Privacy policy
We take data protection seriously
Protecting your privacy when processing personal data is important to us. When you visit our website, our web servers automatically store the IP address of your Internet service provider, the website from which you visit us, the web pages you visit, and the date and duration of your visit. This information is essential for the technical transmission of the websites and secure server operation. This data is not evaluated for any specific purpose.
If you send us data via the contact form, this information will be stored on our servers for backup purposes. We will use your data exclusively to process your request. Your data will be treated with the strictest confidentiality. It will not be passed on to third parties.
Table of contents
1. Who is responsible for data processing and who can you contact?
5. Tools and services for analysis, statistics and marketing
5.2. Social Media and Communication
6.2. Economic analyses and market research
6.3. Payment service providers
6.4. Transport service providers
7. Online presence on social media
10. What data protection rights do I have?
11. Changes to this Privacy Policy
1. Who is responsible for data processing and who can you contact?
Responsible:
Hauck Retail GmbH
Frohnlacher Straße 8
96242 Sonnefeld
Germany
E-mail: shop@hauck.de
Tel: +49 89 904750622
The company data protection officer is
Mr. Christian Volkmer
Project 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-Mail: anfragen@projekt29.de
Phone: 0941-2986930
2. Personal data
Personal data is information about you. This includes your name, address, and email address. You do not have to disclose any personal information to visit our website. In some cases, we require your name and address, as well as other information, in order to provide you with the requested service.
The same applies if we provide you with informational material upon request or if we respond to your inquiries. In these cases, we will always inform you. Furthermore, we only store the data that you have provided to us automatically or voluntarily.
When you use one of our services, we generally only collect the data necessary to provide our service to you. We may ask you for additional information, but this is voluntary. Whenever we process personal data, we do so to provide our service to you or to pursue our commercial goals.
3. Visit the website
3.1. General use
When you visit our website, our web servers store the IP address of your Internet service provider, the website from which you visit us, the web pages you visit on our site, and the date and duration of your visit. Processing this information is absolutely necessary for the technical transmission of the websites, the convenient use of our services, and secure server operation. Our legitimate interest arises from Art. 6 (1 ) (f) GDPR.
It is not possible to directly identify you based on this information, and we will not do so. The information will be stored and automatically deleted once the aforementioned purposes have been fulfilled. The standard deletion periods depend on the criterion of necessity.
3.2. Automatically saved data
Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- web browser and operating system used
- full IP address of the requesting computer
- amount of data transferred
This data will not be merged with other data sources. Processing is carried out in accordance with Art. 6 (1 ) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, particularly to prevent attempted attacks on our web server, we store this data temporarily. It is not possible for us to identify individual people based on this data. After seven days at the latest, the data is anonymized by shortening the IP address at the domain level, making it impossible to establish a connection to the individual user. In anonymized form, the data is also processed for statistical purposes; it is not compared with other databases or shared with third parties, even in excerpts.
3.3. Contact us
When you contact us (e.g. via contact form, email, telephone or social media), the information provided by the person making the inquiry will be processed to the extent necessary to answer the contact inquiries and any requested measures.
Contact requests within the framework of contractual or pre-contractual relationships are answered to fulfill our contractual obligations or to answer (pre-)contractual requests and, moreover, on the basis of our legitimate interests in answering the requests.
- Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
- Data subjects: communication partners.
- Purposes of processing: contact requests and communication.
- Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1 ) (b) GDPR), legitimate interests (Art. 6 (1 ) (f) GDPR).
3.4. Cookies
When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string that allows websites and servers to associate the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.
By using session cookies, the controller can provide users of this website with a user-friendly service that would not be possible without the setting of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest pursuant to Art. 6 (1 ) (f) GDPR.
We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily consent to tracking or analysis via the cookie banner displayed. Your data may be shared with partners or third-party providers. These cookies will only be stored if you explicitly consent; the legal basis is your consent in accordance with Art. 6 (1) (a) GDPR.
You can change your cookie settings at any time here:
4. Service optimization
4.1. Platform
Shopify
We host our website at Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ( hereinafter “ Shopify” ).
Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address, as well as information about the device you are using and your browser. Shopify also analyzes visitor numbers, visitor sources, and customer behavior, as well as compiles user statistics. When you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment details, and other
Data related to the purchase (e.g., phone number, amount of sales, etc.). Shopify stores cookies in your browser for analytics purposes.
For details, see Shopify’s privacy policy:
https://www.shopify.de/legal/datenschutz .
Shopify is used on the basis of Art. 6 (1 ) (f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) ( a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
We have concluded a data processing agreement ( DPA) pursuant to Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
5. Tools and services for analysis, statistics and marketing
5.1. Analysis and statistics
Google Tag Manager
We use Google Tag Manager. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that helps us to implement tracking or statistical tools and other
technologies on our website. The Google Tag Manager itself does not create any
It creates user profiles, does not store cookies, and does not perform any independent analyses. It is used solely to manage and display the tools integrated through it. However, Google Tag Manager records your IP address, which may also be transferred to Google's parent company in the United States .
The use of Google Tag Manager is based on Art. 6 (1 ) (f) GDPR.
Google Analytics (4)
This website uses features of the web analysis service Google Analytics. Provider is Google Ireland Limited (“ Google” ), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables website operators to analyze the behavior of website visitors. This provides the website operator with various usage data, such as page views, length of stay, operating systems used, and user origin. This data is summarized in a user ID and assigned to the respective device of the website visitor.
Furthermore, Google Analytics allows us to record your mouse and scroll movements, clicks, and more. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and employs machine learning technologies in data analysis.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Art. 6 (1) ( a) GDPR and Section 25 (1) TDDDG. This consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/ .
5.2. Social media and communication
Facebook & Instagram Pixel
This website uses Facebook's visitor action pixel to measure conversions. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries .
This allows the behavior of site visitors to be tracked after they have clicked on a
Facebook ad to the provider’s website. This allows the
Effectiveness of Facebook ads evaluated for statistical and market research purposes
and future advertising measures can be optimized.
The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, allowing a connection to the respective user profile and allowing Facebook to use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy . This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. We as the website operator cannot influence this use of the data.
The use of this service is based on your consent in accordance with Art. 6 (1 ) ( a) GDPR and Art. 25 (1) TDDDG. This consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses.
In addition, Facebook is subject to the Data Privacy Framework Program certified .
https://www.facebook.com/legal/EU_data_transfer_addendum and
https://de-de.facebook.com/help/566994660333381 .
Facebook is also certified according to the Data Privacy Framework.
Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and the Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. Any processing by Facebook that occurs after the transfer is not part of this joint responsibility. Our joint obligations have been set out in a joint processing agreement . The wording of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum . According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in compliance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert your data subject rights (e.g., requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obligated to forward them to Facebook.
You can find further information on protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/ .
You can also use the remarketing feature “Custom Audiences” in the settings area for
advertisements https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen to deactivate. You must log in to Facebook.
6. Customer account
Contractual partners can create an account within our online offering (e.g., a customer or user account, referred to as "customer account"). If registration of a customer account is required, contractual partners will be informed of this, as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, as well as subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to verify registration and prevent any misuse of the customer account.
Once customers have canceled their customer account, the data relating to the customer account will be deleted, unless retention is required for legal reasons. It is the customer's responsibility to back up their data after the customer account has been canceled. The legal basis for data processing is therefore Art. 6 (1 ) (b) GDPR.
6.1. Shop and e-commerce
We process our customers' data to enable them to select, purchase, or order the selected products, goods, and related services, as well as to pay for and deliver them or execute them. If necessary to execute an order, we use service providers, in particular postal, forwarding, and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such within the order or similar purchase process and includes the information needed for delivery, provision, and billing, as well as contact information for any follow-up questions.
- Types of data processed : Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject of the contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
-
Data subjects : interested parties, business and contractual partners, customers.
-
Purposes of processing : Provision of contractual services and customer service, contact requests and communication, office and organizational procedures, administration and response to requests, security measures, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creation of user profiles).
- Legal basis : Contractual fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
6.2. Economic analyses and market research
For business reasons and in order to be able to identify market trends and the wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc., whereby the group of data subjects may include contractual partners, interested parties, customers, visitors and users of our online offering.
The analyses are carried out for the purposes of business evaluations, marketing, and market research (e.g., to identify customer groups with different characteristics). In doing so, we may, where available, consider the profiles of registered users, including their information , e.g., on services used. The analyses serve us solely and are not disclosed externally, unless they are anonymous analyses with summarized, i.e., anonymized values. Furthermore, we respect user privacy and process the data for analysis purposes pseudonymously wherever possible and, where feasible, anonymously (e.g., as summarized data).
6.3. Payment service providers
Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and, in addition to banks and credit institutions, we use other payment service providers (collectively "payment service providers").
The data processed by the payment service providers includes inventory data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, amount and recipient-related information. This information is required to carry out the transactions. However, the data entered is only processed and stored by the payment service providers. This means that we do not receive any account- or credit card-related information, but only information confirming or rejecting the payment. Under certain circumstances, the payment service providers will transmit the data to credit agencies. This transmission is for the purpose of identity and credit checks. For more information, please refer to the terms and conditions and the privacy policy of the payment service providers.
Payment transactions are subject to the terms and conditions and privacy policy of the respective payment service providers, which are available on the respective websites or transaction applications. We also refer to these for further information and to assert your rights of withdrawal, information, and other data subjects.
6.4. Transport service providers
For the purpose of delivering ordered goods, we work with logistics service providers/transport companies and/or shipping partners to whom the following data is transmitted for the purpose of delivering the ordered goods or for the purpose of notifying the shipment: first name, last name, postal address, and, if applicable, the email address and telephone number. The legal basis for processing is Art. 6 (1) (b) GDPR.
7. Online presence on social media
have given your consent to this in accordance with Art. 6 ( 1 ) ( a ) GDPR to the respective social media operator, when you visit our online presence on our social media channels your data will be automatically collected and stored for market research and advertising purposes, from which user profiles will be created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. Detailed information on the processing and use of data by the respective social media operator as well as a contact option and your related rights and setting options to protect your privacy can be found in the respective data protection notices linked to the providers' websites. If you still need help in this regard, you can contact us.
8. Security
We have taken technical and administrative security measures to protect your personal data against loss, destruction , manipulation, and unauthorized access . All our employees and service providers working for us are subject to applicable data protection laws.
Whenever we collect and process personal data , it is encrypted before transmission. This means that your data cannot be misused by third parties . Our security measures are subject to continuous improvement, and our privacy policy is constantly being revised . Please ensure you have the most up-to-date version.
9. Who receives my data?
Personal data is regularly processed by us as the responsible party. However, processing by transferring or disclosing personal data to third parties may be necessary in the course of carrying out our activities, in particular if one of the following reasons applies based on the stated legal basis:
- It is necessary to fulfil a contract with the data subject or to carry out pre-contractual measures at his request (Art. 6 (1 ) (b) GDPR).
- The transfer is necessary to assert, exercise or defend legal claims and there is no reason to assume that the data subject has an overriding legitimate interest in not having his or her data transferred (Art. 6 (1 ) (f) GDPR).
- There is a legal obligation to pass on the data (Art. 6 para. 1 lit. c GDPR).
- We have a valid consent (Art. 6 para. 1 lit. a GDPR).
Categories of recipients within the scope of our activities and activities may include, in particular:
- Postal, telecommunications and transport service providers
- Payment and financial service providers
- Sales and business partners and other persons and companies involved in the provision of services
- Authorities, courts, defendants, other parties involved
Furthermore, we will indicate in the individual processing operations if further recipients are considered.
Order processing by service providers
To carry out our activities, we also use service providers bound by instructions as contract processors in accordance with Art. 28 GDPR, who are also considered recipients of the data within the meaning of data protection. A contract for contract processing ensures, in particular, that the processing is carried out in accordance with our instructions, that sufficient guarantees for compliance with appropriate technical and organizational measures are in place, and that the rights of the data subjects are guaranteed.
In general, we use service providers for the following processing purposes:
- Hosting of our online offerings/websites with providers (infrastructure and platform services, computing capacity, storage space and database services).
- Care, maintenance and upkeep of the online offerings/websites.
- Implementation, maintenance, servicing and repair of IT systems.
- Document and information management.
- Communication, contact and conference systems (email, contacts, appointments, messenger, video conferencing, etc.).
- File and data storage destruction
How long will my data be stored?
We generally store personal data as long as it is necessary for the purposes of the corresponding processing, as long as statutory or regulatory retention periods exist, or as long as we have a legitimate interest in storing it or the data subject has given their consent.
We store certain data according to the following rules for the specified period and delete or destroy it after the specified storage period:
- If the processing is based on your consent, we will delete the data concerned after your revocation
- If none of the following retention periods apply, we will delete the data after the purpose of processing has expired
- 3 years: Data and content relating to legal transactions (including their preparation) to the extent necessary for the provision of information and defense, as well as for the assertion or defense of claims. This also includes data relating to marketing and customer service, unless they also fall under a category for a longer storage period.
- 6 years: received and sent commercial letters (Section 257 (1) Nos. 2 and 3, (4) HGB)
- 10 years: Documents relevant for taxation, accounting records, commercial books (§§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB).
- 30 years: Data that is stored due to special circumstances in the interest of the data subject or a third party, as corresponding limitation periods or special retention periods exist (e.g. enforcement orders, special limitation periods).
10. What data protection rights do I have?
You have the right to information, correction, deletion or restriction of the processing of your stored data at any time, the right to object to the processing as well as the right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right to information:
You can request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure:
You can request that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons that prevent immediate deletion, e.g., in the case of statutory retention periods.
Regardless of whether you exercise your right to erasure, we will delete your data immediately and completely, unless there is a contractual or statutory obligation to retain it.
Right to restriction of processing:
You can request that we restrict the processing of your data if
- You contest the accuracy of the data for a period enabling us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to delete it and instead request a restriction of data use,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- You have objected to the processing of your data.
Right to data portability:
You can request that we provide you with the data you have provided to us in a structured, common and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that
- we process this data on the basis of your consent, which can be revoked, or to fulfil a contract between us, and
- this processing is carried out using automated procedures.
If technically feasible, you can request that we transmit your data directly to another controller.
Right of objection:
If we process your data based on legitimate interests, you can object to this data processing at any time; this would also apply to profiling based on these provisions . We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves to assert, exercise, or defend legal claims. You can object to the processing of your data for direct marketing purposes at any time without giving reasons.
Right to complain:
If you believe that we are violating German or European data protection law in the processing of your data, please contact us so that we can clarify any questions. You also have the right to contact the supervisory authority responsible for you, the relevant state data protection authority.
If you wish to exercise any of the aforementioned rights, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity.
Am I obliged to provide data?
The processing of your data is necessary to conclude or fulfill the contract you have entered into with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and will therefore have to terminate it. However, you are not obligated to consent to data processing that is not relevant for the fulfillment of the contract or is not required by law.
11. Changes to this privacy policy
We reserve the right to change our privacy policy if necessary due to new technologies. Please ensure you have the most recent version. If we make material changes to this privacy policy , we will post them on our website.
Only the German version of this privacy policy is legally valid.