Data Protection Statement
IMPORTANT! PLEASE NOTE: You agree to the German Data Protection Statement which has been translated to English for your convenience only. The German Data Protection Statement is binding.
We take the protection of your personal information very seriously and adhere strictly to the rules of data protection laws. Personal data is collected on this website for technical purposes only. The data will never be sold or transferred to third parties. The following statement gives an overview of how we guarantee this protection and what kind of data is collected for what purpose.
1. Information about the collection of personal data and provider identification
(1) We are glad that you are visiting our website www.hkp.com and that you have shown an interest in our company and its range of services. The protection of personal data is very important to us. All web activity undertaken by hkp Deutschland GmbH is carried out in accordance with the applicable legislation governing the protection of personal data and data security, in particular the GDPR (EU General Data Protection Regulation). This data protection notice tells you about how the information that is collected during your visit to our website is handled. Personal data is any information that relates to you, such as name, postal address, e-mail addresses or user behaviour. For the sake of simplicity, the pronouns “he”, “him” and “his” are used below to refer to both male and female users.
(2) Details of the service provider and controller in the sense of data protection law are listed under the company details and contact details in our legal notice. Our address is also the contact address of the data protection officer appointed by us.
2. The collection of personal data for informational use
(1) Personal data is information that makes a person identifiable, which includes data such as his name and e-mail address but also data about his online behaviour. If you are just using the website for informational purposes, i.e. if you do not register to use the website or provide us with any other information, we do not collect any personal data except the data transmitted by your browser in order to facilitate your viewing of the website (these are often called log files, legal basis is Art. 6 (1) 1 f) GDPR. Log files are technically required by us so that it is possible for the website you have requested be sent to your computer and displayed to you. They are deleted within 7 days after accessing the website. The following are classified as log files:
(2) The log files are used for statistical analysis and for making improvements to the website (legal basis is Art. 6 (1) 1 f) GDPR. This allows us to recognise any errors such as broken links. In connection with your use of the website, data recorded includes the IP address of the computer you are using. Under some circumstances, it may be possible to identify website users via the IP address. However, we will not undertake analysis of IP addresses collected as described in paragraph (1) for such a purpose. The analysis of IP addresses is undertaken on a purely statistical basis, using anonymised data.
3. Use of our website’s functions
(1) Alongside the purely informational use of our website, we offer a range of services that you may use if you wish. To do so, you will generally need to provide additional personal data that we use in order to supply the relevant service. Any additional fields that are not compulsory are marked accordingly.
(2) Personal data shall only be collected if you provide us with it, by filling out contact forms or sending e-mails, during the course of placing an order for products or services, by submitting a query, or by requesting material. We then collect the information that has resulted from establishing contact. In particular, this information includes names and any contact details provided, the date and the reason for contacting us. We will only use the personal data we collect about you in order to supply you with the products or services you have requested (legal basis is Art. 6 (1) 1 b) GDPR), or for other purposes for which you have given your permission (legal basis is Art. 6 (1) 1 a) GDPR), and which are described in this data protection statement. Your consent, for example for setting cookies by third party providers or for web tracking by these providers, can also be given in the appropriate technical settings of your browser.
(3) When contact is established, your details, which are required for the processing of your query and for the purpose of any potential follow-up questions, will be saved for the duration of the statutory retention period (legal basis is Art. 6 (1) 1 c) GDPR and will then be erased in accordance with Point 4 (1) of this data protection statement.
4. Use of our services that are subject to a charge; Passing on data
(1) When you use our services that are subject to a charge and wish to place an order for something, it is necessary for you to provide your personal data to conclude the contract which are required to process your order. Fields that are compulsory for the execution of contracts are marked accordingly; additional fields are voluntary. The data you provide is used by us to process your order (legal basis is Art. 6 (1) 1 b) GDPR). The address, payment and order data are stored after the processing of the contract for the duration of the statutory retention obligations in particular under tax and commercial law (legal basis is Art. 6 (1) 1 c) GDPR) and are then erased, provided you have not consented to further storage or the further processing of the data is required for asserting, exercising or defending legal claims or promotional contact (see also Point 5 (1) of this data protection statement). We check the latter at the end of each third calendar year beginning with the calendar year following the initial storage.
(2). You have the option of whether you provide your data required for the order only once for this order or whether you would like to create a customer account in which your data will be stored for subsequent orders (legal basis is Art. 6 (1) 1 b) GDPR). When creating an account, the data provided by you will be revocably stored.
(3) In order to process your order, we will provide your data to our main bank and to logistics service providers and payment service providers selected by you (legal basis is Art. 6 (1) 1 b) GDPR). Our service providers are only permitted to process or use your data for the purpose for which it was necessary to transmit it to them. You may access the data at any time. Insofar as data is passed on to external service providers, we have put technical and organisational measures into place to ensure that data protection regulations are observed. We may also pass on your details for debt collection purposes (legal basis is Art. 6 (1) 1 f) GDPR).
(4) In order to prevent third parties from gaining unauthorised access to your personal data, in particular financial data, the ordering process is encrypted using SSL technology.
(5). Where we are rendering services in advance, for instance if a customer is paying in instalments or buying on account, we may use a service provider to verify the identity and creditworthiness of the customer e.g. a credit agency (legal basis is Art. 6 (1) 1 f) GDPR. Furthermore, we do not exclude the possibility of using anonymised usage data for the purposes of market research.
(6) We advise you that, in individual cases and by order of the appropriate authorities, we are entitled to provide information about data, insofar is this is required for public prosecution purposes, to enable the police forces of the German federal states to prevent crimes, to fulfil the statutory tasks of the constitution protection authorities of the German federal government, the German federal states, the Federal Intelligence Services or Military Intelligence, or to enforce intellectual property rights (legal basis is Art. 6 (1) 1 c) GDPR).
5. Advertising to our customers; Newsletter
(1) After the sale of a product or service, we reserve the right to send you advertising material via the e-mail address provided to us about our services in the area of “consulting with a focus on performance management, talent management and remuneration”. The same applies to the use of your address details for sending advertising by post about our own offers as well as recommendations of third-party products and services. The legal basis is Art. 6 (1) 1 f) and Recital 47 GDPR. It is possible to informally object to this advertising at any time (see Point 6 (1) of this statement.
(2) For subscriptions to our Newsletter, we use a double opt-in process, regardless of any order placed as described in paragraph (1). This means that after you have subscribed, we send a confirmation e-mail to that address, requesting confirmation from you that you wish to receive the Newsletter. If you do not confirm within 24 hours, your information will be locked and automatically deleted after one month. If you confirm that you wish to receive the Newsletter, we will save your e-mail address until such a time as you unsubscribe from the Newsletter. The data is only saved to enable us to send you the Newsletter (legal basis is Art. 6 (1) 1 a) GDPR). Furthermore, we save the IP addresses used and the times at which the registration and confirmation took place, in order to prove that you subscribed and, if necessary, to resolve any misuse of your personal data (legal basis is Art. 6 (1) 1 a) and c), Art. 7 (1) GDPR. This data will be erased provided there is no check at the end of the third calendar year, beginning with the calendar year following the initial storage, requiring a longer storage period.
(3) The only field that must be filled out in order to receive the Newsletter is an e-mail address. The provision of additional, accordingly marked information is voluntary and such data is used to personally address you. This data is also deleted in full when the storage duration determined in paragraph (2) has lapsed.
(4) You may revoke your consent to the sending of the Newsletter at any time and unsubscribe from the newsletter. It is possible to do this by clicking on the link that is provided in every Newsletter or by expressing this wish in a message sent to the contact details listed in our site’s legal notice.
6. Right to object
(1) You can, at any time and with effect for the future, lodge an objection to the processing of your personal data for advertising purposes (legal basis is Art. 6 (1) 1 f) and Recital 47 GDPR. The same applies for an evaluation of certain features related thereto such as a data analysis. An objection to advertising can be provided informally, it can be carried out for example via a link in the newsletter or directly with us using the contact details mentioned in the legal notice.
(2) In addition, there is a right to object for reasons arising from your particular situation, to processing for other purposes which takes place based on a balancing of interests (Art. 6 (1) 1 f) GDPR). This may be the case when the processing is not required in particular to fulfil a contract with you. When exercising such an objection, we ask for an explanation of the reasons why we should not process your personal data as carried out by us. In the event your objection is justified, we will investigate the matter and will either adjust or adapt the data processing or point out our overriding protection-worthy reasons based on which we will continue the processing.
7. Data security
(1) We take measures in accordance with the state of the art to protect your data from loss, destruction, falsification, manipulation and unauthorised access. Where we have collected and recorded your data, it is saved on highly secure servers. Technical and organisational measures are in place to ensure that these servers are protected from loss, destruction, access, manipulation and from the unauthorised transmission of your data. Your data can only be accessed by a few authorised people. These people are responsible for the technical, commercial or editorial maintenance of the servers. All our staff are bound to observe confidentiality.
(2) We have contracted the technical operation (hosting) of the website to a service provider. This service provider manages the data processing on our behalf. The collection, processing and use of your data performed by the service provider is entirely subject to our instructions. The statements in this data protection statement also apply to this service provider in the same way.
(3) Transient cookies (legal basis is Art. 6 (1) 1 f) GDPR) are automatically deleted when you close the browser window. In particular, this includes session cookies. Session cookies save what is called a session ID, which is used to identify the various requests that your browser makes during a joint session. This allows your browser to be recognised when you return to the website. Session cookies are deleted when you log out or close the browser window.
(4) Persistent cookies are only used in connection with the web analytics services we use (legal basis is Art. 6 (1) 1 f) GDPR) and they are only used for as long as is required by that purpose; their lifetime is limited to a maximum of two years. You may delete the cookies from your computer’s hard drive at any time by using your browser’s data protection functions. This could result in the functions of the service being limited and it could become less user-friendly.
9. Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. 1600 Amphitheater Parkway, Mountainview, California 94043, USA (“Google”). Google Analytics uses what are called “cookies”, text files saved on your computer, which facilitate an analysis of your use of the website. The information generated by the cookie about your use of the website (including your IP address) is typically transmitted to and saved by Google on servers in the USA. Where IP anonymization is activated on this website, your IP address will first be truncated by Google within Member States of the European Union or in other countries that are contracting parties to the Agreement on the European Economic Area. The complete IP address shall only be transmitted to a Google server in the USA and truncated there in exceptional cases. Under the authority of the website operator, Google shall use this information to evaluate your use of the website, compile reports on website activity and to provide the website operator with additional services relating to website and Internet usage. Google may also transmit this information to third parties, insofar as this is prescribed by law or if third parties process this data on Google’s behalf.
(2) The IP address transmitted by your browser via Google Analytics will not be merged with other data by Google.
(3) Cookies are only saved based on a corresponding setting in your internet access software. You may prevent cookies from being saved by amending the corresponding setting in your browser software; we advise you, however, that in this case you may not be able to use the full functionality of the website.
(4) Furthermore, to prevent Google from collecting and processing the data generated by the cookie relating to your use of the website (including your IP address), you can download and install the browser plugin provided by Google and available through the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
(5) This website uses Google Analytics with the “_anonymizeIp” feature. This truncates IP addresses before they are further processed, which eliminates the possibility of direct personal identification. If a personal reference is attributed to the data collect on you, it will be immediately excluded and the personal data will thus be swiftly deleted.
(6) We use Google Analytics in order to analyse the usage of our website and regularly improve it. We can improve our service using the statistics obtained and make it more interesting for you as the user. For exceptional cases where personal data is transmitted to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Legal basis for the usage of Google Analytics is Art. 6 (1) 1 f) GDPR.
10. Use of social media plugins
(2) When you activate a plugin, the plugin provider is notified that you have requested the relevant sub-page of our website. In addition to this, the log files that are collected during the use of the website for informational purposes will also be transmitted. This takes place regardless of whether you have and/or are logged into an account with this plugin provider. If you are logged into an account with the plugin provider, this data is directly associated with your account. If you use the activated button, for example, to share a link to the page, the plugin provider also saves this information in your user account and publicly shares it with your contacts. If you do not wish for the information to be associated to your account with the plugin provider, you must log out before activating the sharing button.
(3) The plugin provider saves this data as a user profile and uses the data for the purposes of advertising, market research and/or the demand-oriented design of its website. In particular, this kind of analysis is undertaken in order to display targeted advertising (this includes users who are not logged in) and to inform other users of the social networks about your activities on our website. You have the right to object to the collation of a user profile. To assert this right, you must contact the relevant plugin provider. Using the plugin, we allow you to interact with other social networks and other users so that we can improve our service and make it more interesting for you as a user. The legal basis for the usage of plugins is Art. 6 (1) 1 f) GDPR.
(4) The provision of data is carried out regardless of whether you have and/or are logged into an account with this plugin provider. If you are logged into an account with the plugin provider, your data collected by us is associated directly with your account with the plugin provider. If you use the activated button, for example, to share a link to the page, the plugin provider also saves this information in your user account and publicly shares it with your contacts. We recommend that you regularly log out after using a social network, in particular before activating the button since you can then prevent your profile being associated by the plugin provider.
(5) You can find more information (in German) about Shariff here: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html. You can find more information about the purpose and scope of the data collected and processed by the plugin provider in the following data protection statements published by these providers. These statements contain further information about your rights in relation to this matter and ways of configuring settings to protect your privacy.
(6) Addresses of the relevant providers and URLs pointing to their data protection policies:
11. Further information according to GDPR
(2) hkp Deutschland GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany is the controller for processing your personal date. You can find further contact details in our website’s legal notice.
(3) We also transmit data to recipients in Switzerland (Section 1 (6) 1 Federal Data Protection Act [BDSG]) and to recipients in other third-party countries, provided there is an adequacy decision of the EU Commission. Otherwise, there is no intention to transmit your data to a recipient in a third-party country (not a Member State of the EU or EEA) or an international organisation. We refer to Point 9 and 10 of this data protection statement concerning the possibility of your data being accessed by third-party providers in the USA.
(4) You may request access from us to the stored data and you have the right to rectification of inaccurate data, to restriction of the processing and a right to erasure, insofar as there is no retention obligation opposing this. A right to erasure is not given if further processing is required for asserting, exercising or defending legal claims such as complying with an objection to advertising. With respect to the personal data affecting you, which you provided to us, for example in an input mask or a contact form, based on consent or to perform a contract existing between us, you have a right to data portability in a structured, conventional and machine-readable format.
(5) Insofar as the processing of your data is based on consent (legal basis is Art. 6 (1) 1 a) GDPR, you have the right to revoke the consent at any time without the legality of the processing carried out based on the consent up to the time of revocation being affected. Legal permissions remain unaffected by revocation of consent.
(6) We have appointed a data protection officer. The contact address is: Mr. Jörg Müller, hkp Deutschland GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany, firstname.lastname@example.org.
(7) You have a right to lodge a complaint with a data protection supervisory authority, for example with the Hesse Data Protection Officer, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany, who is responsible for us.
12. Changes to the data protection statement
Where necessary, we will update this statement in keeping with the content of the website as well as more generally to reflect legislative changes.
Updated: May 2018