning you completed, taking into account the purposes of the processing.

1.3.  Right to erasre 
Under the conditions of Art. 17 GDPR, you can request the erasure of your data.

1.4  Right to restriction of processing 
You have the right to obtain restriction of processing of your data if the requirements of Art. 18 GDPR are met. This is the case, for example, if the processing of your data is no longer necessary for our purposes, but you need it for the establishment, exercise or defence of legal claims. If the processing of your data is restricted, this data – with the exception of storage – shall only be processed by us with your consent or in the special cases specified in Art. 18 para. 2 GDPR.

1.5  Right to data portability 
Under the conditions of Art. 20 GDPR, you may request that you receive your data in a structured, commonly used and machine-readable format. In this case, you can also request that we transmit this data to another controller.

1.6  Right to withdraw 
If we process your data on the basis of your consent, you have the right to withdraw your consent at any time with effect for the future (Art. 7 para. 3 GDPR).

1.7  Right to object 
You have the option to object to data processing for direct marketing purposes at any time. In addition, you can object at any time to data processing that is carried out on the basis of a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, Art. 21 GDPR on grounds relating to your particular situation.

1.8  Exercise of your rights as a data subject 
To exercise your rights as a data subject, please contact our Data Protection Officer by e-mail or letter (contact details below).

1.9  Contact channels 
You can exercise your rights via the following contact channels:
HANSA FLEX AG
Zum Panrepel 44
28307 Bremen
Germany

Phone: +49 421 48 90 70
Fax: +49 421 48 90 748

E-mail: datenschutz@hansa-flex.com

1.10.  Right to lodge a complaint with a data protection supervisory authority 
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement (Art. 77 GDPR).

1.11.  Other notes 
The provision of personal data is in no case required by law or contract or necessary for the conclusion of a contract. Furthermore, we do not use automated decision-making (including profiling).

2. Data processing on our Online Worlds

In this section, we inform you about the processing of your data when you visit our Online Worlds. This information applies in particular to our websites (Corporate Website, Customer Portal and Online Shop)

2.1.     Operation of all Online Worlds

2.1.1.  Scope of data processing
When you access our Online Worlds, the following data is transmitted to our web server and stored in a log file:

Information about the browser type and version used,
The user’s operating system,
The user’s internet service provider,
The IP address of the user,
Date and time of access,
Websites from which the user’s system accesses our website (referrer URL),
Websites that are accessed by the user’s system via our website

2.1.2.  Purposes of data processing 
The processing of this data is necessary in order to display the content of the Online Worlds on your device in the best possible way. We also process this data to defend against, investigate and clarify attacks on our IT and to prevent and detect criminal offences.

2.1.3.  Legal basis for data processing 
This data is processed in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in being able to display the Online Worlds to you in the best possible way, to be able to track attacks on our IT and to prevent and detect criminal offences.

2.1.4.  Recipient of the data 
Our web hosting service provider processes the aforementioned data on our behalf strictly in accordance with our instructions on the basis of an data processing contract (Art. 28 GDPR).

2.1.5.  Storage period 
The log data is stored for a period of 30 days and then deleted, unless it needs to be retained for longer in exceptional cases to track an identified attack or for other reasons.

2.2.  Use of cookies and tracking technologies 
When you visit our online worlds, so-called cookies are set by us. These are small text files that are stored on your end device. Cookies usually contain a characteristic string of signs, the so-called cookie ID, with which your browser can be identified when you visit our website again.
Cookies save you from having to enter data multiple times, facilitate the transmission of specific content and help us to identify particularly popular areas of our website. They enable us to constantly improve the structure and content of our website.

2.2.1.  Purposes and legal basis 
“Functional” cookies: Insofar as the cookies used on our Online Worlds are necessary to enable the operation of the Online Worlds or to ensure IT security, the legal basis for the use of cookies is § 25 para. 2 No. 2 of the Telecommunications-Telemedia Data Protection Act (TTDSG). The legal basis for the further processing of this data is Art. 6 para. 1 lit. f GDPR.
“Measurement” cookies: Insofar as the cookies used on our Online Worlds are for statistical purposes (e.g. evaluation of visitor behaviour, range measurement), the legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG.
“Marketing” cookies: Insofar as the cookies used on our Online Worlds are used for marketing purposes (tracking cookies), the legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG.
You can obtain specific information about the cookies used on our respective Online Worlds via the cookie banners that are displayed when you first visit the site. You can also give your consent to the use of certain cookies via the cookie banner.

2.2.2.  Deactivation of cookies
You have full control over the use of cookies and can delete cookies in your browser, completely deactivate the storage of cookies, selectively accept certain cookies and, if necessary, set your browser so that you are notified if a cookie is to be set. Please use the help functions of your browser to find out how you can change these settings. This may limit the functionality of our Online Worlds.

2.3.     Consent Manager

2.3.1.  Description and scope of data processing 
On our Online Worlds, we use the cookie consent technology of “Consent Manager”, a service of consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden. We have concluded a data processing agreement with consentmanager AB in accordance with Art. 28 GDPR.
With the help of the Consent Manager, we document whether you have consented to the setting of certain cookies in the cookie banner or revoked your consent or objected to data processing. The following data is stored:

Your IP address in anonymised form (the last three digits are set to ‘0’),
Date and time of your consent,
User agent of your browser,
URL from which your consent was sent,
an anonymous, random and encrypted key,
Your consent status, which serves as proof of consent.

You can find details about the Consent Manager here: www.consentmanager.net/privacy/

2.3.2.  Purposes and legal bases of data processing 
The Consent Manager is used to fulfil data protection requirements for the setting and documentation of cookies. We use the Consent Manager to be able to demonstrate compliance with legal obligations, Article 6 para. 1 lit. c GDPR.

2.3.3.  Storage period and control options
The cookie is active for 12 months. Beyond this period, the data collected will be deleted if you ask us to do so or delete the Consent Manager cookie yourself or if the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.

2.4.     Google Analytics 

2.4.1.  Description and scope of data processing 
On our Online Worlds, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Cookies are used for this purpose. Once you have given your consent by clicking on the consent button on our cookie banner, the advertising analysis process by Google Analytics begins.
In addition to your IP address, the usage data collected includes in particular the specific selection of links, the time spent on individual pages, the order in which the respective Online World is used and the frequency of page views. Further information can be found in Google’s privacy policy: policies.google.com/privacy;

2.4.2.  Purposes and legal bases of data processing 
Google Analytics collects information in order to compile usage statistics for our Online Worlds. Google Analytics is only used after you have given your consent by clicking on the consent button in the cookie banner on the respective Online World. The legal basis for the processing of data when using our Online Worlds is Art. 6 para. 1 lit. a GDPR (consent), § 25 para. 1 TTDSG.

2.4.3.  Recipient of the data
The data is usually transferred to a Google server in the USA and stored there. We have no influence on the type and scope of the data processed by Google, the type of processing and utilisation or the transfer of this data to third parties. Data transfers to third countries are based on the EU standard contractual clauses.. In addition, Google LLC is certified under the EU-U.S. Data Privacy Framework.

2.4.4.  Storage period, right to withdraw and right to object 
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected and any statutory retention obligations have expired.
You can withdraw your consent to Google Analytics at any time in the Consent Manager settings with effect for the future. Alternatively, you can object to data processing by Google Analytics at any time by downloading and installing the browser add-on offered by Google at tools.google.com/dlpage/gaoptout?hl=en. The analysis data processed and stored with Google Analytics will be automatically deleted by us after 14 months.

2.5.     Google Ads Conversion Tracking

2.5.1.  Description and scope of data processing 
On our Online Worlds, we use Google Ads Conversion Tracking, an advertising analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Cookies are used for this purpose. After you have given your consent by clicking on the consent button on our cookie banner, the analysis process by Google Ads Conversion Tracking begins.
In addition to your IP address, the usage data collected includes, in particular, information on whether you have reached our Online World via our adverts via Google Ads and what actions you have subsequently taken on our website. Further information can be found in Google’s privacy policy: policies.google.com/privacy;

2.5.2.  Purposes and legal bases of data processing 
We use Google Ads Conversion Tracking to optimise our advertising presence and our advertisements. Google Ads conversion tracking is only used after you have given your consent by clicking the consent button in the Consent Manager on the respective Online World. The legal basis for the processing of data when using our online worlds is Art. 6 para. 1 lit. a GDPR (consent), § 25 para. 1 TTDSG.

2.5.3.  Recipient of the data 
The data is usually transferred to a Google server in the USA and stored there. We have no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. In this respect, we also have no effective control options. Data transfers to third countries are based on the EU standard contractual clauses. In addition, Google LLC is certified under the EU-U.S. Data Privacy Framework.

2.5.4.  Storage period, right to withdraw 
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected and any statutory retention obligations have expired.
You can withdraw your consent to Google Ads Conversion Tracking at any time in the Consent Manager settings with effect for the future. The processed and stored analysis data will be automatically deleted by us after 14 months.

2.6.     Meta Pixel 

2.6.1.  Description and scope of data processing 
We use Meta Pixel on our Online Worlds. This is a JavaScript code offered by Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta”).
Once you have given your consent by clicking on the consent button on our cookie banner, the data processing procedure by Meta Pixel begins.
The data collected includes

HTTP header information such as information about the web browser used (e.g. user agent, language setting country/language)
Online identifiers such as IP addresses and, where provided, meta-related identifiers or device IDs (such as advertising IDs for mobile operating systems)
the actions you take on the respective Online World (so-called “events”), such as completing a registration, selecting items for the shopping basket or initiating contact via our Online Worlds.

This data may be merged with your user data on Facebook and Instagram.
Both we and Meta are jointly responsible for the processing of this data. The basis for data processing by Meta is an agreement between us and Meta on the joint processing of personal data, in which the respective responsibilities are defined. The agreement is available at www.facebook.com/legal/controller_addendum. Accordingly, we are responsible in particular for the fulfilment of the information obligations pursuant to Art. 13, 14 GDPR and for compliance with the obligations pursuant to Art. 33, 34 GDPR, insofar as a breach of the protection of personal data affects our obligations under the joint processing agreement. Meta is responsible for enabling the rights of data subjects in accordance with Art. 15 – 20 GDPR, complying with the security requirements of Art. 32 GDPR with regard to the security of processing and fulfilling the obligations under Art. 33, 34 GDPR insofar as a personal data breach affects Meta’s obligations under the joint processing agreement. However, you can still contact us to exercise your rights.
Further information on data processing by Meta can be found in Meta’s privacy policy: www.facebook.com/privacy/policy;

2.6.2.  Purposes and legal bases of data processing 
Meta Pixel collects information to create usage statistics for our adverts and Online Worlds. This enables us to measure the effectiveness of our advertising and improve our adverts. Meta Pixel is only used after you have given your consent by clicking the consent button in the Consent Manager on the respective Online World. The legal basis for the processing of data when using our Online Worlds is Art. 6 para. 1 lit. a GDPR (consent), § 25 para. 1 TTDSG.

2.6.3.  Recipient of the data 
The processed data may be passed on to the parent company Meta Platforms, Inc. based in the USA. We have no influence on the type and scope of the data processed by Meta, the type of processing and use or the transfer of this data to third parties. In this respect, we also have no effective control options. Data transfers to third countries are based on the EU standard contractual clauses. Meta Platforms, Inc. is also certified under the EU-U.S. Data Privacy Framework.

2.6.4.  Storage period, right to withdraw 
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected and any statutory retention obligations have expired.
You can withdraw the consent you have given with regard to Meta Pixel at any time in the Consent Manager with effect for the future. The analysis data processed and stored via Meta Pixel will be automatically deleted by us after 14 months.

2.7.     LinkedIn Insight Tag 

2.7.1  Description and scope of data processing 
On our Online Worlds, we use LinkedIn Insight Tag, an advertising analysis service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). Cookies are used for this. After you have given your consent by clicking on the consent button on our cookie banner, the analysis process by LinkedIn begins.
In addition to your IP address and device and browser characteristics, the usage data collected includes, in particular, information on whether you have reached our Online World via our LinkedIn Ads advert and what actions you have subsequently taken on our website. Further information can be found in LinkedIn’s privacy policy: www.linkedin.com/legal/privacy-policy;

2.7.2.  Purposes and legal bases of data processing 
We use LinkedIn Insight Tag to optimise our advertising presence and our advertisements. LinkedIn Insight Tag is only used after you have given your consent by clicking the consent button in the Consent Manager on the respective Online World. The legal basis for the processing of data when using our Online Worlds is Art. 6 para. 1 lit. a GDPR (consent), § 25 para. 1 TTDSG.

2.7.3  Recipient of the data 
This information may be transferred to LinkedIn in the USA and stored there. We have no influence on the type and scope of the data processed by LinkedIn, the type of processing and use or the transfer of this data to third parties. In this respect, we also have no effective control options. Data transfers to third countries are based on the EU standard contractual clauses.

2.7.4   Storage period, right to withdraw
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected and any statutory retention obligations have expired.
You can withdraw the consent you have given with regard to LinkedIn Insight Tag at any time in the Consent Manager settings with effect for the future. The processed and stored analysis data will be automatically deleted by us after 14 months

2.8.     Google reCAPTCHA 

2.8.1.  Description and scope of data processing 
To secure our Online Worlds against the misuse of bots, we use Google reCAPTCHA, a captcha service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Cookies are used for this. As part of this service, Google processes your IP address and other data such as information on the operating system, the language set, time and screen resolution and mouse and keyboard behaviour.
Further information can be found in Google’s privacy policy: policies.google.com/privacy;

2.8.2  Purposes and legal bases of data processing 
Google reCAPTCHA collects data to determine whether the actions performed on our Online Worlds are performed by a human or a bot. The legal basis for the processing of the data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in protecting our Online Worlds from bot attacks.

2.8.3  Recipient of the data 
The information generated by the cookies about the use of our Online Worlds is usually transmitted to a Google server in the USA and stored there. We have no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. Data transfers to third countries are based on the EU standard contractual clauses. In addition, Google LLC is certified under the EU-U.S. Data Privacy Framework.

2.8.4  Storage period
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected and any statutory retention obligations have expired.

2.9.     Google Maps 

2.9.1.  Description and scope of data processing 
We use the Google Maps map service on our Online Worlds. This allows us to show you interactive maps directly on our Online World and enables you to use the map function conveniently. The provider is Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland. As part of data processing, data is also regularly transmitted to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited and Google LLC are hereinafter jointly referred to as “Google”. To use the functions of Google Maps, it is necessary to process your IP address.

2.9.2.  Purposes and legal bases of data processing
The use of Google Maps is in the interest of an appealing presentation of our offers and to make it easy to find the locations specified by us in the respective Online World. The data is processed on the basis of Art. 6 para. 1 lit. a GDPR (consent), § 25 para. 1 TTDSG.

2.9.3.  Recipient of the data
This information is usually transferred to a Google server in the USA and stored there. We have no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. In this respect, we also have no effective control options. Data transfers to third countries are based on the EU standard contractual clauses. In addition, Google LLC is certified under the EU-U.S. Data Privacy Framework.

2.9.4.  Storage period, right to withdraw
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected and any statutory retention obligations have expired.
You can withdraw the consent you have given with regard to Google Maps at any time in the Consent Manager settings with effect for the future.

2.10.     YouTube plugins 

2.10.1.  Description and scope of data processing 
Our Online Worlds use plugins from YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland (hereinafter referred to as “Google”). The YouTube videos are integrated in the so-called “extended data protection mode”, which, according to the provider, only initiates the storage of user information when the video(s) is/are played.
When you visit one of our Online Worlds equipped with a YouTube plug-in, a connection to the YouTube servers is established. The YouTube server is informed which of our online worlds you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
Further information on the handling of user data can be found in YouTube’s privacy policy: policies.google.com/privacy.

2.10.2.  Purposes and legal bases of data processing
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, whereby our interest lies in the smooth integration of the videos and the appealing design of our website.

2.10.3.  Recipient of the data
By integrating YouTube, personal data may be transmitted to Google. Google also processes your personal data in the USA. We have no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. In this respect, we also have no effective control options. Data transfers to third countries are based on the EU standard contractual clauses.

2.10.4.  Storage period, right to withdraw 
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected and any statutory retention obligations have expired.
You can withdraw the consent you have given with regard to YouTube plugins at any time in the Consent Manager settings with effect for the future.

2.11.     Contact options on our Online Worlds

2.11.1.  Scope of data processing 
You can contact us via our online worlds in various ways, for example:

Contact form
Enquiry form mobile hydraulic emergency service

If you would like to contact us via these channels, we need the following data from you:

Salutation
Name
E-mail address (if contact by e-mail is required)
Telephone number (if you wish to be contacted by telephone)
Company data (name, address)

2.11.2.  Purposes and legal basis of data processing: 
We process your data for the purpose of being able to answer your enquiry to us in the best possible way. We process your data on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in responding to your enquiry addressed to us.

2.11.3.  Recipient of the data
The data is only processed by the internal contact persons responsible for the contact enquiries.

2.11.4.  Storage period 
The storage period depends on the content of your contact enquiry. In principle, the data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected and any statutory retention obligations have expired.

2.12.     Newsletter 

2.12.1.  Scope of data processing
You can subscribe to our online newsletter, including the customer magazine “Hydraulikpresse”. The following data will be processed:

Salutation
Surname, first name
E-mail address
Company name

2.12.2.  Purposes and legal basis of data processing 
We process your data for the purpose of sending the newsletter to business customers by email. We process your data on the basis of Art. 6 para. 1 lit. a GDPR. You have the right to withdraw your consent at any time with effect for the future (Art. 7 para. 3 GDPR).

2.12.3.  Recipient of the data 
The data is processed by the internal contact persons responsible for sending the newsletter.
The provider CleverReach GmbH & Co KG (Schafjückenweg 2, 26180 Rastede, Germany), with whom we have also concluded a data processing agreement in accordance with Art. 28 GDPR, supports us in sending the newsletter.

2.12.4.  Storage period 
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected and any statutory retention obligations have expired.

2.13.     Whitepaper 

2.13.1.  Scope of data processing 
We offer the option of downloading white papers from our Online Worlds in order to provide our visitors with up-to-date information or information relating to you. The following data is processed for this purpose:
Salutation

Name
E-mail address
Company name
Telephone number (optional)

2.13.2.  Purposes and legal basis of data processing 
We process your data for the purpose of providing downloads to business customers. We process your data on the basis of Art. 6 para. 1 lit. a GDPR. You have the right to withdraw your consent at any time with effect for the future (Art. 7 para. 3 GDPR).

2.13.3.  Recipient of the data 
The data is processed by the internal contact persons responsible for sending the customer magazine.
The provider CleverReach GmbH & Co KG (Schafjückenweg 2, 26180 Rastede, Germany), with whom we have also concluded a data processing agreement in accordance with Art. 28 GDPR, supports us in sending the download information.

2.13.4.  Storage Period
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected and any statutory retention obligations have expired.

2.14.  Data security 
Ongoing technical and organisational security measures are taken to protect your personal data against manipulation, loss, destruction or access by unauthorised persons. In particular, we use TLS encryption when transmitting data via our Online Worlds. You can recognise this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with . 

3. HANSA FLEX Corporate Website

3.1.  Scope of data processing 
You can access the HANSA‑FLEX corporate website via hansa-flex.de.

3.2.  Purposes and legal basis of data processing 
We process your data for the purpose of providing the HANSA FLEX Corporate Website on the basis of Art. 6 para. 1 lit. f GDPR.

3.3.  Recipient of the data 
The service provider neusta infrastructure services GmbH (Konsul-Smidt-Straße 24, 28217 Bremen) supports us with hosting.
The advertising agency team neusta GmbH (Konsul-Smidt-Straße 24, 28217 Bremen) supports us in the operation of the application.
As part of an data processing agreement (Art. 28 GDPR), the service providers have undertaken to comply with appropriate technical and organisational measures for data security, among other things, and act on our behalf in accordance with our instructions.

3.4.  Use of cookies and tracking technologies 
For more information on the cookies used on the website, please refer to the sections 2.2 to 2.8.

4. HANSA FLEX Kundenportal (my.hansa-flex Portal, X-Code Manager)

4.1. Umfang der Datenverarbeitung
Wir betreiben die mobile Applikation und die browserbasierte Web-Anwendung X-CODE Manager („Anwendung“). Dieses Kundenportal richtet sich ausschließlich an gewerbliche Kunden. Sie können die Anwendung nur nutzen, wenn Sie hierzu von einem HANSA‑FLEX-Mitarbeitenden freigeschaltet wurden. Zur Erstellung eines Benutzerskontos erhalten wir Ihre beruflichen Kontaktdaten von dem HANSA‑FLEX-Kunden. Wenn wir Ihr Benutzerkonto erstellt haben, erhalten Sie eine E-Mail von uns, die einen Link zur Anwendung enthält. Dort können Sie sich erstmalig anmelden und sich ein Passwort vergeben. Anschließend können Sie die Anwendung bestimmungsgemäß nutzen. In diesem Rahmen werden folgende Datenkategorien verarbeitet:
Name, Vorname
Berufliche Kontaktdaten (Funktion, Abteilung, Unternehmensanschrift, Telefon, Fax, E-Mail, Kunden- und Partnernummer)
Unterschrift (für die Erstellung von Prüfprotokollen)

4.2. Zwecke und Rechtsgrundlage der Datenverarbeitung
Wir verarbeiten diese Daten, damit wir Ihnen die Anwendung in Übereinstimmung mit den zwischen Ihnen und uns abgeschlossenen Nutzungsbedingungen zur Nutzung bereitstellen können. Rechtsgrundlage: Die Verarbeitung Ihrer personenbezogenen Daten durch uns erfolgt in Erfüllung einer vertraglichen Verpflichtung (Art. 6 Abs. 1 lit. b DSGVO) sowie auf der Basis einer Interessenabwägung (Art. 6 Abs. 1 lit. f DSGVO).

4.3. Gemeinsame Verantwortlichkeit
Für die Verarbeitung dieser Daten ist neben uns auch der HANSA‑FLEX-Kunde verantwortlich, in dessen Auftrag Sie die Anwendung nutzen. Der HANSA‑FLEX-Kunde kann über die Benutzerverwaltung Ihre Aktivitäten in der Anwendung einsehen und Ihnen bestimmte Rechte für die Nutzung der Anwendung zuweisen. HANSA‑FLEX und der HANSA‑FLEX-Kunde sind hinsichtlich der Verarbeitung Ihrer Daten als gemeinsame Verantwortliche nach Art. 26 DSGVO anzusehen. Aus diesem Grund haben HANSA‑FLEX und der HANSA‑FLEX-Kunde eine entsprechende Vereinbarung zur gemeinsamen Verarbeitung personenbezogener Daten nach Art. 26 Abs. 1 DSGVO abgeschlossen. Im Wesentlichen wurde darin vereinbart, dass nur wir Ihnen Informationen zur Datenverarbeitung bereitstellen und Sie über die wesentlichen Inhalte unserer Vereinbarung zur gemeinsamen Verarbeitung informieren, was wir hiermit tun. Wir haben mit dem HANSA‑FLEX-Kunden vereinbart, dass Sie sich nach Ihrem Wunsch an uns oder an den HANSA‑FLEX-Kunden hinsichtlich der Geltendmachung von Betroffenenrechten (z.B. Auskunftsrecht, Löschungsrecht) wenden können. Einzelheiten hierzu finden Sie im Abschnitt „Ihre Rechte“.

4.4. Verarbeitung von Analysedaten
Wir nutzten die Funktionen der mobilen Entwicklungsplattform Firebase. Anbieter ist die Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94943, USA. Mit Hilfe von eingebundenem Code sendet Firebase Analysedaten. Diese Daten werden in der Regel an einen Server von Google in den USA übertragen und dort gespeichert. Die Verarbeitung von Firebase-Daten erfolgt auf Grundlage von Art. 6 Abs. 1 lit. f DSGVO. Wir haben ein berechtigtes Interesse an der Analyse des Nutzerverhaltens, um die Entwicklung der App zu optimieren. Hinreichende Garantien für die Datenübermittlungen ins Drittland bieten die EU-Standardvertragsklauseln. Zudem ist Google LLC unter dem EU-U.S. Data Privacy Framework zertifiziert.
Wir nutzen außerdem die Funktionen des Crash Reporting Tools Crashlytics. Anbieter ist die Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94943, USA. Mit Hilfe von eingebundenem Code sendet Crashlytics einen Fehlerbericht, falls es zu einem unerwarteten Absturz der App kam. Diese Informationen werden in der Regel an einen Server von Google in den USA übertragen und dort gespeichert. Die Speicherung von Absturzberichten erfolgt auf Grundlage von Art. 6 Abs. 1 lit. f DSGVO. Wir haben ein berechtigtes Interesse an der Analyse von Absturzberichten, um damit das Nutzererlebnis stetig zu verbessern. Hinreichende Garantien für die Datenübermittlungen ins Drittland bieten die EU-Standardvertragsklauseln. Zudem ist Google LLC unter dem EU-U.S. Data Privacy Framework zertifiziert.
Außerdem nutzen wir Funktionen des Webanalysedienstes Firebase Analytics. Anbieter ist die Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Mit Hilfe von eingebundenem Code sendet Firebase Analysedaten. Diese Daten werden in der Regel an einen Server von Google in den USA übertragen und dort gespeichert. Die Speicherung von Firebase Analytics Daten erfolgt auf Grundlage von Art. 6 Abs. 1 lit. f DSGVO. Wir haben ein berechtigtes Interesse an der Analyse des Nutzerverhaltens, um die Entwicklung der App zu optimieren. Hinreichende Garantien für die Datenübermittlungen ins Drittland bieten die EU-Standardvertragsklauseln. Zudem ist Google LLC unter dem EU-U.S. Data Privacy Framework zertifiziert.

4.5. Empfänger der Daten
Im Rahmen der Bereitstellung der Anwendung nutzen wir die SAP Cloud des externen Hosting-Dienstleisters SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 77, 69190 Walldorf. Außerdem setzen wir die Arvato Systems S4M GmbH, Am Coloneum 3, 50829 Köln ebenfalls als Hosting-Dienstleister ein.
Im Rahmen des Betriebs der Anwendung unterstützt uns die Werbeagentur team neusta GmbH (Konsul-Smidt-Straße 24, 28217 Bremen) und neusta mobile solutions GmbH (Konsul-Smidt-Straße 24, 28217 Bremen).
Die Dienstleister haben sich im Rahmen eines Vertrags zur Auftragsverarbeitung (Art. 28 DSGVO) unter anderem zur Einhaltung angemessener technischer und organisatorischer Maßnahmen zur Datensicherheit verpflichtet und handeln weisungsgebunden in unserem Auftrag.

4.6. Speicherdauer
Wir speichern Ihre personenbezogenen Daten nur solange, bis der Zweck erfüllt ist, zu dem wir sie erhoben oder erhalten haben. Die Logfiles werden für die Dauer von sieben Tagen gespeichert und danach gelöscht, es sei denn, sie müssen zur Nachverfolgung eines identifizierten Angriffs ausnahmsweise länger vorgehalten werden. Übermittelte Daten deaktivierter Nutzer werden nach 12 Monaten gelöscht.

4.7. Verwendung von Cookies und Tracking-Technologien
Nähere Informationen zu den auf der Website eingesetzten Cookies entnehmen Sie bitte den Abschnitten 2.2 bis 2.8.

5. HANSA FLEX Online Shop (shop.hansa-flex.de)

5.1.  Scope of data processing
We offer the HANSA FLAX Online shop on the shop.hansa-flex.de website. The Online Shop is aimed at commercial customers. You can create a personal profile there (e.g. as an employee of a commercial customer). The following data is required for registration:

Surname, first name
Professional contact details (address, telephone, fax, e-mail)

In addition, the following data may be processed as part of an order via the Online Shop:
Order information (subject and date of the order, delivery times)
Payment information

5.2.  Purposes and legal basis of data processing 
We process your data for the purpose of providing the HANSA FLEX Online shop and to fulfil an order placed via the Online Shop for a business customer on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the functioning and practicable cooperation with our business partners and the employees of our business partners and the processing of orders via our Online Shop.

5.3.  Recipient of the data 
We use the SAP Cloud of the external hosting service provider SAP Deutschland SE & Co KG, Hasso-Plattner-Ring 77, 69190 Walldorf, Germany, to provide the application. We also use Arvato Systems S4M GmbH, Am Coloneum 3, 50829 Cologne, Germany, as a hosting service provider. As part of a data processing agreement (Art. 28 GDPR), the service providers have undertaken to comply with appropriate technical and organisational measures for data security, among other things, and act on our behalf in accordance with our instructions. We process your data exclusively in the European Union or the European Economic Area.
The advertising agency team neusta GmbH (Konsul-Smidt-Straße 24, 28217 Bremen) supports us in the operation of the application.
We use the financial services provider Unzer GmbH, Schöneberger Str. 21a, 10963 Berlin for the purpose of processing payments by credit card.
As part of a data processing agreement (Art. 28 GDPR), the service providers have undertaken to comply with appropriate technical and organisational measures for data security, among other things, and act on our behalf in accordance with our instructions.
Insofar as it is necessary for the fulfilment of an order, we transmit your data to company branches, group companies and partner companies & agencies as well as other external service partners that we use to fulfil the contract. This includes in particular the shipping company commissioned with the delivery of ordered goods and the payment institutions and payment service providers commissioned with payment processing as well as the company branches www.hansa-flex.co.uk/subsidiaries.html, group companies and partner companies & agencies as well as other external service providers commissioned to carry out maintenance, repair work and other work and services as well as service work.

5.4.  Storage period 
Your data will be stored by us for as long as we need it for the specific processing purpose. We regularly store your data for at least the duration of your use of our online shop.
We also store certain data for the duration of statutory limitation periods (usually three years, in individual cases up to thirty years) and for as long as statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code) prescribe (but usually for a maximum of ten years).
Under certain circumstances, we may have to store your data for longer. This is the case, for example, if a prohibition to delete data is ordered for the duration of the proceedings in connection with official or court proceedings.

5.5  Use of cookies and tracking technologies 
For more information on the cookies used on the website, please refer to the sections 2.2 to 2.8.

6. Business contacts

6.1.  Scope of data processing 
As part of our business relationship with you as a business customer, service provider or supplier or as an employee of our business partners, we process the data that we receive from you or your employer.
In particular, this is data that we receive as soon as you or one of your colleagues contact our employees. Contact can be made electronically (by e-mail) or in person (e.g. contact at trade fairs, handing over a business card).
We may process the following categories of data in this context:

Surname, first name
Professional contact details (function, department, address, telephone, fax, e-mail)
Data on professional circumstances (job title, tasks, activity, qualifications)
In addition, we may process other data that you provide during interaction with our employees.

We use your data to communicate with you (e.g. by email) for business purposes and to send you offers, for example. In this context, we store your contact data in our CRM system and possibly in other contact directories (e.g. in Outlook).

6.2.  Purposes and legal bases of data processing 
Your data will be processed by us for the purpose of establishing and implementing the contractual relationship with you as a business customer and to fulfil legal requirements.
If you are personally our business partner, the processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR for the fulfilment or initiation of a contract.
For the purpose of fulfilling legal obligations, processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with legal and official requirements (e.g. from tax and commercial law).

6.3.  Recipients of your data 
Personal data may be processed by external service providers (e.g. cloud, support, hosting or analysis service providers) on the basis of contracts in accordance with Art. 28 GDPR. The external service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.
Insofar as it is necessary for the above-mentioned purposes, we transmit your data to company branches, group companies and partner companies & agencies as well as other external service partners that we use to fulfil the contract. This includes in particular the shipping company commissioned with the delivery of ordered goods and the payment institutions and payment service providers commissioned with payment processing as well as the company branches www.hansa-flex.co.uk/subsidiaries.html, group companies and partner companies & agencies as well as other external service providers commissioned to carry out maintenance, repair work and other work and services as well as service work.

6.4.  Transfer of your data to a third country 
We endeavour to process your data within the European Union or the European Economic Area. If we transfer your data to a third country, i.e. outside the European Union or the European Economic Area, this will only be done in accordance with the legal requirements.
Should your personal data nevertheless be transferred, this will only take place if an adequate level of data protection is ensured in the third country in accordance with an adequacy decision of the European Commission or if suitable guarantees (e.g. data protection contracts using the standard contractual clauses of the European Commission) can ensure adequate protection of your personal data.
We have concluded standard contractual clauses with our subsidiaries in non-EU countries for which there is no adequacy decision.

6.5.  Storage Period
We store your data for as long as we need it for the specific processing purpose. We regularly store your data for at least the duration of our business relationship with you or the business customer for whom you work.
We also store certain data for the duration of statutory limitation periods (usually three years, in individual cases up to thirty years) and for as long as statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code) prescribe (but usually for a maximum of ten years).
Under certain circumstances, we may have to store your data for longer. This is the case, for example, if a prohibition to delete data is ordered for the duration of the proceedings in connection with official or court proceedings.

7. Video conferences, online meetings and webinars

We use platforms and applications from other providers (“third-party providers”) for the purpose of holding video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we observe the legal requirements. In this context, data of the communication participants are processed and stored on the servers of the third-party providers, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and shared screen content. If users are referred to third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimisation or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.

7.1. Scope of data processing 

If you participate in video conferences, online meetings or webinars organised by us, we generally process the following data:

Inventory data (e.g. names, addresses),
Meta/communication data (e.g. device information, IP addresses)

In individual cases, the following data may also be processed, for example if you have stored this information in your user profile or if you share content with us:

Contact details (e.g. email, telephone numbers),
Content data (e.g. text entries, photographs, videos),
Usage data (e.g. websites visited, interest in content, access times),

7.2.  Purposes and legal bases of processing  
We use the applications to conduct video and audio conferences, webinars and other types of video and audio meetings. If we ask users for their consent to the use of third-party providers or certain functions (e.g. consent to the recording of conversations), the legal basis for processing is consent pursuant to Art. 6 para. 1 lit. a GDPR. Furthermore, their use may be part of our (pre-)contractual services in accordance with Art. 6 para. 1 lit. b. GDPR, insofar as the use of third-party providers has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners in accordance with Art. 6 para. 1 lit. f. GDPR.

7.3.  Recipient of the data 
We currently use Microsoft Teams. Personal data is transmitted to the operator of this service – Microsoft Ireland Operations Ltd, The Atrium Building, Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18, Ireland (“Microsoft”) – and processed on our behalf in accordance with instructions on the basis of a data processing agreement pursuant to Art. 28 GDPR.
Microsoft Teams
Website: products.office.com  
Privacy policy: privacy.microsoft.com/en-gb/privacystatement 
Safety instructions: www.microsoft.com/en-gb/trustcenter 

7.4.  Transfer of your data to a third country 
We have agreed with the third-party providers that the data will generally be processed within the EU. However, it cannot be technically ruled out that personal data may also be transferred to the USA when using the above services. In order to ensure sufficient guarantees for data transfers to the USA, EU standard contractual clauses have been concluded. Microsoft is also certified under the EU-U.S. Data Privacy Framework.

7.5.  Storage period 
We store your data for as long as we need it for the specific processing purpose. Metadata from calls and conversations is stored for a maximum of 180 days (depending on the date). Chats are stored for 90 days after the end of the chat and then automatically deleted. Logged administrative events are stored for 90 days and then automatically deleted. If the contract with Microsoft is cancelled, the data is deleted after 90 days.

8. Applicants

8.1.  Scope of data processing 
In the application process, we only collect the data that you provide to us. We require the following data to carry out the application process:

Surname, first name
Contact details (address, e-mail address and telephone number)
Information on the course of training and, if applicable, professional career
Data on your professional qualifications, such as school-leaving and educational qualifications, language skills, as well as your place of study or training, certificates
If you send us your CV, we will process the data provided in it, such as photos of you or possibly the existence of a driving licence
Any other data provided by you as part of your application

We are looking for the best employees, regardless of ethnic origin, gender, religion or ideology, disability, age or sexual identity. Please do not provide any information on:

Pregnancy
ethnic origin, political opinions, philosophical or religious beliefs, trade union membership or sexual life
Information that has nothing to do with the job profile of the position for which you are applying

8.2.  Purpose and legal basis of data processing 
We treat your details confidentially and solely for the purpose of selecting applicants. We need your personal data in order to process your application and to be able to contact you to handle your application process. Unfortunately, we cannot offer you a position without this data. The legal basis for data processing is Art. 6 para. 1 lit. b GDPR and § 26 para. 1 Federal Data Protection Act (BDSG). Insofar as the data transmitted by you contains special categories of data (e.g. ethnic origin, trade union membership, health data) and this data is necessary for us to fulfil our obligations under labour or social law, the legal basis is Art. 9 para. 2 lit. b GDPR.

8.3.  Recipient of the data 
Internally, only those persons have access to your data who need it for the stated purposes. These are primarily the responsible partners, responsible HR employees and all persons who are necessarily involved in the applicant selection process.
The provider Haufe Service Center GmbH (Munziger Straße 9, 79111 Freiburg) supports us in the administration of applications.
The provider PitchYou GmbH (Campusallee 9, 51379 Leverkusen) supports us in the processing of applications via digital channels.
As part of a data processing agreement (Art. 28 GDPR), the service providers have undertaken to comply with appropriate technical and organisational measures for data security, among other things, and act on our behalf in accordance with our instructions.

8.4.  Transfer of your data to third countries 
We do not transfer your personal data to countries outside the European Union or the European Economic Area (currently EU member states plus Iceland, Liechtenstein and Norway) as part of the application process.

8.5.  Storage period 
If an employment relationship is established with you, we will process your data for the purposes of the employment relationship in accordance with a separate privacy policy, which you will then receive from us.
You can consent to your personal data being transferred to an applicant pool. We process your data on the basis of Art. 6 para. 1 lit. a GDPR.  You have the right to withdraw your consent at any time with effect for the future (Art. 7 para. 3 GDPR). We request new consent at regular intervals.
In the event that no employment relationship is established with you, we will generally store your data for a period of six months from the date of receipt of your rejection. Your application documents will then be deleted.

9. Social media profiles

9.1.  Scope of data processing
You can interact with our profile on the respective social media platform, for example by following us, sharing posts, commenting or rating them (e.g. by marking them with “like”). In this case, we will receive a notification that you have visited or interacted with our account. We can then see your profile name, your interaction and – if available – your profile picture. If you contact us via direct notification or send us a message, we can see your user profile and your message.
In addition, the respective social media platforms generally offer analysis options that we use to improve our online presence and increase our reach. We can use the analysis tools provided by the respective social media platform to see how many users have seen or interacted with our posts. The analysis evaluations do not allow any conclusions to be drawn about you personally.

9.2.  Purpose and legal basis of data processing 
We process the data in order to improve our online presence or to be able to interact with you on your initiative and to read and respond to your enquiry or notification.
We process your data on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in improving our online presence and for marketing purposes.

9.3.  Recipient of the data 
Your data will be viewed by our employees who manage our social media accounts. In addition, the respective providers of the social media platforms process your data in accordance with their own privacy policies. Specifically, these are the following social media providers:

Platform: Facebook
Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Data protection information: www.facebook.com/privacy  

Platform: Instagram
Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
Data protection information: www.facebook.com/privacy 

Platform: LinkedIn
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Data protection information: www.linkedin.com/legal/privacy-policy 

Platform: Xing
Provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
​​​​​​​Data protection information: privacy.xing.com/en/privacy-policy  

Platform: Youtube
Provider: Google Ireland Limited Gordon House, Barrow Street Dublin 4, Ireland
Data protection information: https://policies.google.com/privacy

The respective platform operators are themselves responsible for the processing of your personal data on the respective platform. As a user of the respective platform, you have accepted the corresponding user agreements. As a commercial customer of the respective platform, we have concluded data protection agreements with the respective platform operators. We have concluded agreements with Meta and LinkedIn regarding the use of analysis functions for the joint processing of personal data in accordance with Art. 26 GDPR. The contents of the agreements can be found here:
Meta: www.facebook.com/legal/controller_addendum  
LinkedIn: legal.linkedin.com/pages-joint-controller-addendum 
Insofar as the respective platform operators transfer personal data to non-EU third countries, they use the EU standard contractual clauses.

9.4.  Storage period 
We will store your data for as long as we need it for the specific processing purpose. We also store certain data for the duration of statutory limitation periods (usually three years, in individual cases up to thirty years) and for as long as statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code) prescribe (but usually for a maximum of ten years).