Data Privacy Statement

Welcome to the HELUKABEL website and thank you for your interest in our company and our products and services. We care about the protection of your personal data during its collection, processing, and use in the course of your visit to our website.

This privacy policy does not apply to websites of other parties, even if they are linked on the HELUKABEL website.

The processing of personal data, such as names, addresses, e-mail addresses, and phone numbers, is always done in compliance with the EU General Data Protection Regulation as well as any national data protection regulations to which HELUKABEL is subject. The intent of this privacy policy is to inform the public about the type, scope, and purpose of the collection, use, and processing of personal data by our company. In addition, this privacy policy informs data subjects of their rights.

As the controller responsible for the processing of data, HELUKABEL has implemented numerous technical and organisational measures to make the protection of personal data processed via this website as seamless as possible. However, the transmission of data via the internet has some inherent weaknesses so that absolute protection cannot be guaranteed. For this reason, data subjects have the right to use other means for transferring personal data to us, e.g. by phone.

1. Terms and definitions

The HELUKABEL privacy policy is based on the terms defined by the European issuer of directives and ordinances in the EU General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand both for the public and or our customers and business partners. To this end, we would like to explain some terminology first.

This privacy policy uses the following terms and definitions:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable person whose personal data has been processed by the controller.

c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

The controller in the sense of the General Data Protection Regulation as well as other data protection laws and regulations pertaining to data protection applicable in the European Union is:

HELUKABEL GmbH
Dieselstrasse 8-12
71282 Hemmingen
Deutschland

Tel.: 07150 / 92 090
E-Mail: info@helukabel.de
Website: www.helukabel.de

3. Name and address of the data protection officer

The data protection officer appointed by the controller is:

RA Dr. Oliver Meyer-van Raay
– Datenschutzbeauftragter –
Ludwig-Erhard-Allee 6, 76131 Karlsruhe
Ph..: +49 721 17029034 Fax: +49 721 17029034
E-Mail: datenschutzbeauftragter@helukabel.de

Any data subject may contact the data protection officer at any time for questions or suggestions about data protection.

4. Cookies

The web pages of HELUKABEL use cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.

Many websites and servers use cookies. Many cookies contain a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character sequence by means of which web pages and servers can be traced back to the actual server on which the cookie was stored. This enables visited webpages and servers to distinguish the data subject’s browser from other internet browsers that contain cookies. A particular internet browser can be recognised and identified by the unique cookie ID.

Cookies enable HELUKABEL to provide better service to the users of this website, which would not be possible without such cookies.

Cookies enable us to optimise the information and offers on our website in the interest of the user. As mentioned before, cookies enable us to recognise repeat visitors to our website. The purpose of this recognition is to make using our website easier to its visitors. For example, if a website uses cookies, then visitors do not need to input their login data again on a repeat visit because this is done by the website and the cookie stored on the visitor’s computer system. Another example is the cookie for a shopping cart in the online shop. The online shop uses a cookie to remember items that a customer placed in the virtual shopping cart.

A data subject is able to set his or her web browser to block our website from setting cookies and thereby object to the placement of cookies permanently at any time. In addition, stored cookies can be deleted at any time using a web browser or other software. All commonly used web browsers offer this function. If the data subject deactivates the storage of cookies in their web browser, then this may result in not all of the functions of our website being fully usable.

5. Collection of general data and information

The website of HELUKABEL collects a certain amount of data or information with every visit of the website by a data subject or an automated system. This general data and information is stored in the server’s log files. The types of data that can be collected are (1) browser types and versions, (2) the operating system used by the accessing system, (3) the website from where an accessing system goes to our website (called referrers), (4) the subpages that are accessed on our website by an accessing system, (5) the date and time of access to the website, (6) an Internet Protocol (IP) address, (7) the internet service provider of the accessing system, and (8) other similar data and information that is used for protection against attacks on our IT systems.

HELUKABEL does not draw any conclusions about the data subject in the use of this general data and information. This information isinstead required to (1) deliver the contents of our website correctly, (2) optimise the contents of our website and the advertising for it, (3) ensure the long-term functionality of our IT systems and the technology of our website, and (4) provide law enforcement with the necessary information in the event of a cyber attack. This anonymously collected data and information is evaluated by HELUKABEL, on one hand statistically, and on the other with the goal of improving data protection and data security at our company and to ensure an optimum level of protection for the personal data that are processed by us. The anonymous data of the server logfiles are saved separate from all personal data provided by the data subject.

6. Contact via the website

To comply with legal requirements, the website of HELUKABEL contains information to enable contacting our company quickly as well as to enable direct communication with us. This includes a general electronic mail contact (e-mail address). If a data subject contacts the controller via e-mail or a contact form, the personal data submitted by the data subject is stored automatically. Such personal data, which is voluntarily transferred to the controller by the data subject, is stored for purposes of processing or contacting the data subject. Such personal data will not be disclosed to third parties. SSL encryption technology is used for transferring such data. The contact options are:

  • Online form

7. Routine erasure of personal data and making personal data unavailable

The controller processes and stores personal data of data subjects only for as long as required to achieve the purpose of storing the data, or as provided by the European issuer of directives and ordinances or other legislative bodies in laws and regulations to which the controller is subject.

Personal data are made unavailable or deleted in accordance with applicable laws and regulations when the purpose of storing the data no longer exists, or a storage period specified by the European issuer of directives and ordinances or another legislative body expires.

8. Rights of the data subject

a) Right of confirmation

Every data subject has the right, defined by the European issuer of directives and ordinances, to request confirmation from the controller about whether the controller processes personal data related to the data subject. Data subjects who wish to make use of this right of confirmation may contact our data protection officer at any time.

b) Right of access

Every data subject shall have the right, defined by the European issuer of directives and ordinances, to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information, as well as a copy of such information. In addition, the European issuer of directives and ordinances has granted the data subject a right of information with regard to the following matters:

  • The purposes of processing
  • The categories of personal data concerned
  • The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • The right to lodge a complaint with a supervisory authority
  • Where the personal data are not collected from the data subject: Any available information as to the source of the data
  • The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The data subject also has a right to information about whether or not personal data have been transferred to a third country or an international organisation. If this is the case, then the data subject shall also have the right to be informed of the appropriate safeguards relating to the transfer.

Data subjects who wish to make use of this right of information may contact our data protection officer at any time.

c) Right to rectification

The data subject shall have the right, defined by the European issuer of directives and ordinances, to obtain from the controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Data subjects who wish to make use of this right of rectification may contact our data protection officer at any time.

d) Right to erasure (right to be forgotten)

The data subject shall have the right, defined by the European issuer of directives and ordinances, to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws consent on which the processing is based pursuant to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
  • The personal data have been unlawfully processed.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the above grounds applies and a data subject wishes to obtain the erasure of personal data stored by HELUKABEL, the data subject may contact our data protection officer at any time. The data protection officer of HELUKABEL or another employee will ensure that the request for erasure is complied with without undue delay.

Where HELUKABEL has made the personal data public and is obliged pursuant to Article 17(1) of the GDPR to erase the personal data, our company, in its role as the controller and taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. The data protection officer of HELUKABEL or another employee will take the necessary steps in each case.

e) Right to restriction of processing

Any data subject shall have the right, defined by the European issuer of directives and ordinances, to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing pursuant to Art. 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where one of the above prerequisites applies and a data subject wishes to obtain the restriction of their personal data stored at HELUKABEL, the data subject may contact our data protection officer at any time. The data protection officer of HELUKABEL or another employee will initiate the restriction of processing.

f) Right to data portability

Any data subject shall have the right, defined by the European issuer of directives and ordinances, to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in its exercise of the the right to data portability pursuant to Art. 20(1) of the GDPR, the data subject shall have the right to obtain the direct transfer of their personal data from a controller to another controller, where this is technically feasible and where this does not adversely affect the rights and freedoms of others.

To exercise the right to data portability, a data subject may contact the data protection officer appointed by HELUKABEL at any time.

g) Right to object

The data subject shall have the right, defined by the European issuer of directives and ordinances, to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on those provisions.

Where an objection has been submitted, HELUKABEL will no longer process the personal data unless we are can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where HELUKABEL processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This includes profiling to the extent that it is related to such direct marketing. If a data subject objects to processing for direct marketing purposes, then HELUKABEL will no longer use the personal data for these purposes.

Where personal data are processed by HELUKABEL for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, a data subject may contact the data protection officer of HELUKABEL of another employee directly. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling

The data subject shall have the right, defined by the European issuer of directives and ordinances, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision (1) is necessary for entering into or the performance of a contract between the data subject and a data controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.

If the decision is (1) necessary for performance of a contract between the data subject and a data controller or (2) is based on the data subject’s explicit consent, then HELUKABEL shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

If a data subject wishes to exercise rights related to automated decision-making, he or she may contact our data protection officer at any time.

i) Right to withdraw consent to processing

The data subject shall have the right, defined by the European issuer of directives and ordinances, to withdraw his or her consent to the processing of personal data at any time.

If a data subject wishes to exercise his or her right to withdraw consent, he or she may contact our data protection officer at any time.

9. Data protection in job applications or job application procedures

The controller collects and processes personal data of applicants for the purposes of the application process. Processing may be electronic. This is the case in particular where an applicant transfers application documents to the controller electronically, e.g. via e-mail or a form provided on the website. If the controller enters into an employment contract with the applicant, the transferred data are stored for purposes of performing the employment relationship in consideration of applicable laws and regulations. If the controller and the applicant do not enter into an employment contract, then the application documents shall be erased automatically no later than two months following the applicant’s notification, unless the controller has other legitimate interests not to erase the data. Other legitimate interests in the sense of the above may include documentation obligations under the German General Act on Equal Treatment (AGG).

10. Legal basis for processing

Processes requiring consent to a specific purpose of processing are legally based on Art. 6.1 a of the GDPR. If the processing is necessary for the performance of a contract to which the data subject is party, as may be required for processing of deliveries or the provision of other services or consideration, then the processing is based on Art. 6.1 (b) of the GDPR. The same applies for steps at the request of the data subject prior to entering into a contract, such as inquiries about or products or services. If our company is under a legal obligation that requires the processing of personal data, e.g. the fulfilment of its tax obligations, then the processing is based on Art. 6.1 (c) of the GDPR. In rare cases, the processing of personal data may become necessary to protect vital interests of the data subject or another natural person. This might be the case, for example, if a visitor were injured at our facilities, necessitating the disclosure of his or her name, age, health insurance information, or other vital information to a doctor, hospital, or other third party. In this case, the processing would be based on Art. 6.1 (d) of the GDPR. Finally, processing may be based on Art. 6.1 (f) of the GDPR. This is the legal basis for processes not covered by any of the above items, if the processing is required to safeguard legitimate interests of our company or a third party and if there are no overriding interests or basic rights and freedoms of the data subject. We are permitted such processing because it is explicitly mentioned by the European legislative. The legislative has stated in this regard that a legitimate interest should be assumed if the data subject is a customer of the controller (GDPR, “Whereas” no. (47), 2nd sentence).

11. Legitimate interest in processing pursued by the controller or a third party

If the processing of personal data is based on Art. 6.1 (f) of the GDPR, then our legitimate interest is the performance of our business activities for the benefit of our employees and our shareholders.

12. Period of storage for personal data

The legal storage period is the criterion for the duration of the storage of personal data. After the period expires, the relevant data are routinely deleted if they are no longer required for the performance or initiation of contracts.

13. Legal or contractual requirements for the provision of personal data; necessity for entering contracts; obligation of the data subject to provide personal data; possible consequences of failure to provide data

We hereby inform you that a disclosure of personal data may be required by law (tax regulations) or in the context of a contract (e.g. information about a party to the contract). To enter into a contract, it may be required that a data subject provide us with personal data which in turn needs to be processed by us. For example, a data subject is required to provide us with personal data when our company enters into a contract with that data subject. Failure to provide such personal data would prevent the contract with the data subject to be entered. Before providing us with personal data, a data subject must contact our data protection officer. Our data protection officer informs the data subject on a per case bases whether the provision of personal data is required by law or required for the contract, whether there is an obligation to provide such personal data, and what the consequences of not providing such personal data would be.