PRIVACY POLICY

Data protection officer:

Herr Markus Döllinger
Ahornweg 12
92721 Störnstein
Email: datenschutz(at)hornglas.de

 

Data protection information, valid from: 31 October 2022

– Information in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) –

Below we wish to inform you about the processing of your personal data by us and the rights you are entitled to under data protection regulations.

 

1. Who is responsible for the data processing and whom can I contact?

The data controller is:

HORN® Glass Industries AG
CEO: Stephan Meindl
Bergstrasse 2
95703 Plössberg
HRB 2146 Weiden Local Court
Tel.: 09636 9204-0
Fax: 09636 9204-10


You can contact our data protection officer at:

Herr Markus Döllinger
Ahornweg 12
92721 Störnstein
Email: datenschutz(at)hornglas.de

 

2. What sources and data do we use?

We process personal data that we receive from you within the scope of our business relationship. In addition, we process - to the extent necessary for the business relationship - personal data which we have received from other companies or third parties (e.g. credit rating authorities) in a legally permissible manner (e.g. to execute orders, to fulfil contracts or on the basis of a consent given by you). At the same time we process personal data which we have legitimately obtained from publicly accessible sources (e.g. debtor lists, land registers, commercial registers, press, media) and are permitted to process.
The relevant personal data consists of personal details (name, address and other contact details, date and place of birth and nationality), legitimation data (e.g. ID card details), and all data required to fulfil the contract.

 

3. For what purpose do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):


3.1 To fulfil contractual obligations (Art. 6 Section 1b GDPR)

The processing of personal data (Art. 4 No. 2 GDPR) is carried out in order to fulfil business activities with customers, prospective customers and suppliers

3.2 As part of the balancing of interests (Art. 6 Section 1f GDPR)

As far as necessary, we process your data beyond the actual fulfilment of the contract in order to protect our legitimate interests or those of third parties.

 

4. Who receives my data?

The data is processed in order to be able to fulfil business requirements, and your data will not be resold or transferred to unauthorised third parties.

 

5. For how long will my data be stored?

If necessary, we process and store your personal data for the duration of our business relationship, which for example also includes the initiation and execution of a contract. The duration of the storage is also determined by legal obligations.

 

6. Is data transferred to a non-EU country or to an international organisation?

Data will only be transferred to third countries (countries outside the European Economic Area - EEA) if this is necessary for the execution of your orders, is required by law or if you have given us your consent.

Information on data transfer to the USA and other non-EU countries
Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyse, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.

 

7. What are your privacy rights?

Every data subject has the right to information in accordance with Art. 15 GDPR, the right of rectification in accordance with Art. 16 GDPR, the right of deletion in accordance with Art. 17 GDPR, the right to restrict processing in accordance with Art. 18 GDPR and the right to data transferability under Art. 20 GDPR. The right of information and the right of deletion are subject to the restrictions of §§ 34 and 35 BDSG. In addition, you have the right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

 

8. To what extent is automated decision-making applied in individual cases?

As a matter of principle, we do not use a fully automated decision-making process in accordance with Art. 22 GDPR to establish and implement the business relationship. If we use these procedures in individual cases, we will inform you of this separately if this is required by law.

 

9. Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”).

Google Analytics uses so-called “cookies”, text files which are stored on your computer and facilitate analysis of your usage of this website. The information generated by the cookie is usually transmitted to Google server in the USA and stored there. If the IP anonymization on this website is activated, your IP address will, however, be shortened before by Google within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website Google will use such information to analyse your website usage, to compile reports on website activities and to provide further services in connection with website usage and internet usage to the website operator.

The IP address transmitted by your browser within the framework of Google Analytics will not be amalgamated with other Google data. You can prevent the storage of the cookies by adjusting your browser software accordingly; but please be aware that in this case you might not be ab le to use all functions of this website to their full extent.  Furthermore, you can prevent the collection and disclosure of data generated by the cookie and referring to your usage of the website (including your IP address) to Google as well as the processing of such data by Google by downloading and installing the browser plug-in available on the following link: https://tools.google.com/dlpage/gaoptout.

This website applies Google Analytics with the expansion “ anoymizelp()”. Therefore, IP addresses will only be processed in the shortened version in order to exclude direct reference to any persons.

We also use Google Analytics for analysing data from AdWords and the double-click cookie for statistical purposes. If you do not wish this to take place, you can deactivate this function via the ads preferences manager (https://www.google.com/settings/ads/onweb/).

 

10. Facebook Pixel

We use the Facebook Pixel as part of the technologies of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") outlined below. The Facebook Pixel automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter), from which usage profiles are created using pseudonyms. For this purpose, a cookie is automatically set by the Facebook Pixel when you visit our website, which automatically enables recognition of your browser when visiting other websites by means of a pseudonymous CookieID. Facebook will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website use, in particular personalized and group-based advertising. We have no influence on the data processing by Facebook and only receive statistics generated on the basis of Facebook Pixel.

The information automatically collected by Facebook technologies about your use of our website is generally transmitted to a server of Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation is based on standard data protection clauses of the European Commission. Data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. For further information on data processing by Facebook, please refer to the privacy notices of Facebook de-de.facebook.com/policy.php.

To prevent the collection of your data by means of the Facebook pixel on our website, please click on "Edit cookie setting" at the top of the page.

 

11. LinkedIn Insight Tag

This website uses the Insight tag from LinkedIn. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processing by LinkedIn Insight tag
We use the LinkedIn Insight tag to obtain information about visitors to our website. Once a website visitor is registered with LinkedIn, we can analyze the key occupational data (e.g., career level, company size, country, location, industry, job title) of our website visitors to help us better target our site to the relevant audience. We can also use LinkedIn Insight tags to measure whether visitors to our websites make a purchase or perform other actions (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also features a retargeting function that allows us to display targeted advertising to visitors to our website outside of the website. According to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser characteristics and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data will then be deleted within 180 days.

The data collected by LinkedIn cannot be assigned by us as a website operator to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own promotional activities. For details, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6(1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of Art. 6(1)(f) GDPR; the website operator has a legitimate interest in effective advertising promotions that include the utilization of social media.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of LinkedIn Insight Tag
You can object to LinkedIn’s analysis of user behavior and targeted advertising at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

In addition, LinkedIn members can control the use of their personal information for promotional purposes in the account settings. To prevent LinkedIn from linking information collected on our site to your LinkedIn account, you must log out of your LinkedIn account before you visit our site.

Data processing
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

 

12. Tik Tok Pixel

The provider uses the TikTok Pixel on its website. The TikTok Pixel is a TikTok advertiser tool from the two providers

  • TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and
  • TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (both hereinafter collectively referred to as “TikTok”).

The TikTok Pixel is a snippet of JavaScript code that allows us to understand and track visitor activity on the provider's website. To do this, the Tiktok Pixel collects and processes information about visitors to the website or the devices they use (so-called event data).

The event data collected via the TikTok Pixel is used for targeting our ads and to improve ad delivery and personalized advertising. For this purpose, the event data collected on our website using the TikTok pixel is transmitted to TikTok.

Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the TikTok Pixel, via which information is stored on the device you are using. Such storage of information by the TikTok pixel or access to information that is already stored in your end device only takes place with your consent. The legal basis for the collection and transmission of personal data by the provider to TikTok is therefore Article 6 (1) (a) GDPR. You can revoke your consent at any time via "Cookie Settings" at the top of this page.

This collection and transmission of the event data is carried out by the provider and TikTok as jointly responsible. There is an agreement with TikTok on processing as a joint controller, which defines the distribution of data protection obligations between the provider and TikTok. In this agreement, both parties have agreed, among other things, that the provider is responsible for providing you with all information pursuant to Articles 13, 14 GDPR on the joint processing of personal data and that TikTok is responsible for protecting the rights of data subjects in accordance with Art. 15 to 20 GDPR with regard to the personal data stored by TikTok Ireland after joint processing.

You can access the agreement concluded between the provider and TikTok at https://ads.tiktok.com/i18n/official/article?aid=300871706948451871.

TikTok is solely responsible for the processing of the transmitted event data that follows the transmission. For more information on how TikTok processes personal data, including the legal basis on which TikTok relies and how you can exercise your rights against TikTok, see TikTok's data policy at https://www.tiktok.com/legal/privacy -policy?lang=de-DE .

13. Privacy policy for Microsoft Clarity

Personal data is processed when you visit this website. Categories of data processed: Data for the creation of usage statistics. Purpose of processing: Anonymisation and creation of statistics and analysis of user behaviour. The legal basis for processing: Your consent in accordance with Art. 6 (1) a GDPR. A transfer of data takes place: to the independent controller Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The legal basis for the transfer of data to Microsoft Ireland Operations Ltd. is your consent in accordance with Art. 6 (1) a GDPR. This may also involve the transfer of personal data to a country outside the European Union. The transfer of data to the USA is based on Art. 45 GDPR in conjunction with the European Commission's adequacy decision C(2023) 4745, as the data recipient has undertaken to comply with the data processing principles of the Data Privacy Framework (DPF). Information about the DPF membership of Microsoft Ireland Operations Ltd. For an e-mail contact to the Data Protection Officer of Microsoft Ireland Operations Ltd: https://www.microsoft.com/de-at/concern/privacy. The privacy policy of Microsoft Ireland Operations Ltd: https://privacy.microsoft.com/de-de/privacystatement.