Privacy Policy

With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Responsible:
Ursula Möller
Amalienstr. 23
63500 Seligenstadt
Germany

Email address:
ursula.moeller@hydro-source-tec.de

Phone:
+49 172 62 17 494

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. Furthermore, if more specific legal bases are applicable in individual cases, we will inform you of these in the privacy policy.

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which protects against the misuse of personal data in data processing. The BDSG contains special provisions regarding the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), particularly with regard to the establishment, execution, or termination of employment relationships and the consent of employees. State data protection laws of individual federal states may also apply.

In accordance with legal requirements, and taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, ensuring availability, and their separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the erasure of data, and responses to data breaches. We also consider the protection of personal data during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

SSL encryption (https): To protect your data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in your browser’s address bar.

As data subjects, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1) lit. e or f GDPR; this also applies to profiling based on these provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent: You have the right to withdraw granted consents at any time.

Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and further information and a copy of the data in accordance with legal requirements.

Right to rectification: In accordance with legal requirements, you have the right to demand the completion of incomplete data concerning you or the rectification of inaccurate data concerning you.

Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to demand that data concerning you be erased without undue delay, or, alternatively, to demand a restriction of the processing of the data in accordance with legal requirements.

Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, or to transmit those data to another controller, in accordance with legal requirements.

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

To be able to provide our online offering securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offering can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed in the context of providing the hosting service may include all information relating to the users of our online offering that arises during use and communication. This regularly includes the IP address, which is necessary to deliver the content of online offerings to browsers, and all entries made within our online offering or on websites.

Types of data processed: Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of our online offering and user-friendliness.
Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).

Further information on processing procedures, methods, and services:

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). Server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volume, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, for example, to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and to ensure the utilization and stability of the servers; Data deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes are exempt from deletion until the final clarification of the respective incident.

When contacting us (e.g., via contact form, email, telephone, or social media) and within the framework of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to answer contact inquiries and any requested measures.

The answering of contact inquiries and the management of contact and inquiry data within the framework of contractual or pre-contractual relationships are carried out for the fulfillment of our contractual obligations or for answering (pre-)contractual inquiries, and otherwise on the basis of legitimate interests in answering inquiries and maintaining user or business relationships.

Types of data processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms).
Data subjects: Communication partners.
Purposes of processing: Contact inquiries and communication; Provision of contractual services and customer service.
Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR); Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR); Legal obligation (Art. 6(1) sentence 1 lit. c GDPR).
Further information on processing procedures, methods, and services:

Contact form: If users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle the communicated request. For this purpose, we process personal data within the framework of pre-contractual and contractual business relationships, to the extent necessary for their fulfillment, and otherwise on the basis of our legitimate interests and the interests of the communication partners in answering inquiries and our legal retention obligations.