Privacy Policy

Data protection / Privacy information

General

The following information is intended to give you an overview of how we process your personal data and your data protection rights. This privacy policy is a translation of the German version of our information obligations under Article 13 et seq. of the GDPR into English. In case of doubt, the German language version shall always prevail.

We strive to offer you an informative and data protection-friendly website. It is therefore possible to use our company website without entering any personal data. However, if you wish to use special services via our website or other options, it may be necessary to process personal data.

As the responsible party, we always endeavour to ensure the most comprehensive protection possible for the personal data processed via this website using the latest technical and organisational measures, just as we attach great importance to security and data protection in our other processing activities. Nevertheless, internet-based data transmissions can generally have security gaps, meaning that absolute protection against unauthorised access by third parties cannot be guaranteed. For this reason, you are free to contact us by telephone or post and also transmit personal data to us in this way.

Responsible

Hartmetallwerkzeugfabrik Andreas Maier GmbH

Stegwiesen 2

88477 Schwendi-Hörenhausen, Germany

Telephone: +49 7347 – 61-0

Email: info@ham-tools.com

For further information, please refer to our site notice.

Data protection

If you have any questions about data processing or data protection at our company, you can contact our external data protection officer at Kulitz & Twelmeier GmbH at any time.

You can send data protection enquiries at any time by post to the above address (please mark the envelope “For the attention of the data protection officer”), by email to datenschutz@ham-tools.com or confidentially via our data protection portal.

SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact enquiries that you send to us as the operator. You can recognise an encrypted connection by the fact that the address line of the browser contains ‘https://’ instead of ‘http://’ and by the lock symbol in your browser line. We use this technology to protect your transmitted data.

Data collection when visiting the website

When you use our website for informational purposes only, i.e. if you do not submit any information to us via forms, we only collect data that your browser transmits to our server (in so-called ‘server log files’). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server’s log files. The following may be recorded

the browser types and versions used,
the operating system used by the accessing system,
the website from which an accessing system reaches our website (so-called referrer),
the sub-web pages accessed on our website via an accessing system,
the date and time of access to the website,
an abbreviated Internet Protocol address (IP address) and
the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. Rather, this information is required in order to

deliver the content of our website correctly,
optimise the content of our website and the advertising for it,
ensure the long-term functionality of our IT systems and the technology of our website, and
provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

We therefore evaluate this collected data and information statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The data in the server log files is stored separately from all personal data provided by a data subject. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.

Hosting

We host our website with IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (IONOS). When you visit our website, your personal data (e.g. IP addresses in log files) is processed on IONOS’s servers. The use of IONOS is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring that our website is presented and provided in the most reliable manner possible and that it is secure.

We have concluded a contract for order processing (AVV) with IONOS in accordance with Art. 28 GDPR. This is a contract required by data protection law, which ensures that IONOS processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. IONOS’s data protection information can be found at: https://www.ionos.de/terms-gtc/terms-privacy.

Content and contact options

On these pages, we provide information about HAM as a company, our divisions and services, trade fair visits and events, news about our topics, and offer product information, catalogues and various downloads of certificates, mandatory information, terms and conditions, our Code of Conduct and our sustainability profile. We offer you various ways to communicate and contact us and our experts, as well as the option to subscribe to our newsletter. You can purchase our products via our online shop on a separate shop page, where we provide you with information about the special processing involved in online purchases.

Contact via contact form

If you have any questions, you can contact us using the general form provided. Personal data is collected when you contact us. The data collected when you use the contact form is shown on the contact form. We ask for your email address and name so that we can clearly assign your enquiry and reduce misuse. This data is stored and used exclusively for the purpose of responding to your enquiry or for establishing contact and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your enquiry in accordance with Art. 6 (1) lit. f) GDPR. If your contact is aimed at concluding or initiating a contract – for example, an enquiry about our services – the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR. We ask for a simple equation under the form to prevent spam and do not use questionable captcha solutions. We expressly refer to electronic data processing under the form in order to be able to respond to your enquiry. We refer to this privacy policy and ask you to confirm that you have read it by ticking the box below the form. [SS1] Your data will be deleted after your enquiry has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and there are no legal retention obligations that prevent deletion, for example under the German Commercial Code (HGB) or the German Fiscal Code (AO). Alternatively, you can also contact us directly in an informal manner and request deletion.

Contact via email

If you contact us via one of the email addresses provided by us, the personal data you provide will be processed exclusively for the purpose of processing your respective enquiry, for correspondence with you, as well as for the possible initiation and establishment of a contract, for enquiries about our services, etc. in accordance with Art. 6 (1) (b) GDPR. Other communication with us is based on the legal basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. The personal data collected will be automatically deleted after your enquiry has been dealt with; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal obligations to retain the data.

Newsletter dispatch to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers and information about similar goods or services from our range by email. In accordance with Section 7 (3) UWG, we do not need to obtain your separate consent for this. Data processing in this respect is based solely on our legitimate interest in personalised direct advertising in accordance with Art. 6 (1) lit. f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with future effect by notifying the controller named at the beginning. You will only incur transmission costs according to the basic rates for this. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.

CleverReach (newsletter tool)

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, (CRASH Building), Schafjückenweg 2, 26180 Rastede. CleverReach is a service that can be used to organise and analyse newsletter distribution. The data you enter for the purpose of receiving the newsletter (e.g. your email address) is stored on CleverReach’s servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyse the behaviour of newsletter recipients. Among other things, we can analyse how many recipients opened the newsletter message and how often which link in the newsletter was clicked. With the help of conversion tracking, it is also possible to analyse whether a predefined action (e.g. the purchase of a product on our website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. Data processing is based on your consent (Art. 6 para. 1 lit. a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. If you do not want CleverReach to analyse your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website. You can revoke your consent at any time. You can also prevent processing at any time by unsubscribing from the newsletter. You can also prevent the storage of cookies by adjusting your web browser settings accordingly. You can also prevent the storage and transmission of personal data by deactivating JavaScript in your web browser or installing a JavaScript blocker (e.g. https://noscript.net or https://www.ghostery.com). Please note that these measures may mean that not all functions of our website are available. The data you provide for the purpose of subscribing to our newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and the CleverReach servers after you unsubscribe. Data stored by us for other purposes (e.g. email addresses for the member area) remains unaffected by this. CleverReach’s privacy policy can be found at: https://www.cleverreach.com/de/datenschutz/.

Presence on social networks

We use the social networks listed to inform users about our products and information offerings, to discuss with interested parties and to promote our company and its services. We do this in addition to our communications on our company websites. You can contact us directly via the respective platform at your own request and initiative. The social media channels mentioned complement our website and offer a further, supplementary information and communication option.

As soon as you access our social media profile on the relevant network, the terms and conditions and privacy policy of the respective operator apply. We only process visitor data on social media sites ourselves if you contact and communicate with us, for example through comments or direct messages.

The controllers of the respective platforms process the data for their own purposes in accordance with their own privacy policy, over which we have no influence. Furthermore, we are not aware of the full scope of data processing, its purposes or storage periods. In certain cases, we process your data with the social network provider on the basis of joint responsibility within the meaning of Art. 26 GDPR. The processing of your personal data is necessary for the purpose of your use of the social media platform.

We are not the original provider of these pages, but merely use them within the scope of the options offered to us by the respective providers. We therefore point out as a precaution that your data may also be processed outside the European Union or the European Economic Area. Use may therefore involve data protection risks for you, as it may be more difficult to safeguard your rights, e.g. to information, deletion, objection, etc., and processing on social networks is often carried out directly for advertising purposes or to analyse user behaviour by the providers, without us being able to influence this. If usage profiles are created by the provider, cookies are often used or your usage behaviour is assigned to your own member profile on social networks.

The processing of personal data described above is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in communicating with you in a modern way and informing you about our services.

If you have to give your consent to data processing as a user to the respective providers, the legal basis is Art. 6 (1) lit. a GDPR in conjunction with Art. 7 GDPR.

As we do not have access to the providers’ data stocks, we would like to point out that, despite possible joint responsibility with the social media portal operators, it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider.

Further information on the processing of your data in social networks and the possibility of exercising your right of objection or revocation (so-called opt-out) is listed below for each social network provider we use.

Social media services

Instagram

(Joint) controller for data processing in Germany:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

LinkedIn

(Joint) controller for data processing in Europe:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

YouTube

(Joint) controller for data processing in Europe:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Web analysis

Matomo

We have integrated the Matomo component from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, into this website. Matomo is a software tool for web analysis, i.e. for collecting, gathering and evaluating data on the behaviour of visitors to websites. Among other things, data is collected about which website a data subject came to a website from (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. This is used to optimise the website and for cost-benefit analysis of internet advertising. The software is operated on the server of the controller, and the log files, which are sensitive in terms of data protection, are stored exclusively on this server. Matomo sets a cookie on your IT system. Setting the cookie enables us to analyse the use of our website. Each time one of the individual pages of this website is accessed, the Matomo component automatically prompts the internet browser on your IT system to transmit data to our server for the purpose of online analysis. As part of this technical process, we obtain personal data, such as the IP address of the data subject, which we use, among other things, to track the origin of visitors and clicks.

The cookie is used to store personal information, such as the access time, the location from which access originated and the frequency of visits to our website. Each time you visit our website, this personal data, including the IP address of the Internet connection you are using, is transmitted to our server. This personal data is stored by us. We do not pass this personal data on to third parties. These processing operations are carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR.

Matomo privacy policy: https://matomo.org/privacy/.

Plugins and other services

OpenStreetMap

We have integrated map sections from the online map tool ‘OpenStreetMap’ into our website. This is a so-called open source mapping service that we can access via an API (interface). This function is provided by the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. By using this service, you can, for example, view our location and make it easier to find us. When you visit the subpages in which OpenStreetMap is integrated, information about your use of our website (such as your IP address, data about your browser, device type, operating system) is transmitted to OpenStreetMap and stored there.

OpenStreetMap uses the content delivery network (CDN) of Fastly, Inc., PO Box 78266, San Francisco, CA 94107, USA (fastly). A CDN is a service that helps deliver the content of our online offering, especially large media files such as graphics or scripts, more quickly with the help of regionally distributed servers connected via the Internet. Your data will be processed exclusively for the aforementioned purposes and to maintain the security and functionality of the CDN.

Fastly, as a US company, is certified under the EU-US Data Privacy Framework. This means that an adequacy decision pursuant to Art. 45 GDPR has been made, so that personal data may be transferred without further guarantees or additional measures. Fastly transfers personal data from the log files (e.g. IP addresses) to the US for each data processing operation, as certain servers for processing the log files are only located in the US. Fastly has therefore committed itself to complying with the standards and regulations of European data protection law. Fastly’s current privacy policy can be found at: https://www.fastly.com/de/privacy/. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR. OpenStreetMap privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

Polylang

We use the WordPress plug-in Polylang from WP SYNTEX, 28, rue Jean Sébastien Bach, 38090 Villefontaine, France. This service enables us to publish content on our website in multiple languages. This also includes the display of emojis. The following data is used to calculate the dynamic content. The WP Syntex cookie is set exclusively to recognise and record the language used or selected by the user. This cookie is stored for one year and then deleted. The data processed is always the IP address and the language setting selected. These processing operations are based on our legitimate interest within the meaning of Art. 6 lit. f) GDPR in a reliable and appealing online presence in order to increase economic efficiency. The data protection provisions of WP SYNTEX can be found at: https://polylang.pro/privacy-policy/.

YouTube (videos)

We have integrated components from YouTube into this website. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube is an internet video portal that allows video publishers to upload video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete films and television programmes, as well as music videos, trailers or videos created by users themselves, can be accessed via the internet portal. Each time one of the individual pages of this website, which is operated by us and on which a YouTube component (YouTube video) has been integrated, is accessed, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. The services Google WebFonts, Google Video and Google Photo can also be downloaded from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google are informed about which specific subpage of our website you are visiting.

If you are logged into YouTube at the same time, YouTube recognises which specific subpage of our website you are visiting when you call up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account. YouTube and Google receive information via the YouTube component that you have visited our website whenever you are logged into YouTube at the same time as visiting our website; this occurs regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before visiting our website. These processing operations are carried out exclusively with your express consent in accordance with Art. 6 (1) (a) GDPR. The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This means that an adequacy decision pursuant to Art. 45 GDPR is in place, so that personal data may be transferred without further guarantees or additional measures. YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

Cookies

General information about cookies

We use cookies on our website. These are data records in the form of information that your browser automatically creates and that are stored on your IT system or end device (laptop, tablet, smartphone, etc.) when you visit our site. The cookie stores information that is related to the specific device used. However, this does not mean that we immediately obtain knowledge of your identity. The use of cookies serves, on the one hand, to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognise that you have already been with us and what entries and settings you have made, so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies enable us to automatically recognise that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.

Legal basis for the use of cookies

The data processed by cookies, which is required for the proper functioning of the website, is therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6 (1) (f) GDPR.

For all other cookies, you have given your consent in accordance with Art. 6 (1) (a) GDPR via our opt-in cookie banner (Compliance GDPR/CCPA):

Management of consent with Compliance GDPR/CCPA

For the easy and transparent management of consents required under data protection law, we use the consent management tool ‘Compliance GDPR/CCPA Cookie Consent’ (Compliance) from Compliance B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands, on our pages. This service enables us to obtain and manage the consent of website users for data processing.

Complianz uses cookies to collect data generated by end users who use our website. When an end user gives their consent, Complianz automatically logs the following data:

Browser information,
Date and time of access,
Device information,
The URL of the page visited,
Banner language,
Consent ID,
The consent status of the end user, which serves as proof of consent.

The consent status is also stored in the end user’s browser so that the website can automatically read and comply with the end user’s consent for all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular limitation period in accordance with Section 195 of the British Civil Code. The data is then deleted immediately. The functionality of the website cannot be guaranteed without the processing described. The user has no right to object as long as there is a legal obligation to obtain the user’s consent to certain data processing operations (Art. 7(1), 6(1) sentence 1 lit. c) GDPR). Complianz is the recipient of your personal data and acts as a processor for us. Data processing takes place exclusively within the European Union. Further information on Complianz and data protection can be found at: https://complianz.io/legal/.

Information on avoiding cookies in common browsers

You can delete cookies, allow only selected cookies or completely deactivate cookies at any time via the settings of your browser. Further information is available on the support pages of the respective providers:

https://support.google.com/chrome/answer/95647?tid=311178978.
https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=311178978.
https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311178978.
https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09.

Your rights as a data subject

Right to confirmation – You have the right to request confirmation from us as to whether personal data concerning you is being processed.

Right to information Art. 15 GDPR – You have the right to obtain from us, free of charge, information about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

Right to rectification Art. 16 GDPR – You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

Right to erasure Art. 17 GDPR – You have the right to request that we erase personal data concerning you without undue delay, provided that one of the legally prescribed reasons applies and that the processing or storage is not necessary.

Right to restriction of processing Art. 18 GDPR – You have the right to request that we restrict processing if one of the legal requirements is met.

Right to data portability Art. 20 GDPR – You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

Right to object Art. 21 GDPR – You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) (data processing in the public interest) or Art. 6(1)(f) GDPR (data processing based on a balancing of interests), to object to the processing of personal data concerning you. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. In individual cases, we process personal data for the purpose of direct marketing. You may object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is related to such direct marketing. If you object to us processing your data for direct marketing purposes, we will no longer process your personal data for these purposes.

In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you that we carry out for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Right to withdraw consent under data protection law – You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

Right to lodge a complaint with a supervisory authority – You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection. A list of the contact details of the data protection officers in the federal states and the supervisory authorities for the non-public sector, as well as in other countries, can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information, BfDI under Addresses and Links.

Automated decision-making & profiling

We do not use profiling within the meaning of Art. 22 GDPR in the context of the use of our websites.

Routine storage, deletion and blocking

We process and store your personal data only for the period necessary to achieve the purpose of storage or as provided for by the legal provisions to which our company is subject.

If the storage purpose no longer applies or a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.

Further data protection questions

If you have any further questions, comments or other enquiries regarding your personal data that are not answered here, please contact us using the contact options provided.