Select language

Data Privacy Policy

Name and contact info for the controller as per Article 4 (7) GDPR
Company: Hydro-Elektrik GmbH
Address: Angelestrasse 48/50, 88214 Ravensburg, Germany
Tel.: +49 751 6009 - 0
Fax: +49 751 6009 - 33 
E-mail: info@hydro-elektrik-nospam.de

Data Protection Officer
Name: Data protection and privacy | Dieter Grohmann 
Address: Beethovenstrasse 23, 87435 Kempten, Germany
E-mail: info@datenschutzprivacy-nospam.de

 

Security and protection for your personal data

We consider it our most important task to ensure that the personal data you provided remains confidential and protected from unauthorized access. For this reason, we take utmost care and adopt the latest security standards to guarantee maximum protection for your personal data.

As a company under private law, we are subject to the provisions in the European General Data Protection Regulation (GDPR) and German Federal Data Protection Act (BDSG) regulations. We have adopted technical and organisational measures to ensure that both we and our external service providers meet data privacy regulations.


Definition of terms

Legislation requires that personal data is lawfully processed in good faith and in a way which is open to scrutiny for the person concerned ("legality, processing in good faith, transparency"). Below, we inform you about the individual legal definition of terms, which are also used in this data privacy policy:

1. Personal data
"Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter: "data subject"); an identifiable natural person is regarded as one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more features specific to the physical, physiological, genetic, mental, economic, cultural or social identity of said natural person.

2. Processing
"Processing" refers to any procedure or set of procedures which is performed on personal data or on sets of personal data, whether or not by automated means. These include measures such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, erasure or destruction.

3. Restriction of processing
"Restriction of processing" refers to the marking of saved personal data with the aim of limiting their processing in the future.

4. Profiling
"Profiling" refers to any type of automated processing of personal data, where the personal data is used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

5. Pseudonymisation
"Pseudonymisation" refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data cannot be associated with an identified or identifiable natural person.

6. File system
"File system" refers to any structured set of personal data which is accessible according to specific criteria, irrespective of whether this set is managed in a centralised or decentralised system or dispersed on a functional or geographical basis.

7. Controller
"Controller" refers to a natural or legal person, public authority, agency or other body which, solely or jointly with others, determines the purposes and means of processing personal data; if Union or Member State law determines the purposes and means of such processing, Union or Member State law may designate the controller or the specific criteria for their nomination.

8. Processor
"Processor" is a natural or legal person, public authority, agency or other body which processes personal data on the controller's behalf.

9. Recipient
"Recipient" refers to a natural or legal person, public authority, agency or other body to whom/which the personal data is disclosed, whether they are a third party or not. However, public authorities which possibly receive personal data within the bounds of a particular inquiry as per Union or Member State law are not regarded as recipients; the processing of such data by such public authorities shall be in compliance with the applicable data privacy rules according to the purposes of the processing.

10. Third party
"Third party" refers to a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

11. Consent
The data subject's "consent" refers to any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of their personal data with a statement or through a clear, affirmative action.


Lawfulness of processing

Processing of personal data is only lawful if there is a legal basis for processing. According to Article 6 (1) lit. a–f GDPR, the legal basis for processing may be the following in particular:

a. The data subject has given their consent to the processing of their personal data for one or more specific purposes;

b. Processing is required to perform a contract to which the data subject is party or to take steps at the data subject's request prior to entering into a contract;

c. Processing is required to comply with a legal obligation to which the controller is subject;

d. Processing is required to protect the data subject's or another natural person's vital interests;

e. Processing is required to perform a task carried out in the public interest or to exercise official authority vested in the controller;

f. Processing is required for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the data subject's interests or fundamental rights and freedoms which require protection of personal data, in particular if the data subject is a child.


Information on the collection of personal data

(1) You will find information on how we collect personal data when you use our website below. Personal data includes information such as name, address, e-mail address, and user behaviour.

(2) If you contact us by e-mail or using a contact form, we save and store the information that you provide (your email address and possibly your name and telephone number) to answer your questions. We erase the data that you provide in this way when we no longer need to store it or we limit its processing if there is a statutory obligation to retain it.

Collection of personal data from visits to our websiteIf you are using this website solely to obtain information, i.e. if you have not logged in, registered, or otherwise provided us with information, we will not collect any data except for the data that your browser forwarded to us. If you wish to view our website, we collect the data listed below. We require it for technical purposes, so we can display our website to you and ensure it is stable and secure (legal basis: Art. 6 (1) Sentence 1 lit. f GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status /HTTP status code
  • Volume of data transmitted
  • Website making the request
  • Browser
  • Operating system and its interface
  • Language and version of browser software.


Use of cookies

(1) Cookies are also saved to your computer when you use our website in addition to the aforementioned data being collected. Cookies are small text files which are saved to your hard drive and are correlated to the browser you are using. They provide certain information to the party placing the cookie. Cookies are not able to execute programs or transmit viruses to your computer. They are used to make the website more user-friendly and more efficient as a whole.

(2) This website uses the following types of cookies. Their scope and mode of operation are explained below:

  • Transient cookies (see a.)
  • Persistent cookies (see b.).

a. Transient cookies are automatically deleted when you close your browser. These particularly include session cookies. Session cookies store what is known as a session identifier that can be used to correlate different requests from your browser during the shared session. This allows your computer to be recognised when it returns to the website. Session cookies are deleted when you log out or you close your browser.

b. Persistent cookies are automatically deleted after a specific time period, which may vary, depending on the cookie. You can delete cookies in your browser's security settings at any time.

c. You can configure your browser settings as required 

and decline to accept third-party cookies or all cookies, for example. "Third party cookies" are cookies which are placed by a third party and not by the website which you are currently visiting. We point out that you may not be able to use all functions on this website if you disable cookies.

Other functions and offerings of our website

(1) In addition to using our website for purely information purposes, you can also use the different services that we offer. To do so, you generally need to give us further personal data, which we will use to provide the service concerned and to which the aforementioned basic principles on data processing apply.

(2) We also make use of external service providers to process your data at times. We have carefully selected these service providers. They are obliged to comply with our instructions and undergo inspection on a regular basis.

(3) We may also pass on your personal data to third parties when we offer promotional campaigns, competitions, contracts or similar services in conjunction with partners. You can receive more information in this respect if you provide your personal data or see the description of the offer below.

(4) If our service provider or partner has its headquarters in a state outside the European Economic Area (EEA), we will inform of the consequences in a description of the offer.


Children

Our range is generally intended for adults. Persons under 18 years should not transmit any personal data to us without their parents' or legal guardian's consent.


Rights of the data subject

(1) Withdrawal of consent

You have the right to withdraw your consent at any time if your personal data is processed as a result of you agreeing to its use. This withdrawal of consent has no impact on the legality of data processing activity up to the point in time when consent was withdrawn.

You can exercise your right to cancellation by contacting us at any time.

(2) Right of confirmation
You have the right to require confirmation from the controller whether we process the personal data concerned or not. You can request confirmation using the aforementioned contact details at any time.

(3) Right to information
You have the right to obtain information about personal data and the following information if your personal data is being processed: 

a. The purposes of processing;

b. The categories of personal data which is processed;

c. The recipients or categories of recipient to whom the personal data has been or will be disclosed, particularly recipients in third countries or in international organisations;

d. Wherever possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine the period of time;

e. The existence of the right to request that the controller rectify or erase of personal data or restrict processing of your personal data, or of the right to object to such processing;

f. The right to file a complaint with a supervisory authority;

g. Any available information as to its source if the personal data is not collected from the data subject;

h. the existence of an automated decision-making process, including profiling, referred to in Article 22 (1) and (4) GDPR and, as a minimum in such cases, meaningful information about the logic involved, and the significance and envisaged consequences of such processing for the data subject.

If personal data is transferred to a third country or an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer as per Article 46 GDPR. We will provide a copy of the personal data which is subject to processing. The controller may charge a reasonable fee based on administrative costs for any further copies that you request. If you make the request by electronic means, the information will be provided in a commonly used electronic format unless you request otherwise. The right to obtain a copy as per Paragraph 3 must not adversely affect the rights and freedoms of others.

(4) Right to rectification
You have the right to obtain rectification of inaccurate your personal data from us without undue delay. You have the right to have incomplete personal data completed, including by means of a supplementary statement, while bearing in mind the purposes of the processing.

(5) Right to erasure ("right to be forgotten")
You have the right to obtain from the controller the erasure of your personal data without undue delay. The controller is obliged to erase personal data without undue delay when one of the following reasons applies:

a. The personal data is no longer needed in relation to the purposes for which they were collected or otherwise processed.

b. The data subject withdraws consent on which processing is based according to Article 6 (1) lit. a, or Article 9 (2) lit. a GDPR, and where there is no other legal ground for the processing.

c. The data subject files an objection to processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for processing, or the data subject files an objection to processing in accordance with Article 21 (2) GDPR.

d. The personal data has been processed unlawfully.

e. The personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject.

f. The personal data has been collected in relation to offered information society services specified in Article 8 (1) GDPR.

If the controller has made the personal data public and is obliged to erase the personal data as per Paragraph 1, the controller will take reasonable measures based on the available technology and the cost of implementation. These will include technical measures to inform controllers who are processing the personal data that the data subject has requested such controllers erase any copies or replications of the personal data concerned and any links to said data.

The right to erasure ("the right to be forgotten") does not exist where processing is required to: 

  • Exercise the right of freedom of expression and information;
  • Comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest, or to exercise of official authority vested in the controller;
  • Safeguard public interest in the area of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;
  • Fulfil archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR if the right referred to in Paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
  • Establish, exercise or defend legal claims.

(6) Right to restriction of processing
You are entitled to require us to restrict processing of your personal data if one of the following applies:

a. The data subject contests the accuracy of the personal data. Processing is restricted for a period to allow the controller to verify the accuracy of the personal data;

b. The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;

c. The controller no longer needs the personal data for processing purposes, but the data subject requires it to establish, assert, or defend legal claims; or

d. The data subject has objected to processing in line with Article 21 (1) GDPR, pending verification as to whether the legitimate grounds of the controller override those of the data subject.

If processing has been restricted as per the aforementioned requirements, irrespective of whether they are stored or not, such personal data will only be processed with the data subject's consent or to establish, assert, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest in the Union or a Member State. 

The data subject may contact us at any time using the aforementioned contact details to assert the right to restrict processing. 

(7) Right to data portability
You have the right to receive your personal data which you have provided to a controller in a structured, commonly used and machine-readable format. You have the right to transmit such data to another controller without hindrance from the controller to whom the personal data has been provided if:

a. Its processing is based on consent as per Article 6 (1) lit. a or Article 9 (2) lit. a or on a contract as per Article 6 (1) lit. b GDPR; and

b. Processing is carried out using automated means.

When exercising your right to data portability as per Paragraph 1, you have the right to have the personal data transmitted directly from one controller to another if this is technically feasible. Exercising the right to data portability is without prejudice to the right to erasure ("right to be forgotten"). This right does not apply to processing which is required to perform a task carried out in the public interest or to exercise official authority vested in the controller.

(8) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions. The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for processing which override the data subject's interests, rights and freedoms, or processing serves to establish, assert, or defend legal claims.

If personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing at any time. This also includes profiling if it is related to such marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

You may exercise your right to object by automated means using technical specifications in conjunction with the use of information society services, and notwithstanding Directive 2002/58/EC.

If personal data is processed for scientific or historical research purposes or statistical purposes as per Article 89 (1), you have the right to object to processing of your personal data on grounds related to your particular situation unless processing is necessary to perform a task carried out for reasons of public interest.

You may exercise your right to object at any time by contacting the controller concerned.

(9) Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or affects you significantly in a similar way. This does not apply if the decision:

a. Is required to enter into or fulfil a contract between the data subject and a data controller;

b. Is authorized by Union or Member State law to which the controller is subject and which also specifies suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or

c. Is based on the data subject's explicit consent.

The controller will implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, which include, as a minimum, the right to obtain human intervention on the part of the controller's behalf, to express their point of view, and to contest the decision.

The data subject may exercise this right at any time by contacting the controller concerned.

(10) Right to lodge a complaint with a supervisory authority 
Without prejudice to any other administrative or judicial remedy, you also have the right to file a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that processing your personal data breaches this regulation. 

(11) Right to an effective judicial remedy
Without prejudice to any other administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority as per Article 77 GDPR, you have the right to an effective judicial remedy if you consider that your rights under this regulation have been infringed as a result of your personal data being processed in breach of this regulation.


Use of Matomo 

see below


Use of social media plug-ins


No such plug-ins are currently integrated

Contact form and e-mail contact(1) A contact form is available on our website and can be used for electronic contact. If you use this option, the data you enter in the entry mask will be transmitted to us and stored. This data is:

  • Title (if specified)
  • Company (if specified)
  • First name
  • Surname
  • Street
  • Postcode
  • City/Town
  • Country (if specified)
  • Telephone (if specified)
  • Fax (if specified)
  • E-mail address
  • Your request (if specified)
  • Request to be contacted (if specified)

When sending the message, the following data is also stored:

  • The user's IP address
  • Data and time of form transmission

Your consent will be requested for the processing of data based on the sending process and you will be referred to this privacy statement.

Alternatively, you can also contact us using the e-mail address provided or the contact links for contact persons. In this case, the personal data transmitted with the e-mail will be saved (for contact links, name, e-mail and free text). Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel to answer your query.

Such data will not be disclosed to third parties. The data is exclusively used for processing the conversation.

(2) The legal basis for the processing of personal data is, with corresponding user consent, Art. 6 (1) Sentence 1 lit. a GDPR. The legal basis for the processing of data transmitted through sending an e-mail is Art. 6 (1) Sentence 1 lit. f GDPR. If the e-mail contact aims to conclude a contract, the additional legal basis for processing is Art. 6 (1) Sentence 1 lit. b GDPR.

(3) We only process personal data from the entry mask for the purpose of contact processing. We will only use the data from your e-mail query for the purpose for which you provide them when making contact. In the case of contact via e-mail, the essential, legitimate interest in data processing also lies in providing an answer. Any other personal data processed during the sending process serves to prevent misuse of the contact form and ensure the security of our information technology system.

(4) Data will be deleted as soon as its storage is no longer necessary to achieve the purpose of its collection. For personal data sent via the contact form and e-mail, this happens after the respective conversation with the user has ended. The conversation is considered to have ended when it can be inferred from the circumstances that the corresponding matters have been resolved. 

(5) You have the option to revoke your consent to the processing of your personal data at any time. If you contact us via e-mail, you may object to the storage of their personal data at any time. In this case, the conversation cannot be continued. Concerning the revocation of consent/objection to storage, we kindly ask you to contact the data controller or data protection officer via e-mail or post as per Section 1. All personal data stored in the course of contact will be deleted.

Disclosure of personal data to third partiesIntegration of YouTube videos(1) We have integrated YouTube videos into our online offering that are saved at www.YouTube.com and can be played directly from our website. These are all incorporated in the "extended privacy mode", which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only if the videos are played will the data specified in Para. 2 be transmitted. We have no influence over this data transmission. By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website.The following data is transmitted

  • Device-specific information, such as hardware used; operating system version; unique device ID and information on the mobile network, including your telephone number.
  • Log data in the form of server logs. These include details of how the services were used, including search queries; IP address; hardware settings; browser type; browser language; data and time of your request; original page; cookies that identify your browser of Google account
  • Location-related information. Information about your actual location may be collected by Google. This includes, for instance, your IP address, WLAN access points or mobile masts
  • Further information about the data collected by Google, INC can be found at the following link: policies.google.com/privacy

Data is forwarded irrespective of whether you have a YouTube user account or not, and are logged on or not. If you are logged in to Google, your data will be assigned directly to your account.

(2) The legal basis for the processing of personal data pertaining to the user is Art. 6 (1) Sentence 1 lit. f GDPR. Google also processes your personal data in the USA and has pledged compliance with the EU-US Privacy Shield www.privacyshield.gov/EU-US-Framework.

(3) The integration of videos serves to make the website clearer for users and to increase search engine rankings of the website on Google and to attract attention to our own videos. YouTube stores your data as a usage profile and uses it for advertising and market research purposes and/or to create a website design tailored to user needs. This type of analytics (even for users who are not logged in) is used to introduce customised advertising and inform other social network users of your activity on our website.

(4) You must log out if you do not wish your data to be correlated with your YouTube profile before pressing the button.

(5) You have the right to oppose the creation of such user profiles; you need contact YouTube to exercise this right.

(6) Further information on the purpose and scope of the data collection and its processing by YouTube can be found in the date privacy policy. There, you can obtain more information on your rights related to data collection and processing and setting options to protect your privacy: https://policies.google.com/privacy?hl=de&gl=de.


Changes to the privacy policy

We reserve the right to modify our data privacy practices and this policy in order to adapt them to amendments in relevant laws or regulations, or to better serve your requirements. Possible changes to our privacy practices will be announced accordingly. Please refer to the current version date (2018/05) of the privacy policy.


Processors

We use external service providers (processors). Separate processing of order-related data has been agreed with the service provider to safeguard the privacy of your personal data.  We work with the following service providers:

Company:: websedit AG - Internetagentur
Address: Seestr. 35, 88214 Ravensburg, Germany
Tel.: +49 751 354104-11
Fax: +49 751 354104-42
Internet: www.websedit.de

Use of Matomo Web Analytics tool

This website uses Matomo, a web analytics open-source software. Matomo uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address anonymized prior to its storage) will be stored on the server of the service provider in Germany. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.