Mail: info@havener.de Kundenhotline: +49 6831 85 239

Privacy Policy

We are pleased to welcome you to our website www.kirchenbankpolster.de and thank you for your interest in our company.

The protection of your personal data, such as your date of birth, name, phone number, address, etc., is very important to us.

The purpose of this privacy policy is to inform you about the processing of your personal data, which we collect during your visit to our website. Our privacy practices are in compliance with the legal regulations of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). The following privacy policy fulfills the informational obligations arising from the GDPR. These can be found, for example, in Articles 13 and 14 ff. of the GDPR.

Responsible Entity

The responsible party within the meaning of Art. 4 No. 7 GDPR is the one who alone or jointly with others determines the purposes and means of processing personal data.

Regarding our website, the responsible party is:

P.R. Havener GmbH
Torschlag 1
66740 Saarlouis
Germany
Email: sandra@havener.de
Phone: +49 683185 239
Fax: +49 683186526

Provision of the Website and Creation of Log Files

Each time our website is accessed, our system automatically collects data and information from the device used (e.g., computer, mobile phone, tablet, etc.).

Which personal data is collected and to what extent is it processed?

(1) Information about the browser type and the version used;
(2) The operating system of the accessing device;
(3) Hostname of the accessing computer;
(4) The IP address of the accessing device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) that were accessed on our website;
(7) Websites from which the user's system accessed our website (referrer tracking);
(8) Information about whether the access was successful;
(9) Transferred data volume

This data is stored in the log files of our system. The storage of this data together with personal data of a specific user does not take place, so that the identification of individual page visitors does not occur.

Legal basis for the processing of personal data

Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below.

Purpose of data processing

The temporary (automated) storage of data is required for the process of visiting a website to enable the delivery of the website. The storage and processing of personal data also occurs to maintain the compatibility of our website for as many visitors as possible and for combating misuse and troubleshooting. For this purpose, it is necessary to log the technical data of the requesting computer in order to react as quickly as possible to display errors, attacks on our IT systems, and/or functionality issues of our website. Moreover, we use the data to optimize the website and ensure the general security of our information technology systems.

Duration of storage

The deletion of the aforementioned technical data takes place as soon as they are no longer needed to ensure the compatibility of the website for all visitors, but no later than 3 months after the retrieval of our website.

Right to object and delete

You can object to the processing at any time in accordance with Art. 21 GDPR and request the deletion of data in accordance with Art. 17 GDPR. The rights you are entitled to and how to assert them are explained at the bottom of this privacy policy.

Special features of the website

Our website offers you various features where we collect, process, and store personal data when used. Below we explain what happens to this data:

Contact form(s)

  • Which personal data is collected and to what extent is it processed?

    The data you enter into our contact forms, which you have filled in the input mask of the contact form, will be processed for the purpose described below.

  • Legal basis for the processing of personal data

    Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (consent by explicit affirmative action or behavior, or express consent)

  • Purpose of data processing

    The data collected through our contact form(s) will be used solely to process the specific contact request made via the contact form.

  • Duration of storage

    After processing your request, the collected data will be deleted immediately, unless there are statutory retention periods.

  • Right of withdrawal and deletion

    The withdrawal and deletion possibilities are governed by the general provisions on data protection withdrawal rights and deletion claims as outlined below in this privacy policy.

  • Necessity of providing personal data

    The use of the contact forms is voluntary and neither contractually nor legally required. You are not obligated to contact us via the contact form and may use the other contact options provided on our website. If you wish to use our contact form, you must fill in the fields marked as mandatory. If you do not fill in the necessary fields in the contact form, you can either not submit your request, or we unfortunately cannot process your request.

Statistical evaluation of visits to this website - Web tracker

When visiting this website or individual files of the website, we collect, process, and store the following data: IP address, website from which the file was accessed, file name, date and time of access, amount of data transferred, and a message about the success of the retrieval (so-called web log). We use this access data exclusively in non-personalized form for the continuous improvement of our internet offering and for statistical purposes. We also use the following web trackers to evaluate visits to this website:

  • Google

    We use the Google service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, E-mail: support-deutschland@google.com, Website: https://www.google.com/. Personal data is also transmitted to the USA. In regard to the transmission of personal data to the USA, there is an adequacy decision under the EU-US Data Privacy Framework of the EU Commission as per Art. 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, ensuring that the usual level of protection under the GDPR applies to the transmission.

    The legal basis for the processing of personal data is your consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you provided on our website.

    We use Google to load additional Google services on the website. The service is used to provide additional Google services, such as data processing for providing streams and fonts and relevant content from Google search. It is technically necessary to exchange the information that Google already has about the page visitor between Google services and provide the visitor with personalized content based on their Google account.

    For processing, the service or we collect the following data: Background data stored in the Google user account or in other Google services about the page visitor, background data for providing Google services like streaming or advertising data, data about the user's interaction with Google search, information about the device used, IP address, and browser of the user, as well as additional data from Google services to provide Google services related to our website.

    If the service is active on our website, our website establishes a connection to the servers of Google Ireland Limited and transmits the required data. In the context of order processing, there may also be a transmission of personal data to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, USA. When the Google service is used on our website, Google may transmit and process information from other Google services to provide background services for displaying and processing data for the services provided by Google. This may also involve data transfer to Google services such as Google APIs, Doubleclick, Google Cloud, Google Ads, and Google Fonts in accordance with Google's privacy policy.

    You can access the provider's certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

    You can revoke your consent at any time. Further information about revoking your consent can be found either in the consent itself or at the end of this privacy policy.

    For more information on how the transmitted data is handled, please refer to the provider's privacy policy at https://policies.google.com/privacy.

    The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

  • Gstatic

    We use the Gstatic service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The transmission of personal data also occurs to the USA. Regarding the transfer of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework by the EU Commission in accordance with Art. 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, so the usual protection level of the GDPR applies to the transfer.

    The legal basis for processing personal data is your consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you provided on our website.

    Gstatic is a background service used by Google to retrieve static content, reduce bandwidth usage, and pre-load necessary catalog files. The service particularly loads background data for Google Fonts and Google Maps.

    As part of the order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. You can find the certification of the provider under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

    You can revoke your consent at any time. Further information about revoking your consent can be found either in the consent itself or at the end of this privacy policy.

    For more information on how the transmitted data is handled, please refer to the provider's privacy policy at https://policies.google.com/privacy.

    The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

  • Matomo (local)

    We use the Matomo (local) service from InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, Email: privacy@matomo.org, Website: https://matomo.org/. The transmission of personal data only occurs to servers within the European Union.

    The legal basis for processing personal data is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in achieving the purpose described below.

    Matomo is hosted on our own server infrastructure and is configured by us in such a way that no data transmission to Matomo, InnoCraft Ltd., or any other third parties occurs. The collection of statistical data serves to monitor the functionality and user-friendliness of our website and optimize it by analyzing anonymized user flows. This allows us to identify which content is relevant for our site visitors and users and expand our offering accordingly. From the collected data, we can also create anonymous usage profiles and extract general statistical information. The data collected in this context will not be combined with other personal data without additional consent.

    The service collects the following data for processing: Parts of your IP address in anonymized form, user activities (e.g., referrer links, time spent on certain URLs, clickstream, shopping cart or order IDs), data about your browser settings, browser provider, browser version, screen resolution, and the operating system used.

    The data collection by our local Matomo instance is also configured to be privacy-friendly. Captured IP addresses are anonymized before collection and processing. We have also enabled the "Do Not Track" preference in Matomo. This ensures that a "Do not Track" request from your browser is respected when you visit our website, and regardless of our other measures, no tracking of the site user occurs. You can prevent tracking by Matomo at any time by enabling the "Do Not Track" setting in your browser.

    Regarding the processing, you have the right to object as outlined in Art. 21. Further information can be found at the end of this privacy policy.

    For more information on how the transmitted data is handled, please refer to the provider's privacy policy at https://matomo.org/faq/general/faq_18254/.

  • YouTube

    We use the YouTube service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The transmission of personal data also occurs to the USA. Regarding the transfer of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework by the EU Commission in accordance with Art. 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, so the usual protection level of the GDPR applies to the transfer.

    The legal basis for processing personal data is your consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you provided on our website.

    Through the YouTube service, we embed YouTube videos on our website. By embedding them, we can display videos directly on our website. This way, site visitors can view information about our services without having to visit the YouTube platform.

    The service collects the following data for processing: Data for displaying the stream, data about clicked videos, created playlists, ratings and comments, information about the device used, IP address, and browser of the user, as well as other data from Google services to provide the video according to Google's privacy policy.

    If YouTube is active on our website and a video is played, our website establishes a connection to the servers of Google Ireland Limited and transmits the necessary data to display the stream or video. As part of the order processing, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. The transmission of personal data also occurs to the USA. Regarding the transmission of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework by the EU Commission in accordance with Art. 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The service provider is certified under the DPF, so the usual protection level of the GDPR applies to the transfer. When displaying YouTube videos on our website, YouTube may transmit and process information from other Google services to provide background services such as streaming data for the video. This may also involve data transmission to Google services such as Google Fonts, Google Apis, Google Video, and Doubleclick. You can view the certification of the provider under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

    You can revoke your consent at any time. Further information about revoking your consent can be found either in the consent itself or at the end of this privacy policy.

    For more information on how the transmitted data is handled, please refer to the provider's privacy policy at https://policies.google.com/privacy.

    The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

Incorporation of External Web Services and Processing of Data Outside the EU

On our website, we use active content from external providers, so-called web services. By visiting our website, these external providers may receive personal information about your visit to our site. In this case, processing of data outside the EU may occur. You can prevent this by installing a corresponding browser plugin or disabling the execution of scripts in your browser. This may result in functionality limitations on the websites you visit.

We use the following external web services:

  • Brevo formerly Sendinblue

    We use the Brevo formerly Sendinblue service from Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, Email: support@brevo.com, Website: http://brevo.com/de. The transmission of personal data only occurs to servers within the European Union.

    The legal basis for processing personal data is your consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you provided on our website.

    The service is used to implement a contact form on the website, allowing the website operator to be easily reached. Additionally, the service enables marketing by sending newsletters via email, SMS, or WhatsApp.

    You can revoke your consent at any time. Further information about revoking your consent can be found either in the consent itself or at the end of this privacy policy.

    Further information on the handling of the transferred data can be found in the provider's privacy policy at https://de.sendinblue.com/legal/privacypolicy/.

  • CloudFlare

    We use the CloudFlare service of the company Cloudflare, Inc., 101 Townsend St, 94107 San Francisco, United States, Email: support@cloudflare.com, Website: https://www.cloudflare.com/de-de/. The transmission of personal data also occurs to the USA. In regard to the transfer of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework by the EU Commission according to Article 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, so that the usual level of protection under the GDPR applies for the transfer.

    The legal basis for processing the personal data is our legitimate interest according to Art. 6 (1) lit. f GDPR. Our legitimate interest is in achieving the purpose described below.

    Cloudflare is a so-called Content Delivery Network, which not only distributes the website across multiple servers but also provides security features. Additionally, Cloudflare acts as a reverse proxy for our website.

    The provider's certification under the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/list.

    With regard to processing, you have the right to object as listed in Article 21. More information can be found at the end of this privacy policy.

    Further information on the handling of the transferred data can be found in the provider's privacy policy at https://www.cloudflare.com/privacypolicy/.

  • Google Cloud APIs

    We use the Google Cloud APIs service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The transmission of personal data also occurs to the USA. In regard to the transfer of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework by the EU Commission according to Article 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, so that the usual level of protection under the GDPR applies for the transfer.

    The legal basis for processing the personal data is your consent according to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, which you have provided on our website.

    We use Google APIs to load additional Google services on our website. Google APIs is a collection of interfaces to communicate between various Google services used on your website. The service is especially used to display the Google Fonts and to provide the Google Maps.

    For the processing, the service or we collect the following data: IP address

    If the service is active on our website, our website establishes a connection to the servers of Google Ireland Limited and transfers the necessary data. In the context of order processing, it may also result in a transfer of personal data to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services to provide background services for the display and data processing of the Google services provided. This may also involve a data transfer to Google services such as Google Cloud, Google Maps, Google Ads, and Google Fonts, according to Google's privacy policy, which is legally responsible for data protection.

    The provider's certification under the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/list.

    You can withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.

    Further information on the handling of the transferred data can be found in the provider's privacy policy at https://policies.google.com/privacy.

    The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

  • Google Fonts

    We use the Google Fonts service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The transmission of personal data also occurs to the USA. In regard to the transfer of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework by the EU Commission according to Article 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, so that the usual level of protection under the GDPR applies for the transfer.

    The legal basis for processing the personal data is your consent according to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, which you have provided on our website.

    We use the Google Fonts service to integrate attractive fonts into our site, allowing us to present our website in a visually improved version. The service may also be used on our website when other Google services are loaded, which require Google Fonts for execution. This is the case, for example, when our website uses Google services that require Google Fonts to function.

    For the processing, the service or we collect the following data: Font data, IP address of the site visitor, statistics about font usage, and other data from Google services related to our website.

    If the service is active on our website, our website establishes a connection to the servers of Google Ireland Limited and transfers the necessary data. In the context of order processing, it may also result in a transfer of personal data to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services to provide background services for the display and data processing of the Google services provided. This may also involve a data transfer to Google services such as Google APIs, Google Cloud, and Google Ads, according to Google's privacy policy.

    The provider's certification under the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/list.

    You can withdraw your consent at any time. Further information on withdrawing your consent can be found either in the consent itself or at the end of this privacy policy.

    Further information on the handling of the transferred data can be found in the provider's privacy policy at https://policies.google.com/privacy.

    The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

  • Google reCaptcha

    We use the Google reCaptcha service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: https://www.google.com/. The transmission of personal data also occurs to the USA. In regard to the transfer of personal data to the USA, there is an adequacy decision for the EU-US Data Privacy Framework by the EU Commission according to Article 45 GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The service provider is certified under the DPF, so that the usual level of protection under the GDPR applies for the transfer.

    The legal basis for processing the personal data is your consent according to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, which you have provided on our website.

    If Google reCaptcha is active on our website, the data determined by Google reCaptcha will be transferred to the servers of Google Ireland Limited. In the context of order processing, it may also result in a transfer of personal data to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. Based on specific features and an analysis of the site behavior, the service recognizes whether the entered data comes from an automated input by a program (so-called bot) or from a human. The service has three different levels. Either the service automatically recognizes that the input is not automated by a bot, or it lets the user select a captcha checkbox. A third option is to display small image or speech tasks/text tasks that the site visitor must solve. Google reCaptcha is a captcha service used on our website for security purposes to exclude automated programs (bots) from interacting with our site. Google reCaptcha verifies on our behalf that only humans and not bots can use our website. This allows us to protect particular functions on our website (e.g., contact forms or other input options like login areas) from abusive site access.

    The service or we collect the following data for processing: User behavior (e.g., mouse gestures or input behavior), IP address, browser data, computer information.

    If you wish to use the input options on our website protected by Google reCaptcha, you must allow the use of Google reCaptcha and, if necessary, solve the corresponding captchas. If you do not fill out the captcha or do not allow the use of Google reCaptcha, you will not be able to use the form protected by the captcha. Alternatively, you can always use our other contact options (e.g., mail or email). You can access the certification of the provider within the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

    You can revoke your consent at any time. More information on revoking your consent can be found either with the consent itself or at the end of this privacy policy.

    Further information on how the transmitted data is handled can be found in the provider's privacy policy at https://policies.google.com/privacy.

    The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

  • Legal Text Snippet and Modules

    We use the Legal Text Snippet and Modules service from Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany, Email: support@website-check.de, Website: https://www.website-check.de/. The transmission of personal data takes place exclusively to servers within the European Union.

    The legal basis for processing is Article 6, paragraph 1, letter c of the GDPR. The use of the service helps us fulfill our legal obligations.

    With the help of the service, we load the contents of our legal texts on our website. The current legal texts are loaded through this integration. Other technical modules related to the legal texts or legally required elements may also be loaded through this integration.

    What rights you have with regard to processing can be found at the end of this privacy policy.

    Further information on how the transmitted data is handled can be found in the provider's privacy policy at https://www.website-check.de/datenschutzerklaerung/.

  • Vimeo

    We use the Vimeo service from Vimeo, Inc., 555 West 18th Street, 10011 New York, United States, Email: Privacy@vimeo.com, Website: http://www.vimeo.com/. The transmission of personal data also occurs to the USA. Regarding the transmission of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework by the EU Commission pursuant to Article 45 of the GDPR (hereinafter: DPF - https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified within the DPF, so the usual protection level of the GDPR applies to the transmission.

    The legal basis for processing the personal data is your consent according to Article 6, paragraph 1, letter a of the GDPR or Article 9, paragraph 2, letter a of the GDPR, which you provided on our website.

    Through the Vimeo service, we integrate videos from the Vimeo platform on our site.

    You can access the provider's certification within the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/list.

    You can revoke your consent at any time. More information on revoking your consent can be found either with the consent itself or at the end of this privacy policy.

    Further information on how the transmitted data is handled can be found in the provider's privacy policy at https://vimeo.com/privacy.

    The provider also offers an opt-out option at https://vimeo.com/privacy.

  • Website-Check Seal

    We use the Website-Check Seal service from Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany, Email: support@website-check.de, Website: https://www.website-check.de/. The transmission of personal data occurs exclusively to servers within the European Union.

    The legal basis for processing the personal data is our legitimate interest according to Article 6, paragraph 1, letter f of the GDPR. Our legitimate interest lies in achieving the purpose described below.

    The Website-Check GmbH script is the technical integration of the Website-Check Seal. With this seal, we want to show that we take data protection very seriously. The transmission of data to Website-Check GmbH takes place for the delivery and display of the seal on our site.

    With regard to processing, you have the right to object as outlined in Article 21. Further information can be found at the end of this privacy policy.

    Further information on how the transmitted data is handled can be found in the provider's privacy policy at https://www.website-check.de/datenschutzerklaerung/.

  • sibforms.com

    We use the sibforms.com service from Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, Website: https://de.sendinblue.com/. The transmission of personal data occurs exclusively to servers within the European Union.

    The legal basis for processing the personal data is your consent according to Article 6, paragraph 1, letter a of the GDPR or Article 9, paragraph 2, letter a of the GDPR, which you provided on our website.

    The service is a plugin that we need to display all content on our website. The service may also be used for tracking and/or advertising purposes.

    You can revoke your consent at any time. More information on revoking your consent can be found either with the consent itself or at the end of this privacy policy.

    Further information on how the transmitted data is handled can be found in the provider's privacy policy at https://de.sendinblue.com/datenschutz-uebersicht/.

Information on the Use of Cookies

  • Which personal data is collected and to what extent is it processed?

    On various pages, we integrate and use cookies to enable certain functions of our website and to integrate external web services. The so-called "cookies" are small text files that your browser can store on your access device. These text files contain a characteristic string of characters that uniquely identifies the browser when you return to our website. The process of storing a cookie file is also called "setting a cookie."

    Cookies can be set both by the website itself and by external web services. The cookies are set by our website or the external web services to ensure the full functionality of our website, to improve usability, or to track the purpose you provided with your consent. The cookie technology also allows us to recognize individual visitors using pseudonyms, such as unique or random IDs, so that we can offer more personalized services. Details are provided in the table below.

  • Legal basis for the processing of personal data

    Insofar as the cookies are processed based on consent according to Art. 6 Para. 1 lit. a GDPR, this consent also counts as consent within the meaning of § 25 Para. 1 TDDDG for setting the cookie on the user's device. If another legal basis under the GDPR is specified (e.g., for the fulfillment of a contract or the fulfillment of legal obligations), the storage or setting is based on an exception according to § 25 Para. 2 TDDDG. This is the case "if the sole purpose of storing information in the user's device or the sole purpose of accessing already stored information in the user's device is to carry out the transmission of a message over a public telecommunications network" or "if the storage of information in the user's device or the access to already stored information in the user's device is strictly necessary for the provider of a digital service to provide a digital service explicitly requested by the user." The applicable legal basis can be found in the cookie table later in this section.

  • Purpose of data processing

    The cookies are set by our website or the external web services to ensure the full functionality of our website, improve usability, or track the purpose you provided with your consent. The cookie technology also allows us to recognize individual visitors using pseudonyms, such as unique or random IDs, so that we can offer more personalized services. Details are provided in the table below.

  • Duration of storage

    The storage of our cookies lasts until they are deleted in your browser or, if it is a session cookie, until the session expires. Details are provided in the table below.

  • Right to object and removal options

    You can set your browser according to your preferences to prevent the setting of cookies in general. You can then decide on a case-by-case basis whether to accept cookies or accept them by default. Cookies can be used for different purposes, e.g., to recognize that your access device is already connected to our website (permanent cookies) or to store recently viewed offers (session cookies). If you have explicitly granted us permission to process your personal data, you can withdraw this consent at any time. Please note that the lawfulness of processing based on consent until withdrawal is not affected by this.

Cookie NameServerProviderPurposeLegal BasisStorage DurationType
Google Recaptchawww.google.comGoogle reCaptchaThe Google Recaptcha cookie checks whether the user is a real person or a bot. For this purpose, Google ReCaptcha analyzes extensive user data to provide the most accurate assessment possible.Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (Consent)Approx. 6 monthsAnalytics
LAST_RESULT_ENTRY_KEYwww.youtube-nocookie.comYouTubeStores user settings when retrieving an embedded YouTube video on other websites.Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (Consent)SessionComfort
__cf_bm.vimeo.comVimeoCloudflare places the __cf_bm cookie on end-user devices accessing customer websites protected by Bot Management or Bot Fight Mode. The __cf_bm cookie is necessary for these bot solutions to function properly. It contains information to calculate Cloudflare's proprietary bot score and, if anomaly detection is enabled in Bot Management, a session ID. The information in the cookie (except for time-related data) is encrypted and can only be decrypted by Cloudflare.Art. 6 para. 1 lit. f GDPR (Legitimate Interests)Approx. 30 minutesSecurity
_cfuvid.vimeo.comVimeoThis cookie is part of Cloudflare's services, including load balancing, delivery of website content, and providing DNS connections for website operators. It is used for rate limiting to distinguish individual users who share the same IP address.Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (Consent)SessionConfiguration
_pk_id.upgrade.havener.deWebsite OperatorThis is a tracking cookie from Matomo. The cookie allows us to capture page interactions based on an assigned pseudonymous visitor ID and create statistics on user behavior on the website. It stores and analyzes information about visitor actions on the website during the current session, such as the date and time of the first visit, the average time spent on the website, and the total number of visitors on the site.Art. 6 para. 1 lit. f GDPR (Legitimate Interests)Approx. 13 monthsAnalytics
_pk_ses.upgrade.havener.deWebsite OperatorThis is a tracking cookie from Matomo. The cookie allows us to capture page interactions based on an assigned pseudonymous visitor ID and create statistics on user behavior on the website. It stores and analyzes information about visitor actions on the website during the current session, such as the date and time of the first visit, the average time spent on the website, and the total number of visitors on the site.Art. 6 para. 1 lit. f GDPR (Legitimate Interests)Approx. 31 minutesAnalytics
fe_typo_userupgrade.havener.deWebsite OperatorThis cookie is required by the Typo3 Web Content Management System. The cookie is stored during the session. It is needed to store certain website settings during the website visit (session).Art. 6 para. 1 lit. f GDPR (Legitimate Interests)SessionBasic Functionality
nextIdwww.youtube-nocookie.comYouTubeThis cookie is used to assign a unique ID to the user. It helps collect data about the behavior of the website visitor and is used to create statistics about which YouTube videos the visitor watched on various websites.Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (Consent)SessionMarketing
requestswww.youtube-nocookie.comYouTubeWe embed videos from our official YouTube channel in YouTube's private mode. This mode may set cookies on your computer when you click on the YouTube video player, but YouTube does not store personally identifiable cookie information for embedded videos in private mode.Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR (Consent)SessionConfiguration

Data Security and Data Protection, Communication via Email

Your personal data is protected through technical and organizational measures during collection, storage, and processing, ensuring that it is not accessible to third parties. In the case of unencrypted communication via email, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication or postal delivery for information requiring high confidentiality.

Automatic Email Archiving

  • Scope of Processing Personal Data

    We explicitly inform you that our email system has an automated archiving procedure. All incoming and outgoing emails are securely and digitally archived.

  • Legal Basis for Processing Personal Data

    Art. 6 para. 1 lit. c GDPR (legal obligation). The legal obligation arises from compliance with tax and commercial law requirements (e.g., §§ 146, 147 AO, §§ 238, 257 HGB).

  • Purpose of Data Processing

    The purpose of archiving is to comply with tax law (e.g., §§ 146, 147 AO – obligation to retain emails relevant to tax law) and commercial law requirements (e.g., §§ 238, 257 HGB – obligation to archive business correspondence).

  • Duration of Storage

    The storage of our email communication occurs until the expiration of tax and commercial law retention obligations. The retention period can be up to 10 years.

  • Right to Object and Deletion Possibility

    You can object to the processing at any time in accordance with Art. 21 GDPR and request the deletion of data in accordance with Art. 17 GDPR. Your rights and how to exercise them are outlined at the bottom of this privacy policy.

  • Handling of Application Documents

    Additionally, we would like to point out that we only accept application documents in PDF format. Compressed files (WinZip, WinRAR, 7Zip, etc.) are filtered out by our security systems and are not delivered. We do not consider applications in Word format and other file formats and delete them unread. Please note that application documents sent unencrypted via email may be accessed by third parties before reaching our IT systems. We assume that we are allowed to reply to unencrypted application emails unencrypted as well. If you do not wish this, please indicate it in your application email.

Right to Information and Correction Requests – Deletion & Restriction of Data – Withdrawal of Consent – Right to Object

Right to Information

You have the right to request confirmation as to whether we are processing personal data about you. If this is the case, you have the right to request information about the details listed in Art. 15 para. 1 GDPR, unless the rights and freedoms of other persons are affected (see Art. 15 para. 4 GDPR). We will be happy to provide you with a copy of the data as well.

Right to Rectification

According to Art. 16 GDPR, you have the right to have any incorrect personal data (such as address, name, etc.) corrected at any time. You may also request the completion of any incomplete data stored with us at any time. Such adjustments will be made immediately.

Right to Deletion

According to Art. 17 para. 1 GDPR, you have the right to request the deletion of personal data we have collected about you if:

  • the data is no longer required;
  • the legal basis for processing has been eliminated due to the withdrawal of your consent;
  • you have objected to the processing and there are no legitimate grounds for processing;
  • your data is being processed unlawfully;
  • legal obligations require it or data collection has taken place in accordance with Art. 8 para. 1 GDPR.

The right does not apply according to Art. 17 para. 3 GDPR if:

  • the processing is necessary for the exercise of the right to freedom of expression and information;
  • Your data has been collected on the basis of a legal obligation;
  • the processing is necessary for reasons of public interest;
  • the data is necessary for the assertion, exercise, or defense of legal claims.

Right to Restriction of Processing

According to Art. 18(1) GDPR, you have the right to request the restriction of the processing of your personal data in certain cases.

This is the case if

  • the accuracy of the personal data is contested by you;
  • the processing is unlawful and you do not consent to its deletion;
  • the data is no longer needed for the processing purpose, but the collected data is required for the assertion, exercise, or defense of legal claims;
  • a objection to the processing according to Art. 21(1) GDPR has been raised, and it is still unclear which interests prevail.

Right to Withdraw Consent

If you have given us explicit consent to process your personal data (Art. 6(1) lit. a GDPR or Art. 9(2) lit. a GDPR), you can withdraw this consent at any time. Please note that the legality of processing carried out based on the consent until the withdrawal is not affected by this.

Right to Object

According to Art. 21 GDPR, you have the right to object at any time to the processing of your personal data that has been collected based on Art. 6(1) lit. f (in the context of legitimate interest). This right applies only if there are special circumstances that speak against the storage and processing.

How to Exercise Your Rights?

You can exercise your rights at any time by contacting us at the contact details below:

P.R. Havener GmbH
Torschlag 1
66740 Saarlouis
Germany
E-mail: sandra@havener.de
Phone: +49 683185 239
Fax: +49 683186526

Right to Data Portability

You are entitled under Article 20 GDPR to request the transfer of personal data concerning you. The data will be provided by us in a structured, commonly used, and machine-readable format. The data can be sent either to you or to a controller you have designated.

Upon request, we will provide you with the following data in accordance with Article 20(1) GDPR:

  • Data that has been collected based on your explicit consent under Article 6(1)(a) GDPR or Article 9(2)(a) GDPR;
  • Data that we have received from you in the context of existing contracts under Article 6(1)(b) GDPR;
  • Data that has been processed in an automated procedure.

We will transfer personal data directly to a controller you wish, as long as it is technically feasible. Please note that we are not allowed to transfer data that interfere with the freedoms and rights of other persons under Article 20(4) GDPR.

Right to Lodge a Complaint with the Supervisory Authority under Article 77(1) GDPR

If you suspect that your data is being processed unlawfully on our site, you are of course free to seek judicial clarification of the issue at any time. Additionally, all other legal avenues are open to you. Regardless, under Article 77(1) GDPR, you have the right to lodge a complaint with a supervisory authority. The right to lodge a complaint under Article 77 GDPR is available to you in the EU member state of your residence, your place of work, and/or the place of the alleged violation, meaning you can choose the supervisory authority to contact from the locations mentioned above. The supervisory authority where the complaint was filed will inform you of the status and results of your submission, including the possibility of judicial redress under Article 78 GDPR.

Created by:

© DURY LEGAL Attorneys – www.dury.de

© Website-Check GmbH – www.website-check.de