HWACHEON Machinery Europe

Data Policy

Privacy statement

This privacy statement informs you about the type, extent and purpose of the processing of personal data (hereinafter referred to as „data“) within the scope of our on-line services and the sites related thereto, functionalities and contents as well as external on-line presences such as our social media profile (hereinafter collectively referred to as „on-line service“). As regards the terms used such as “processing” or “controller” reference is made to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Hwacheon Machinery Europe GmbH
Josef-Baumann-Str. 25
DE-44805 Bochum
Germany

Mail: info@hwacheon-europe.com
CEO: Mr. Christoph Smets
Imprint: www.hwacheon-europe.com/imprint

Types of data processed:

- inventory data (e.g. name, addresses)
- contact data (e.g. e-mail, telephone number
- content data (e.g. text inputs, photos, videos)
- usage data (e.g. sites visited, interest in contents, access times)
- meta data / communication data (e.g. device information, IP addresses)

Categories of persons concerned

Visitors and users of the online-services (hereinafter persons concerned are collectively referred to as “users”).

Purpose of processing

- provision of on-line services, their functionalities and contents
- reply to contact inquiries and communication with users
- safety precautions
- coverage measurement

Terms used

“Personal data” means all information related to an indentified or identifiable natural person (hereinafter referred to as “person concerned”); a natural person that can be identified by way of an assignment regarding name, an ID, location data, on-line ID (e.g. cookie) or one or several special features is deemed to be identifiable, with these features constituting a physical, physiologic, genetic, psychic, commercial, cultural or social identity of this natural person.

“Processing” means any process or series of processes related to personal data, with such processes using automated or non-automated methods. This term is far-reaching and covers nearly any handling of data.

“Pseudonymisation” means the processing of personal data in a way that without adding any information personal data can no longer be assigned to a specific person provided that such additional information are stored separately and are subject to technical and organizational precautions  to make sure that personal data cannot be assigned to an identified or identifiable natural person.

“Profiling” means any kind of automated processing of personal data in a way that these personal data are used to analyse  certain personal aspects related to a natural person and, in particular, to analyse or forecast aspects regarding work performance, financial status, health, personal preferences, interests, reliability, location or change of location of this natural person.

“Controller” means a natural or juristic person, authority, institution or other body that individually or in combination with others decides on the purpose and means of processing of personal data.

“Processor” means a natural or juristic person, authority, institution or other body processing personal data on behalf of the controller.

Relevant legal bases

Pursuant to Art. 13, GDPR, we inform you about the legal bases of our data processing. If a legal basis is not mentioned in the privacy statement the following shall apply: Legal basis for obtaining approvals : Art. 6, para. 1 a, and Art. 7, GDPR, legal basis for the processing  for the purpose of providing our services and performing a contract: Art. 6, para. 1 b, GDPR, legal basis for processing for compliance with our legal obligations: Art. 6, para. 1 c, GDPR, legal basis for processing for the purpose of safeguarding our legitimate interests: Art. 6, para. 1 f, GDPR. In the event that vital interests of the person concerned or another natural person require a processing of personal data, Art. 6, para. 1 d, GDPR, shall apply.

Safety precautions

As provided for by Art. 32, GDPR, and considering the state of technology, cost of implementation, type, extent, circumstances and purpose of processing as well as varying likelihood and severity for the risks and freedoms of natural persons posed by the processing we  take adequate technical and organizational measures to ensure a level of protection that is appropriate to the risk.

Such measures include, in particular, the protection of confidentiality, integrity and availability of data by controlling the physical access to data, input, transfer and maintaining availability and their separation. Furthermore, we have taken precautions ensuring the safeguarding of the rights of the persons concerned, erasure of data and response to a risk to data. We also take account of the protection of personal data when designing and/or selecting hardware, software and processes by design and by data protection friendly default (Art. 25, GDPR).

Collaboration with processors and third parties

To the extent we disclose data to other persons and companies (processors or third parties), transfer data to them or grant them access thereto when processing data, this is based on a legal permission (e.g. if a transfer to third parties, e.g. payment service providers, is required for the purpose of performing a contract – Art. 6, para.  b. GDPR), if you have given consent, if this is provided for by law or if it is based on our legitimate interests e.g. when using agents, web hosters, etc.).

If we entrust third parties with the processing of data on the basis of an “order processing agreement”, this is based on Art. 28, GDPR.

Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if we process data by using third-party services  or by way of disclosure and/or transfer of data to third parties, we shall only do so in compliance with our (pre-)contractual obligations on the basis of your consent, a legal obligation or our legitimate interests. Subject to statutory or contractual authorizations we process or cause to be processed data in a third party country only if the special requirements defined in Art. 44, et. seq., GDPR, exist, i.e. processing is based, for example, on special guarantees such as the establishment of a data protection level that is adequate to that of the EU (e.g. Privacy Shield in the USA) or in compliance with general specific contractual obligations (so-called “standard contract clauses”).

Rights of persons concerned

You have the right to demand a confirmation to see if data concerned are processed and the right of information about these data and additional information and a copy of the data (Art. 15, GDPR).

Pursuant to Art. 16, GDPR, you have the right to demand a completion or rectification of  data concerning you.

Pursuant to Art. 17, GDPR, you have the right to demand that data concerned be erased immediately or a restriction of the processing of data pursuant to Art. 18, GDPR.

You have the right to demand that you receive the data concerning you  that you have provided to us (Art. 20, GDPR) and a transfer to other controllers.

Pursuant to Art. 77, GDPR, you also have the right to lodge a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to withdraw consents given with future effect at any time (Art. 7, para. 3, GDPR).

Right to object

You may at any time object to the future processing of data concerning you (Art. 21, GDPR). An objection may be filed to the processing for the purpose of direct marketing, in particular.

Cookies and right to object to direct marketing

Cookies are small files stored on a user’s computer. A cookie may include different information. A cookie is primarily used to store data of a user (and/or the device on which the cookie is stored) during or even after a visit within the scope of on-line service. Temporary cookies, session cookies, or transient cookies are cookies that will be deleted after a user has left an on-line service and closed the browser. In such a cookie the content of a basket in an on-line shop or a log in status may be stored. Cookies are called permanent or persistent if they continue to be stored even after closing the browser. A log in status may be stored if users visit the site after a few days. The interests of users used for coverage measurement may be stored in such cookie as well. Third-party cookies are cookies provided by parties being different from the controller providing the on-line service (otherwise, if this only relates to its cookies, they are called first-party cookies).

We may use temporary and permanent cookies and inform you about that in this privacy statement.

If users do not want cookies to be stored on their computers, they are requested to deactivate the corresponding option in the settings of their browsers. Stored cookies can be deleted by configuring a browser’s system settings. A deactivation of cookies could mean that not all functionalities of this on-line service can be used.

A general objection to the use of cookies for the purpose of on-line marketing may be filed for a number of services (tracking, particular). If you want to object thereto access  http://www.aboutads.info/choices/ (American site) or http://www.youronlinechoices.com/ (EU site). Furthermore, a storage or deactivation of  cookies can be configured in the browser settings. Please note that in case of a corresponding setting not all functionalities of this on-line service can be used.

Erasure of data

Data processed by us are erased or restricted in use as provided for by Art. 17 and 18, GDPR. Unless otherwise expressly referred to in this privacy statement data stored by us will be erased as soon as the purpose for which they were stored no longer exists and if an erasure does not conflict with statutory storage obligations. If data are not erased as they are required for other legally permissible purposes, the processing thereof will be restricted, i.e. data will be blocked and they will not be processed for any other purposes. This applies to data that must be stored for commercial or taxation purposes.

As provided for by German law, the storage period shall be 10 years pursuant to Section 147, Tax Code, Section 257, para. 1, subpara. 1 and 4, para. 4, German Commercial Code (ledgers, records, status reports, vouchers, account books, for documents relevant to taxation, etc.) and 6 years pursuant to Section 1, subpara. 2 and 3, para. 4, German Commercial Code (commercial correspondence).

As provided for by Austrian law, the storage period shall be 7 years pursuant to Section 132, para. 1, Federal Fiscal System (accounting records, vouchers / invoices, accounts, accounts, business papers, list of income and expenses, etc.), 22 years in connection with property and 10 years for documents in connection with electronic services, telecommunication services, broadcasting services (radio and TV provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS is used).

Data protection notes - application procedure

We process an applicant’s data solely for the purpose and within the scope of the application procedure in compliance with the respective statutory provisions. An applicant’s data  are processed for compliance with our (pre-)contractual obligations within the scope of the application procedure in terms of Art. 6, para. 1 b, GDPR, and Art. 6, para. 1 f, GDPR, if the processing of data is of relevance to us in legal proceedings (in Germany, Section 26, Federal Data Protection Act, shall apply in addition).

The application process requires applicants to transmit their data. If there is an on-line form necessary applicant data are marked or otherwise result from job descriptions. This generally includes personal details, postal address and contact addresses and the documents included in an application such as covering letter, CV and testimonials. Applicants may provide additional information.

When transmitting their application applicants consent to the processing of their data for the purpose of the application procedure in terms of type and extent as provided for in this privacy statement.
If in the course of the application procedure special categories of personal data in terms of Art. 9, para. 1, GDPR, are transmitted, the processing thereof is based on Art. 9, para. 2 b, GDPR (e.g. health data such as disability status or ethnicity). If in the course of the application procedure special categories of personal data in terms of Art. 9, para. 1, GDPR, are obtained from applicants, the processing thereof shall also be based on Art. 9, para. 2 a, GDPR (e.g. health data, if required for the job).

If provided, applicants may transmit their applications by way of an on-line form on our site. These data will be encrypted and transmitted to us using state-of-the-art technology.
Applicants may send us applications by e-mail. Please note that e-mails are generally not encrypted. Applicants are required to ensure a corresponding encryption. We, therefore, cannot assume any liability for the transmission path of an application between a sender and the receipt on our server. It is, therefore, recommended to use an on-line form or mail the corresponding documents to us. Applicants are free to mail their application to us instead of using the on-line form or an e-mail.

Following a successful application data provided by applicants may be processed by us for the purpose of employment. In case of an unsuccessful application for a job the applicants’ data will be deleted. The applicants’ data will also be deleted if an application is withdrawn.  Applicants may withdraw their applications at any time.

Subject to a justified withdrawal by an applicant data will be deleted after expiration of a period of six months so we can answer following questions about an application  and comply with our obligation to furnish evidence. Invoices relating to a refund of travel expenses will be archived as provided for by tax legislation.

Contacting

When contacting us (e.g. contact form, e-mail, phone or social media) a user’s data will be processed for the purpose of dealing with and settling an inquiry (Art. 6, para. 1 b, GDPR – contractual / pre-contractual relationship), (Art. 6, para. 1 f, GDPR (other inquiries). A user’s data may be stored in a customer relationship management system (CRM system) or a similar inquiry organization.

Inquiries will be deleted as soon as they are no longer needed. Corresponding requirements are checked in intervals of two years. Furthermore, the respective statutory archiving obligations shall apply.

Newsletter

The following paragraph informs you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights to object. By subscribing to our newsletter you consent to the receipt thereof and the aforementioned procedure.

Contents of newsletter: We send newsletters, e-mails and other electronic notes including marketing information (hereinafter referred to as “newsletter” only if a user has consented thereto or on the basis of legal permission. If in the course of registration for the newsletter the content thereof is specified, it shall be relevant to a user’s consent. As for the rest, our newsletter contains information about our services and us.

Double opt in and logging: A registration for our newsletter is based on a so-called double opt in procedure, i.e. after registration you will receive an e-mail in which you are requested to confirm your registration. This confirmation is required to prevent another person from registering by using your e-mail. Registration for the newsletter is logged in order to produce evidence of the registration procedure as provided for by law. This includes the storage of the time of registration and confirmation and the IP address. Modifications to your data stored by the dispatch service provider will be logged, too.

Registration data: In order to register for the newsletter your e-mail address will be sufficient. We optionally ask you for your name (more personal form of address in the newsletter).

Dispatch of the newsletter and the measurement of success are subject to a recipient’s consent pursuant to Art. 6, para. 1 a, Art. 7, GDPR, in conjunction with Section 7, para. 2, subpara. 3, Unfair Competition Act, or, if a consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Art. 6, para. 1, f, GDPR, in conjunction with Section 7, para. 3, Unfair Competition Act.

Logging of the registration is based on our legitimate interests pursuant to Art. 6, para. 1 f, GDPR. Our interest aims at the use of a user-friendly and secure newsletter system that is in line with our commercial interests and meets the users’ expectations and enables us to produce evidence of consents.

Cancellation / withdrawal – You may cancel the receipt of our newsletter at any time and you may withdraw your consent. At the end of each newsletter there is a cancellation link. Considering our legitimate interests we can store registered e-mail addresses for a period of up to three years before deleting them. We shall do so to produce evidence of consents given. The processing of these data is restricted to the purpose of a possible defence of claims. An individual application for erasure may be filed at any time provided that the former existence of a consent is confirmed.

Newsletter - Mailchimp

The newsletter is dispatched by MailChimp, a newsletter dispatch platform by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. For the dispatch service provider’s data protection regulations see https://mailchimp.com/legal/privacy/. Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement thus ensuring compliance with the European data protection standard.
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=A...
The dispatch service provider is used on the basis of our legitimate interests pursuant to Art. 6, para. 1 f, GDPR and an order processing agreement pursuant to Art. 28, para. 3, sentence 1, GDPR.
The dispatch service provider may use pseudonymised recipients’ data (cannot be assigned to user) in order to optimize or improve its own services, e.g. for technical optimization of dispatch or the newsletter design or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to contact users or to disclose such data to third parties.

Newsletter – measurement of success

The newsletter contains a so-called web beacon, a pixel-sized file that is recalled from a dispatch service provider’s server (if we use such provider) when opening the newsletter. During such recall first technical information such information about your browser and your system as well as your IP address and time of recall will be collected.

Such information are used to technically improve the service on the basis of the technical data or the target group and your reading behaviour based on their places of recall (can be determined by way of the IP address) or access times. A statistical survey also includes the statement whether the newsletter was opened, when it was opened and which links were clicked. It is true that for technical reasons such information could be assigned to individual newsletter recipients, but  neither we nor the dispatch service provider intend to monitor individual users. These analyses are used to identify our readers’ reading behaviour and to adjust our contents to that or to transmit different contents considering our users’ interests.

You regrettably cannot object separately to the measurement of success. If so, the newsletter subscription must be cancelled.

Hosting and sending e-mails

The hosting services used by us are intended to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, sending e-mails, security services as well as technical maintenance services we use for the purpose of operation of this on-line service.

In this respect we and/or our hosting provider process inventory data, contact data, content data, contract data, user data, meta data and communication data of customers, interested persons and visitors of this on-line service on the basis of our legitimate interests in an efficient and secure provision of this on-line service pursuant to Art. 6, para. 1 f, GDPR, in conjunction with Art. 28, GDPR (conclusion of order processing agreement).

Google AdWords and conversion measurement

Based on our legitimate interests (i.e. interest in analysis, optimization and efficient operation of our on-line service in terms of Art. 6, para. 1 f, GDPR) we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, („Google“).
Google is certified under the Privacy Shield Agreement thus ensuring compliance  with European data protection laws.
(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=A...).

We use the on-line marketing method called Google AdWords in order to place advertisements in the Google advertising network (e.g. in search results, videos, sites, etc.) so they can be shown to users who might be interested in the advertisements. This way we can show advertisements for and within our on-line service more specifically in order to present only those advertisements to users that might interest them. If, for example, a user is shown advertisements for products he / she was interested in on other sites, this is called remarketing.  For these purposes a code will be executed by Google and so-called (re)marketing tags (invisible graphics or code (also called web beacons) will be integrated into the site on which the Google advertising network is active. This way an individual cookie, i.e. a small file will be stored (instead of cookies similar technologies could be used as well). This file includes the sites a user visits, which content he/she is interested in and which services were clicked by a user, as well as technical information about the browser and the operating system, referrers, visiting period and additional information about the use of the on-line service.

We also get an individual conversion cookie. Information obtained by way of this cookie are used by Google to prepare conversion statistics for us. However, we only know the anonymous total number of users clicking our advertisement and that were referred to a site provided with a conversion tracking tag. However, we do not obtain any information that could be used to personally identify a user.

User data are pseudonymised within the Google advertising network, i.e. Google does not store and process e.g. a user’s name or e-mail address but processes relevant data in a cookie-related way on the basis of pseudonymised user profiles, i.e. in Google’s view advertisements are not administered and shown for an identifiable person but for the cookie holder irrespective of who is the site owner. This does not apply if a user has explicitly consented to Google to process the data without pseudonymization. The collected information about a user will be transmitted to Google and stored on Google servers located in the USA.

For further information about the use of data by Google, settings and objections see the privacy statement of Google (https://policies.google.com/technologies/ads) and the setting for insertion of advertisements by Google https://adssettings.google.com/authenticated).

Coverage measurement using Matomo

In the course of a coverage measurement by Matomo the following data are processed on the basis of our legitimate interest (e.g. interest in analysis, optimization and efficient operation of our on-line service in terms of Art. 6, para. 1 f, GDPR): browser type and version you are using, your operating system, your country of origin, date and time of server request, number of visits, how long you stayed on the site and the external links clicked by you. A user’s IP address is anonymized prior to storing it.

Matomo uses cookies that will be stored on a user’s computer and making it possible to analyze the user of our on-line service by a user. Based on the processed data pseudonymised user profiles could be derived. Cookies are stored for one week. Information about the use of this site generated by the cookie will only be stored on our server; they will not be disclosed to third parties.

Users may object at any time to the anonymized data collection by Matomo with an effect for the future, by clicking the link below. If so, a so-called opt out cookie will be placed in your browser which means that Matomo no longer collects any session data. If a user deletes his/her cookies this also means that the opt out cookie is deleted as well  and must be re-activated by a user.

Logs including user data will be deleted after 6 months at the latest.

[Please insert the IFRAME of Matomo including the opt out cookie (and enable IP anonymization in settings)].

Coverage measurement using LeadForensics

This site uses products and services by LeadForensics (Communication House, 26 York Street, London, W1U 6PZ Great Britain) for marketing and optimization purposes. LeadForensics establishes the actual course of your visit to this site including all pages you visited or looked at and the period of your visit. To the extent IP addresses are collected they will by anonymized after collection. On behalf of the site operator LeadForensics uses the information in order to analyse your visit to the site, to compile reports on site activities and to provide other services related to the use of the site and the Internet to the site operator.
For additional information about data protection see:
https://www.leadforensics.com/privacy-and-cookies/. To the extent personal data are processed in this respect this is based on our legitimate interests in a better design of our site. Legal basis for safeguarding legitimate interests: Art. 6, para. 1 f, GDPR.

On-line presences in social media

We operate on-line presences in social networks and platforms in order to communicate with customers, interested persons and users that are active there and to inform them about our services. When joining these networks and platforms the terms and conditions and the data processing regulations of the respective operators shall apply.

Unless otherwise stated in our privacy statement we process user data if they communicate with us within social networks and platforms (e.g. posting on our on-line presences and sending news).

Integration of third-party services and contents

Based on our legitimate interests (i.e. analysis, optimization and efficient operation of our on-line services in terms of Art. 6, para. 1 f, GDPR) we use third-party contents and services in order to integrate their contents and services such as videos or fonts (hereinafter referred to as “content”).

Prerequisite to such use is that third-parties providing such content use a user’s IP address as without such IP address they cannot send their content to his/her browser, i.e. the IP address is essential to present this content. We endeavour to use only such content the providers of which use the IP address solely for presentation of this content. Third-party providers may also use so-called pixel tags (invisible graphics (also called web beacons) for statistical and marketing purposes. These pixel tags are used to analyse information such as visitor traffic on the pages of this site. Furthermore, pseudonymised information can be included in cookies stored on a user’s device (such information may include, among others, browser and operating system, referrers, time of visit and additional information about the use of our on-line service and can be combined with information originating from other sources).

Vimeo

We may integrate videos provided by the platform Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA. Privacy statement:
https://vimeo.com/privacy. It is pointed out that Vimeo may use Google Analytics; reference is made to the privacy statement: https://www.google.com/policies/privacy. Opt out for Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de or the settings of Google for data use for marketing purposes: https://adssettings.google.com/.

YouTube

We integrate videos provided by the platform YouTube, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement:
https://www.google.com/policies/privacy
Opt out:
https://adssettings.google.com/authenticated).

MaxMind

This product includes GeoLite2 data created by MaxMind (country precision only), available from https://www.maxmind.com.

GoogleFonts

We integrate fonts (Google Fonts) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy statement:
https://www.google.com/policies/privacy
Opt out:
https://adssettings.google.com/authenticated).

GoogleMaps

We integrate the maps provided by Google Maps, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Processed data may include, in particular, IP address and location data of users. Such data cannot be collected without their consent (generally by way of mobile device settings). Data may be processed in the USA.
Privacy statement:
https://www.google.com/policies/privacy
Opt out:
https://adssettings.google.com/authenticated).

OpenStreetMap

We integrate the maps provided by OpenStreetMap (https://www.openstreetmap.de/) offered by OpenStreetMapFoundation (OSMF) on the basis of the Open Data Commons Open Database Licence (ODbL). Privacy statement: (https://wiki.openstreetmap.org/wiki/Privacy_Policy).

As far as we know OpenStreetMap solely uses user data for map functions und a temporary storage of selected settings. These data may include, in particular, IP addresses and location data of users. Such data cannot be collected without their consent (generally by way of mobile device settings). Data may be processed in the USA. For further information see OpenStreetMap privacy statement: (https://wiki.openstreetmap.org/wiki/Privacy_Policy).

Written by Lawyer Dr. Thomas Schwenke, using a data protection generator