Privacy Policy: Disclosure statement on the collection of data
European Regulation 2016/679 (hereinafter, "GDPR")
Hu-Friedy Mfg. Co., LLC, Zweigniederlassung Deutschland with registered office at Ziegeleiweg, 1 D-78532, Tuttlingen-Möhringen Germany, as controller of the processing (and together with its affiliates, hereinafter, the “Controller”, “we”, or “us”) informs you pursuant to Article 13 EU Regulation No. 2016/679 (hereinafter, “GDPR”) that your data will be processed with the following procedures and methods and for the following purposes. This Privacy Policy applies to your use of our website located at https://www.hufriedy.eu/ and its associated webpages (the “Website”), and any other means by which we may collect data about you, including information you may provide to us other than on the Website. We encourage you to become familiar with this Privacy Policy. This Privacy Policy may be supplemented by additional privacy statements, terms or notices during our interactions with you.
By checking the appropriate boxes and clicking “I Accept”, you agree that you have read and understand this Privacy Policy and that you accept and consent to the privacy practices (including the uses, disclosures, processing and transfers to third countries or international organisations outside of the European Economic Area of information about you by us) that are described in this Privacy Policy. Kindly note that any consent you provide will be entirely voluntary.
HOWEVER, IF YOU DO NOT ACCEPT THIS PRIVACY POLICY, THEN YOU SHOULD NOT USE, AND ARE NOT AUTHORIZED TO USE, THE WEBSITE.
Subject matter of the processing
The Controller processes the personal, identifying, and non-sensitive data (including but not limited to, contact details, such as name, surname, company name, tax identification number, VAT number, e-mail, mailing address, telephone number, account registration and profile information, such as date of birth, and gender – hereinafter, the “personal data” or also the “data”) that you have provided or otherwise communicated to us, whether upon the request for information about the products or services offered by the Controller, through the compilation of the contact form on our Website, through events and registration forms, event related apps or through any other means.
In addition, the servers used to host and operate the Website may automatically collect certain data pertaining to your activities on our Website through the use of “cookies” and other similar technologies (“Automatically Collected Information”). Unless otherwise described in this Privacy Policy, such data will be used solely for our business purposes. Automatically Collected Information includes device and browsing information, including information about your phone, tablet, computer, or other device, and online browsing activity such as IP addresses, unique device identifiers, cookie identifiers, device and browser settings and information, and Internet service provider information. Automatically Collected Information also may include information about when and how you access and use our Website, such as the date and time of your visit or use, the websites you visit before coming and after leaving our Website, and how you navigate, and what you search for using, our Website.
Our Website may send one or more “cookies” to your computer to improve the utility of the Website by tracking user trends. These cookies are placed on your computer when your web browser accesses the Website. The cookies provide us with information that helps us understand things such as how you navigate to and around websites, Website browsing and content accessing. Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Please review our Cookie Policy for further information.
Purposes
The data are to be processed for purposes related to the performance of the following formalities, in relation to legislative or contractual obligations and for other purposes:
- Provision of products and services, and maintenance, processing, and servicing of accounts and orders (“Service Purposes”);
- Web Shop order information;
- Marketing and advertising of the Controller’s products and services (“Marketing Purposes”);
- Mandatory legal compliance formalities regarding taxation and accounting;
- Management of customers and suppliers;
- Planning of activity;
- Historical records on customer and supplier invoicing;
- Post-sale assistance;
- Management of disputes;
- Credit recovery activities;
- Quality management;
- Measurement of customer satisfaction;
- Communication of new services and/or products offered by the Controller.
The processing of the data for the fulfilment of such obligations is necessary for proper management of the relationship, and the submission of the data is mandatory for achieving the purposes indicated above. Any non-communication or erroneous communication of one of the mandatory data elements may entail the Controller’s impossibility to ensure the consistency of the processing.
Processing: procedures and methods
The processing of your personal data is done in accordance with the GDPR and may consist of the following activities:
- the collection, recording, organization, storage, consultation, electronic processing, modification, selection, retrieval, alignment, usage, combination, blocking, communication, erasure, and destruction of the data.
Your personal data are subject to paper and electronic processing. The Controller will process and store the personal data only for the time necessary for fulfilling the purposes set forth above, and in any event, for no more than 10 years from the termination of the relationship for Service Purposes. All processing will be done in compliance with the procedures and methods set forth in the GDPR, and through the adoption of the appropriate security measures contemplated.
The data will be processed only by personnel expressly authorized by the Controller and by external parties expressly commissioned by the Controller of the processing. The personal data are processed with automated means strictly for the time needed to achieve the purposes for which the data have been collected. Specific security measures are maintained to prevent the loss of the data, illegal or improper uses of the data, and unauthorized access to the data.
Access to the data
For the purposes set forth in the section entitled “Purposes”, the data may be made accessible:
- to the Controller’s employees and consultants, in their role as persons in charge and/or internal processors and/or system administrators;
- to the Controller’s partners or suppliers (for example, for activities relating to the technical management of the services, for the storage of the personal data, etc.) or third parties (for example, providers for web-site management and maintenance, suppliers, credit institutions, professional firms, etc.) that carry out activities under outsourcing arrangements for the account of the Controller, as external processors.
Communication to third parties
The data will be communicated only to parties responsible for the execution of services necessary for the proper management of the relationship or for the purposes set forth in this Privacy Policy, with a guarantee of the protection of the rights of the Data Subject. Such third parties may include, but are not limited to:
- Consulting firms, regarding accounting, administrative, tax matters;
- Nominated dealer, with your consent, to process you order through the Web Shop;
- Companies managing information technology (IT) systems;
- Consultants and freelance professionals, including in the form of partnerships;
- Banks and credit institutions;
- Other public and/or private parties with your consent, or for whom communication of the data is mandatory or necessary for compliance with the law, to establish or exercise our legal rights (including to assert and defend against legal claims, or if we believe such communication or disclosure is necessary to investigate, prevent, or take other action regarding actual or suspected illegal or fraudulent activities or potential threats to the safety or well-being of any person), in the event that the Controller is sold, merged, or otherwise transferred to another entity, or is nonetheless functional to the administration of the relationship.
Data transfer
The personal data will be managed and stored on servers located in the European Union operated by the Controller and/or third-parties commissioned and duly appointed as Processors.
The servers are currently located in Germany.
The data will not be transferred outside of the European Union.
In addition, it remains understood that, if deemed necessary, the Controller shall also have the option of moving the location of the servers in Italy and/or in the EEA and/or in non-EEA countries. In any such case, the Controller hereby ensures that the transfer of the data to a location outside of the European Union will be done in accordance with the provisions of applicable laws, signing, if necessary, agreements that will ensure a level of adequate protection and/or adopting the standard contractual clauses provided by the European Commission.
Data supplied by the user
The optional, explicit, and voluntary sending of electronic mail to the address indicated on this Website entails the subsequent acquisition of the sender’s address necessary for responding to requests, as well as any other personal data included in the electronic mail message. Specific summary information will be regularly reported or displayed on the pages of the site prepared for particular services on request.
Optional nature of the conferral of the data
The user has the option of providing the personal data required for sending informational material, except as necessary for navigation. However, the user’s failure to provide the data may make it impossible for the user to obtain what has been requested.
Rights of the Data Subject
As the Data Subject, you have certain rights under the GDPR, and precisely, the right:
- to obtain the confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and the communication of the data in an intelligible form;
- to obtain the indication of:
- a) the origin of the personal data;
- b) the purposes and means of the processing;
- c) the logic applied in the event of processing effected with the aid of electronic means;
- d) the data identifying the controller, the processors and the designated representative;
- e)the persons or the categories of persons to whom the personal data may be communicated or who may obtain knowledge of the personal data in their role as the designated representative in the State territory, the processors or persons in charge;
- to obtain:
- a) the updating, the rectification or, if applicable, the supplementation of the data;
- b) the cancellation, the transformation into anonymous form, or the blocking of the data processed in violation of law, including those data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed;
- c) the certification that the procedures referenced in letters a) and b) have been made known, including with regard to their content, to the persons to whom the data have been communicated or distributed, except in the case in which such compliance proves to be impossible or entails a manifestly disproportionate use of resources with respect to the protected right;
- to object, in whole or in part:
- a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose for which the data were collected;
- b) to the processing of your personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator, by email and / or through traditional marketing methods by telephone and / or paper mail.
It should be noted that the Data Subject’s right to object, as set out in the preceding point b), to the purpose of direct marketing through automated methods extends to traditional methods, and that, in any case, the possibility remains for the Data Subject to exercise the right to object even only partially; therefore, the Data Subject can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.
Where applicable, the Data Subject may also have the right to rectification, right to erasure, right of restriction of processing, right to data portability, and right to object to processing. To exercise any of your rights in this paragraph, please write to us or send us an email using the contact information below. Please remember that if you delete or limit the use of your personal data, you may not be able to use the services provided through the Website.
Minors
The Controller’s sites and services are not targeted to persons under the age of 18, and the Controller does not intentionally collect personal information referring to minors. Should information on minors be involuntarily registered, the Controller shall promptly cancel such information at the request of the users.
Modifications
We may make changes to this Privacy Policy, and may apply any changes to information previously collected, as permitted by law. When we make material changes to this Privacy Policy, we will notify you by posting the updated Privacy Policy on our Website or by other means, and we will update the effective date at the top of this Privacy Policy. By continuing to use our Website after being notified of material changes to this Privacy Policy, you agree that the terms of this Privacy Policy as of the effective date will apply to information previously collected or collected in the future, as permitted by law.
Questions and Contact Information
For any questions, or to request further information regarding this Privacy Policy, or to exercise any Data Subject rights at any time, please contact us using the contact information below:
Via e-mail, at the following address: dpo@hu-friedy.com
Via return-receipt, registered letter, at the following address:
Hu-Friedy Mfg. Co., LLC
European Headquarters | Lyoner Straße 9 | 60528 Frankfurt/Main
If your inquiry with the Controller has not been satisfactorily addressed, or if you believe we are processing your personal data not in accordance with the law or this Privacy Policy, you may file a complaint with the German Data Protection Authority, the Hessian Commissioner for Data Protection and Freedom of Information, by using the contact details below:
The Hessian Commissioner for Data Protection and Freedom of Information
PO Box 3163
65021 Wiesbaden
postelle@datenschutz.hessen.de
Telephone: +49 611 1408 - 0
Fax: +49 611 1408 – 900
Last updated: 27 February 2019