Data Privacy notice in accordance with GDPR
1. Scope of the processing of personal data
You can count on us to protect the privacy and security of your personal data: Protecting your privacy when processing personal data is an important concern for HSP Schwahlen GmbH, which we take into account in all our business processes. With this data protection notice, we would therefore like to explain to you the basic rules of our handling of personal data - which naturally takes place in compliance with the applicable European and national data protection regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing data.
3. Purpose of the data processing
When you visit our websites, your browser transmits certain data to our web server due to technical requirements. We use this technical access information to continuously improve the attractiveness and usability of our Internet pages and their content and to identify possible technical problems of our Internet presence. In addition, to protect our legitimate interests, we store this data for a limited period of time in order to be able to trace it back to personal data in the event of unauthorized access or attempted access to our servers. What information this is in detail, they can be found on the following pages.
In addition to automatically collected data, we also process the data that you have voluntarily provided to us with in the context of newsletter registrations, contact requests, or our online forms.
4. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. This data is recorded in the form of logs.
The following data is collected:
- IP address of the user
- Date and time of access
- HTTP method
- HTTP version
- Websites from which the user's system accesses our website
- Websites that are called up by the user's system via our website
- Browser Agent
- HTTP status code of the server response
- Size of the response in bytes
This processing is technically necessary for the display of our website. We also use the data to ensure the security and stability of the website.
The processing of the aforementioned data is necessary for the provision of the website which is the legitimate interest of our company. The legal basis for this processing is therefore Art. 6 (1) (f) GDPR.
Use of contact forms
Our website contains a contact form that can be used for contacting us online. If a user makes use of this form, the data entered in the input mask is transmitted to us and stored. Apart from the information entered by you in the respective input mask, no other data is being processed.
In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the conversation, i.e. the processing of the personal data from the input mask serves us solely to process the contact. In the case of contact, this also constitutes the necessary legitimate interest in the processing of the data, so that the legal basis for the processing is Art. 6 (1) (f) GDPR.
The data is deleted by us as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has finished. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
Online presences in social media, external services and content on our website.
We maintain online presences within social networks in order to communicate with prospective customers and users that are active there and to be able to inform them about our events and news. In this context, we include external services or content by linking to them on our website. When you use such a service (click on the link and open the platform) or when third-party content is displayed to you, communication data (such as IP addresses or general device information) is exchanged between you and the respective provider for technical reasons.
In addition, it may be that the provider of the respective external services or content collects personal data about you - for example, by means of corresponding cookies - and then processes it for further, own purposes. We have configured services or content from providers that are known to process data for their own purposes to the best of our knowledge and belief in such a way that either communication for purposes other than the presentation of the content or services on our website does not take place or communication only takes place when you actively decide to use the external service. However, since we generally or to a large extent have no influence on the data collected by third parties and its processing by them, we cannot make any binding statements about the purpose and scope of the processing of your data.
For more information about the purpose and scope of the collection and processing of your data by the providers of the corresponding external services, as well as information about the privacy policies of the respective providers of the external services or content integrated by us, please refer to the following links:
Data protection notice: https://www.linkedin.com/legal/privacy-policy
Data protection notice: https://policies.google.com/privacy
HSP Schwahlen operates a profile on LinkedIn. LinkedIn is a social network and online platform for professionals, specialist personnel and managers.
According to Art. 26 GDPR we are jointly responsible with LinkedIn for the use of the Page Insights during the operation of our LinkedIn profile. LinkedIn has entered into an arrangement with us that determines who is responsible for fulfilling which obligations with respect to data protection. This agreement can be accessed here. According to this agreement, LinkedIn is primarily responsible for providing the data subject with information concerning the joint processing and for enabling the data subject to exercise its data protection rights. Independently of this agreement, we hereby inform you concerning your visit to our profile and thus provide you with the information required under data protection legislation.
You can contact LinkedIn at:
LinkedIn Ireland Unlimited Company
Dublin 2, Ireland
Online, you can reach LinkedIn here.
You can reach LinkedIn's data protection officer at
a) Data Collected by Linkedin
b) Data used by us and legal basis
LinkedIn provides us with statistics and usage data that we can use to analyze the use of our LinkedIn page (so-called "page insights"). This enables us to continuously improve our offer on LinkedIn. We, as the operator, do not make any decisions regarding the processing of insights data and all other information resulting from Art. 13 GDPR, such as storage period of cookies on user end devices. The primary responsibility under the GDPR for the processing of Insights Data lies with LinkedIn. In this regard, we also refer to the joint responsibility agreement pursuant to Art. 26 of the GDPR that LinkedIn has entered into with us and to the obligations assumed by LinkedIn thereafter.
We, as the page administrator, have no other way of evaluating user behavior on our LinkedIn page, not even via user tracking. It is also fundamentally not possible for us to identify the visitor to our LinkedIn page on the basis of the page insights. In particular, according to the Agreement with LinkedIn, we have no right to demand that LinkedIn disclose individual visitor data. In addition to any personal data provided directly to us by users, information about the user's profile, likes and posts is visible to us depending on the user's privacy settings.
You can see what information LinkedIn uses to create Page Insights here. here view it.
The operation of the LinkedIn profile and the use of page insights serve our legitimate interest in effective external presentation and communication with our interested parties. This interest justifies the operation of the page both against the legitimate interests of LinkedIn users and against visitors to our profile who do not have a LinkedIn account. Accordingly, the legal basis is Art. 6 (1) (f) GDPR.
We use Google Maps on our website. This allows you to view the location of our business, get reviews and other information about us, and find the best possible route to us. For Google Maps, the following privacy notice applies in addition to the one by Google.
Google Maps is a service provided by Google Ireland Limited ("Google"). We have concluded a data processing agreement with Google, with which Google has agreed to maintain the security and confidentiality of your personal data.
You can reach Google at:
Google Ireland Limited
Gordon House, Barrow Street
Phone: +353 1 543 1000
Fax: +353 1 686 5660
You can reach Google's data protection team here.
Collection and storage of personal data and the nature, purpose and use of such data.
Further information on the processing of personal data at Google can be found here.
Google collects data regardless of whether you are logged in to a Google account or not.
If you are not logged in, information such as the IP address, information about the visited website including unique identifiers and technical information again browser type and operating system, will be stored. If you use Google Maps to plan a route to us, the starting point will also be stored.
If you are logged in to Google, your name and possibly phone number and payment information and other information that you provide will also be processed.
When using Google Maps, there is a risk that personal data will be transferred to Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The United States does not have a level of data protection comparable to the GDPR. Therefore, Google Ireland Limited uses standard contractual clauses for the transfer, including additional measures that ensure an appropriate level of data protection.
The legal basis for the use of Google Maps is your consent pursuant to Art. 6 (1) a DSGVO.
5. Cookie Guidelines
You can change your preferences about setting cookies on our website at any time here. The changes will take effect immediately.
The technical cookie is automatically deleted when the local browser is closed or a certain time (24h) has passed without the user having performed any actions on the website.
Besides this we functional cookies for Google Analytics. These cookies (“_ga”, “_gid” and “_gat” are stored with your consent to analyze and improve the use of our website. Depending on the individual cookie, they are stored between 1 min to 2 years.
You can deselect cookies that have already been set with immediate effect here. If you change your settings and reject cookies, certain functions and features of our website may not work as intended.
Use of Google Analytics
We use the web analytics service Google Analytics to analyze and improve the use of our website. This allows us to improve our offer for you.
Google Maps is a service provided by Google Ireland Limited ("Google"). We have concluded a data processing agreement with Google, with which Google has undertaken to maintain the security and confidentiality of your personal data.
You can reach Google at:
Google Ireland Limited
Gordon House, Barrow Street
Phone: +353 1 543 1000
Fax: +353 1 686 5660
You can reach Google's privacy team here.
Google Analytics stores cookies on your terminal device for analysis. These are only stored with your consent. You can find more information about data protection at Google Analytics here.
When using Google Analytics, the following data is collected:
- Pages viewed and interaction with the site (e.g. contact requests)
- Your behavior on the pages (for example, dwell time, clicks, scrolling behavior)
- Your IP address and based on it the location
- Technical information such as browser, Internet provider, terminal device and screen resolution
- The website from which you have reached our site (referrer)
- The IP address is shortened immediately after it is recorded. In this way, an identification of you is no longer possible and the IP address is anonymized.
- Furthermore, a Google Analytics cookie contains a randomly generated ID that can be used to recognize you when you visit the website again.
When using Google Analytics, there is a risk that personal data will be transferred to Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The United States does not have a level of data protection comparable to the GDPR. Therefore, Google Ireland Limited uses standard contractual clauses for the transfer, including additional measures that ensure an appropriate level of data protection.
If you wish to prevent further data processing by Google Analytics, you can do so with a browser plugin or revoke your consent.
The legal basis for the use of Google Analytics is your consent, Art. 6 (1) (a) GDPR.
6. Data retention period
Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, storage may still be necessary if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract. We automatically delete data stored for technical reasons after 7 days.
7. Right to object and withdrawal of consent
The user has the possibility to revoke his consent to the processing of personal data at any time (see also rights of data subjects). If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
8. Rights of the data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
- Right to obtain information about the data we hold about you, Art. 15 GDPR;
- Right to rectify, erase or restrict the processing of your personal data, Art. 16-18 GDPR;
- Right to object to processing that serves
- our legitimate interest, a public interest or profiling, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims, Art. 21 GDPR;
- right to data portability, Art. 20 GDPR;
- right to complain to a supervisory authority, Art. 77 GDPR;
- right to revoke at any time with future effect any consent you may have given for the collection, processing and use of your personal data, Art. 7 (3) GDPR. For more information, please refer to the respective sections above, where data processing based on your consent is described.
If you wish to exercise your rights, you can, for example, address your request to the data protection officer mentioned below, use our contact form on the website or send an e-mail to: firstname.lastname@example.org
9. Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is the:
HSP Schwahlen GmbH
Tel.: 02173 - 399 18-0
Fax: 02173 - 399 18-10
Contact of the data protection officer
You can contact the data protection officer at:
Data Protection Officer
HSP Schwahlen GmbH
10. Updates to this privacy notice
This privacy notice may be amended by us at any time to reflect changes on our website.
Thank you for reading this privacy notice.
Last update: October 2022