Privacy Policy
Thank you for your interest in our company! Privacy is of the utmost importance to Hartmann Projekt GmbH’s management.
Use of the Internet site https://www.hartmannprojekt.com is possible without surrendering any personal data.
In accordance with our processing responsibilities, Hartmann Projekt GmbH has implemented numerous technical and organisational measures to ensure that the data processed through this Internet website is protected as completely as possible. Nonetheless, Internet-based data transfers may display security holes and absolute protection is not possible.
1. Term Definitions
The Privacy Policy of Hartmann Projekt GmbH is based on the terms used by the EU Directive and regulatory authority when issuing the General Data Protection Regulation. Our Privacy Policy should be easy to read and understandable for both the public and our clients and business partners. To ensure this, we will first define the terms used.
Our Privacy Policy includes the following terms:
a) Personal Data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data Subject
Data subject means any identified or identifiable natural person whose personal data is processed by the controller.
c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller./p>
i) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third Party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the Controller
The controller in the sense of the General Data Protection Regulation, other privacy laws applicable in European Union member states and other regulations related to privacy is:
Hartmann Projekt GmbH
Bussardstraße 40
71032 Böblingen
Telephone: 07034 – 64 519 21
Telefax: 07034 – 64 519 30
Email address: info@hartmannprojekt.com
Website: Hartmann Projekt GmbH
3. General Data and Information Collection
The Internet website of Hartmann Projekt GmbH collects a set of general data and information whenever it is visited by a data subject or automated system. This general data and information is saved on the log files of the server. The (1) browser type and version used, (2) the operating system used by the accessing system, (3) the Internet website from which an accessing system was navigated to our Internet website (so-called referrer), (4) the sub-websites opened from our Internet website by the accessing system, (5) the time and date of the access of our Internet website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information for averting threats to our information technology systems may be collected.
When using this general data and information, Hartmann Projekt GmbH cannot draw inferences about a data subject. Instead, such information is needed to (1) correctly display the contents of our Internet website, (2) optimise the contents of our Internet website and advertisements, (3) ensure permanent functionality of our information technology systems and the technology of our Internet website and (4) provide required information to law enforcement authorities in case of cyber-attacks. Hartmann Projekt GmbH processes this anonymously collected data and information for statistical and privacy purposes to ensure optimal protection and increased data security within our company. The anonymous data of the server log files are stored.
4. Regular Deletion and Blocking of Personal Data
The controller only processes and saves personal data of data subjects for the period necessary for achieving the purposes for which the data is saved or as required by the EU Directive and regulatory authority or another legislature through the laws and regulations applicable to the controller.
Should the purpose for which the personal data is saved no longer apply or should another storage period required by the EU Directive and regulatory authority or another legislature expire, the personal data will be blocked or deleted regularly and in accordance with statutory regulations.
5. Data Subject Rights
a) Confirmation Rights
The EU Directive and regulatory authority grants every data subject the right to demand confirmation from the controller about whether the respective personal data is processed at any time. Should a data subject wish to exercise these confirmation rights, he or she may contact an employee of the controller at any time.
b) Access Rights
The EU Directive and regulatory authority grants every data subject the right to receive information free of charge from the
controller on the personal data they have stored regarding them, and to receive a copy of this information. Furthermore, the EU Directive and regulatory authority have granted data subjects the access rights to the following information:
o Processing purposes
o Categories of processed personal data
o Recipients or categories of recipients to whom personal data was or will be disclosed, especially recipients in third countries or international organisations
o Planned duration for which personal data will be saved, if possible, or, if not possible, the criteria for determining this duration
o Existence of rectification or deletion rights for their personal data, or processing restriction rights against the controller or objection rights against the processing.
o Existence of the right to submit objections to supervisory authorities
In case of infringements of data protection law, the data subject has the right to complain to the responsible regulatory authority. The responsible regulatory authority in matters relating to data protection is the state data protection officer of the federal state where our company has its headquarters. For the state of Baden-Württemberg, the responsible regulatory authority is:
Jörg Klingbeil – Landesbeauftragter für den Datenschutz Baden Württemberg
Königstraße 10A
70173 Stuttgart
Telephone: 0711 6155410
o If the personal data have not been collected from the data subject: All available information on the origin of the data.
o Existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the General Data Protection Regulation and—at least in those cases—meaningful information about the logic involved and the significance of the envisaged consequences of such processing for the data subject
Furthermore, the data subject has access rights regarding whether personal data are being transferred to a third country or an international organisation. Should this be the case, the data subject may also demand disclosure about appropriate guarantees for the transfer.
Should a data subject wish to exercise these access rights, he or she may contact an employee of the controller at any time.
c) Rectification Rights
The EU Directive and regulatory authority grants every data subject the right to demand immediate rectification of inaccurate personal data. Furthermore, data subjects may, in consideration of the processing purpose, demand the completion of incomplete personal data – including through an additional declaration.
Should a data subject wish to exercise these rectification rights, he or she may contact an employee of the controller at any time.
d) Deletion Rights (Right to be forgotten)
The EU Directive and regulatory authority grants every data subject the right to demand the immediate deletion of their personal data from the controller if one of the following applies and if processing is not mandatory:
o The personal data were acquired or otherwise processed for purposes that are no longer required
o The data subject withdraws his or her consent for processing in accordance with Article 6(1) Point a or Article 9(2) Point a of the General Data Protection Regulation and there is no other legal basis for processing
o The data subject objects to the processing in accordance with Article 21(1) of the General Data Protection Regulation and there are no overriding legitimate reasons for processing or the data subject objects to the processing in accordance with Article 21(2) of the General Data Protection Regulation
o The personal data have been processed in an unlawful manner
o Deletion of personal data is required for fulfilling legal obligations under Union law or the Member State law applicable to the controller
o The personal data were collected for information society services in accordance with Article 8(1) of the General Data Protection Regulation
Should one of the above-stated reasons apply and should a data subject want to have his or her personal data saved by Hartmann Projekt GmbH deleted, they may contact an employee of the controller at any time. Hartmann Projekt GmbH’s employee will arrange for swift compliance with the request for deletion.
If the personal data have been made public by Hartmann Projekt GmbH and if our company is responsible for the deletion as the controller under Article 17(1) of the General Data Protection Regulation, Hartmann Projekt GmbH will, in consideration of the available technology and implementation costs, take appropriate measures, including technical measures, to notify others responsible for data processing who have processed the published personal data that the data subject has demanded the deletion of any links to and copies and replicas of this personal data from the others responsible for data processing insofar as processing is not mandatory. The Hartmann Projekt GmbH employee will arrange the necessary procedures on a case-by-case basis.
e) Right to restriction of processing
The EU directive and regulatory authority grants every data subject the right to request that the controller restricts the processing if one of the following conditions is fulfilled:
o The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
o Processing is not legitimate, the data subject rejects his or her deletion of the personal data and demands restrictions to the use of his or her personal data instead.
o The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
o The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Should one of the above-stated conditions be fulfilled and should a data subject demand to have his or her personal data that have been saved by Hartmann Projekt GmbH restricted, they may contact an employee of the controller at any time. Hartmann Projekt GmbH’s employee will arrange for the restriction of processing.
f) Data Portability Rights
The EU Directive and regulatory authority grants every data subject the right to obtain the personal rights they provided to a controller in a structured, customary and machine-readable format. Furthermore, data subjects may transmit these data to another controller without obstruction by the controller to whom their personal data was provided, if the processing is based on consent in accordance with Article 6(1) Point a or Article 9(2) Point a of the General Data Protection Regulation or an agreement in accordance with Article 6(1) Point b of the General Data Protection Regulation and processing is performed using automated procedures insofar as the processing is not required for carrying out tasks in the public interest or exercising public authority vested in the controller.
Furthermore, when exercising their data portability rights under Article 20(1) of the General Data Protection Regulation, data subjects may have their personal data transmitted directly from one controller to another controller insofar as technically possible and provided the rights and freedoms of other persons are not impaired.
To exercise their rights to data portability, data subjects may contact an employee of Hartmann Projekt GmbH at any time.
g) Objection Rights
The EU Directive and regulatory authority grants every data subject the right to object to the processing of their personal data under Article 6(1) Point e of the General Data Protection Regulation for reasons related to their particular situation. The same applies to profiling based on this regulation.
Hartmann Projekt GmbH will no longer process the personal data if an objection is raised, unless we can demonstrate compelling and legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject or if the processing serves the assertion or exercise of or defence against legal claims.
If Hartmann Projekt GmbH processes personal data for direct advertising purposes, the data subject may object to the distribution of his or her personal data for such advertising purposes at any time. This also applies to profiling, insofar as related to such direct advertising. If the data subject submits an objection to Hartmann Projekt GmbH for the processing for direct advertising purposes, Hartmann Projekt GmbH will no longer process this personal data for such purposes.
Furthermore, data subjects may, for reasons related to their particular situation, object to the processing of their personal data by Hartmann Projekt GmbH for scientific or historic research or statistical purposes under Article 89(1) of the General Data Protection Regulation, unless such processing is required for carrying out tasks in the public interest.
To exercise their objection rights, data subjects may contact any employee of Hartmann Projekt GmbH or another employee directly. Data subjects may, irrespective of Directive 2002/58/EC, also exercise their objection rights through automated procedures that employ technical specifications for use of information society services.
h) Individual Case Automated Decision-Making, Including Profiling
The EU Directive and regulatory authority grants every data subject the right not to be subjected to decisions based exclusively on automated processing—including profiling—that produce legal effects for them or similarly affects them, provided the decision (1) is not necessary for the conclusion or fulfilment of a contract between the data subject and the controller or (2) is authorised by Union law or the Member State law applicable to the controller and that includes suitable measures for safeguarding the data subject’s rights and freedoms and legitimate interest or (3) is based on the data subject’s express consent.
If the decision (1) is required for the conclusion or fulfilment of a contract between the data subject or (2) if it is made with the data subject’s express consent, Hartmann Projekt GmbH will take appropriate measures to safeguard the data subject’s rights and freedoms and justified interests, at least the right to obtain human intervention by the controller, to express his or her point of view and to contest the decision.
If data subjects wish to assert their rights regarding automated decisions, they may contact an employee of the processor at any time.
i) Consent Withdrawal Rights
The EU Directive and regulatory authority grants every data subject the right to withdraw their consent for the processing of their personal data at any time.
If data subjects wish to assert their rights to withdraw their consent, they may contact an employee of the processor at any time.
8. Legal Basis for Data Processing
Article 6(1) Point a of the General Data Protection Regulation serves as the legal basis for data processing for which we obtain approval for certain data processing purposes. If personal data must be processed for the fulfilment of a contract to which the data subject is a party, e.g., data processing for goods deliveries or performances of other services or return services, data processing will be based on Article 6(1) Point b of the General Data Protection Regulation. The same applies to data processing that is required for the performance of contractual measures, e.g., inquiries about our products or services. If our company is subject to legal obligations that require the processing of personal data, e.g., for the fulfilment of tax obligations, data processing will be based on Article 6(1) Point c of the General Data Protection Regulation. In rare cases, the processing of personal data may be required to protect vital interests of the data subject or another natural person. For example, this may be the case if a visitor is injured at our offices and his or her name, age, health insurance provider or other vital information must be provided to a doctor, hospital or other third party. In such cases, data processing will be based on Article 6(1) Point d of the General Data Protection Regulation. Finally, data processing may be based on Article 6(1) Point f of the General Data Protection Regulation. Data processing will be performed on this basis if the data processing is required for safeguarding the legitimate interests of our company or of a third party, is not outweighed by the data subject’s interests and fundamental rights and freedoms and is not covered by any of the stated legal bases. We are especially allowed to process data in these cases because they are expressly specified by the European legislature. The European legislature has stated that legitimate interests may be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 of the General Data Protection Regulation).
6. Legitimate Interests in Data Processing Pursued by the Controller or a Third Party
If the processing of personal data is based on Article 6(1) Point f of the General Data Protection Regulation, our legitimate interest is the performance of our business activities for the benefit of our employees and shareholders.
7. Duration for Which Personal Data is Saved
The criteria for the duration for which personal data is saved is the statutory storage period. After this period expires, the respective data will be deleted if it is no longer needed for contract fulfilment or initiation.
8. Legal or Contractual Regulations for Providing Personal Data; Requirements for Contract Conclusion; Obligation of Data Subjects to Provide Personal Data; Possible Consequences of Not Providing Personal Data
Please note that personal data may have to be provided by law (e.g., for tax purposes) or under contractual regulations (e.g., information on the contract partner). Data subjects may be required to provide personal data to us that we need to process to conclude a contract. For example, data subjects are required to provide personal data to us if our company concludes a contract with them. Failing to provide such personal data will prevent the contract from being concluded with the data subject. Before data subjects provide such personal data, data subjects must contact an employee. Our employee will explain to the data subject whether such personal data must be provided in the respective case by law, due to contractual regulations or to conclude a contract and if there is a requirement to provide such personal data and the consequences of failing to provide such personal data.
9. Automated Decision-Making
As a responsible company, we do not engage in automated decision-making or profiling.
10. Processing of Data Through Sending the Contact Form
You are able to send us a message via the integrated contact form.
The entry of personal data in the entry form is voluntary and not required in order to view information on www.hartmannprojekt.de or to display the web pages correctly.
If you decide to use the contact form, the personal data entered will be processed by us and stored if necessary until the reason for your query has been resolved by an employee of ours.
Which data are collected
Voluntary personal data are:
Surname, name, telephone number
Required personal data are:
Email address, message text
The data in your query are deleted from our system after 7 days, and at the latest once your query/concern has been settled, as long as they are not subject to legal limits of storage e.g. HGB (German commercial code) 257.
SSL or TLS encryption
For security purposes and to protect the transmission of confidential content such as orders or queries sent by you to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection as the address line in the browser will change from “http://” to “https://” and the lock-symbol will appear in the browser line.
If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.
3. Data Collection on Our Website – Cookies
Some of the Internet pages use so-called cookies. Cookies cause no damage to your computer and contain no viruses. Cookies help to make our presence more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies allow us to recognise your browser on your next visit.
You can set your browser so that you are informed of the storage of cookies and only allow cookies in exceptional cases, exclude the acceptance of cookies for particular purposes or exclude them generally, or activate automatic deletion of cookies once the browser is closed. Once cookies are deactivated, the functionality of this website may be reduced.
Cookies that are required to carry out electronic communications or to provide particular functions desired by you (e.g. shopping basket function) are saved on the basis of Art. 6(1) Point f of the General Data Protection Regulation. The website operator has a justified interest in storing cookies for the purpose of ensuring the technically faultless and optimised provision of services. To the extent that other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are handled in a separate section of the data protection declaration.
| Cookiename | Cookie origin | Explanation |
| bst_accepted | https://innovativecoolingsystems.com | This cookie is saved when you allow cookies |
Google Web Fonts
This site only uses so-called web fonts provided by Google to represent text. When this site is loaded, your browser will download the required web fonts into your browser cache in order to display text and lettering correctly.
Your browser must set up a connection to Google’s servers to do so. In so doing, Google receives knowledge that your IP address has loaded our website. The use of Google Web Fonts takes place for the purpose of giving a unified and appealing presentation to our online services. This is a justified interest in the sense of Art. 6(1) Point f of the General Data Protection Regulation.
If your browser does not support web fonts, a standard typeface from your computer will be used.
You can find further information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s data protection declaration: https://www.google.com/policies/privacy/.
As of 05.2018