1. Responsible party and contact information

Responsible party:

PAUL HARTMANN UKI
P2 Parklands
Heywood Distribution Park
Pilsworth Road
Heywood
OL10 2TT

Phone: (+44) 01706 363 200
Email: info@hartmann.info

Contact Data Protection:
UKI Compliance and Data Protection Officer

PAUL HARTMANN UKI
P2 Parklands
Heywood Distribution Park
Pilsworth Road
Heywood
OL10 2TT

Email: ukdataprotection@hartmann.info

2. Data protection principles, Candidate profile

We process your personal data in accordance with the provisions of the GDPR and other applicable data protection regulations. You will find details under the following explanations.

Before applying for an open vacancy, being included in our talent pool, etc. it is necessary to create your own candidate profile. This profile will only be visible to us when you apply for an open vacancy. You can make changes or additions to your candidate profile yourself at any time.

2.1 Purposes in the context of pre-contractual measures

This data protection notice is issued in connection with the application procedure. Your personal data is processed in order to decide on the establishment of an employment relationship with you and to process it. This may also include the performance of an assessment, which especially may include the creation of a personality profile as part of a personality test. Although the evaluation of the personality test is initially automated, the content is then checked by the people involved in the recruitment process. The evaluation can then be included in the decision on whether to establish an employment relationship with you. The evaluation will be handed over to you personally. If per-sonal hand over is not possible, it will be sent to you by post or made available to you by digital means. Of course, we will ensure the best possible digital hand over from an IT-Security perspec-tive according to the state of the art. As part of the application process, your personal data may also be viewed by employees of various specialist departments in the UK, Germany and abroad, but only to the extent that this – as mentioned – serves to establish the employment relationship with you.

2.2 Purposes within the scope of legitimate interests of us or third parties

We process your personal data if it is necessary to protect the legitimate interests of us or third parties, unless there are no overriding interests on your part (including fundamental rights and freedoms) that speak against such processing. Our purpose-oriented interests can be in particu-lar:

• Internal administrative purposes;
• Statistical evaluations for corporate management;
• Measures for controlling and optimizing business processes;
• Measures for the further development of services and products;
• Identification of recruited employees for distribution of bonus;
• Testing and optimization of procedures for demand analysis;
• Comparison with national as well as European and other international sanctions lists as part of our compliance program to determine critical data (screening), insofar as this goes beyond the legal obligations. The comparison depends to a large extent on the matter in question and the circumstances of the individual case, i.e. on the risk forecast and the safety relevance of the specific activity;
• Enrichment of our data, among other things by using or researching publicly available data to the extent necessary;
• Active Sourcing (direct approach of candidates);Benchmarking (especially comparison of the recruitment figures of the countries and the re-spective recruitment period. The benchmarking is anonymous);
• Assertion of legal claims and defense in the event of legal disputes which are not directly at-tributable to the contractual relationship;
• Building and plant security, securing and exercising the rights of the building by taking appro-priate measures (e.g. access controls) and, if necessary, by video surveillance to protect third parties and our employees and to prevent criminal offences and to secure evidence for the in-vestigation of criminal offences, insofar as this goes beyond the general duty of care;
• Further development of existing systems and processes;Internal and external investigations, security checks; publications;
• Obtaining and maintaining certifications of a private or official nature for internal administrative purposes.

2.3 Purposes within the scope of your consent

We process your personal data –in each case only based on your consent– for the following purposes:

• In the context of an active application to establish the employment relationship, insofar as processing cannot already be based on Art. 6 (1) b GDPR, Art. 9 (2) b GDPR, § 26 (1) and (3) BDSG;
• Replacement of vacancies that have become vacant again, for which you originally applied, as well as for worldwide vacancies including inclusion in a talent pool to which PAUL HARTMANN AG Group companies also have access. In the last-mentioned case, we will contact you via the email address and/or phone number you have provided us with, if there is a corresponding open vacancy;
• Messages in the form of "job alerts". The basis for these alerts is your application for a specific vacancy, in the context of which you have also created your candidate profile. The specific name of the open vacancy for which you have applied serves as a keyword. You can add or delete individual "job alerts" at any time;
• Messages about career opportunities. You will be considered for customized marketing campaigns –generated by the system– if you are visible in our talent pool at the same time. Such marketing campaigns can refer to current job fairs, for example, where you can get more information about career opportunities;
• Active Sourcing - direct approach, addressed to you as a candidate.

You are not obliged to give your consent and there are no legal disadvantages for not granting your consent. You can revoke your consent at any time by emailing ukdataprotection@hartmann.info.

In principle, the revocation of a consent is only effective for the future. Processing that took place before the revocation is not affected and remains lawful.

2.4 Purposes to meet legal requirements or purposes in the public interest

Like everyone who is involved in the economic process, we are also subject to a variety of legal obligations. These are primarily legal requirements (e.g. commercial and tax laws), but also, where applicable, regulatory or other official requirements (e.g. employers' liability insurance association). The purposes of the processing may include identity and age verification, fraud and money laundering prevention (e.g. comparison with European and international anti-terrorist lists), company health management and ensuring occupational safety. In addition, the disclosure of personal data may become necessary within the scope of official/judicial measures for the purpose of gathering evidence, criminal prosecution or the enforcement of civil law claims.

3. Categories and origin of the personal data we process

Insofar as it is necessary for the decision on the establishment of an employment relationship with you, we process, in addition to the personal data received directly from you, any personal data that may have been lawfully received from third parties (see Art. 14 GDPR). This may include personal data received from external service providers such as headhunters or professional network operators (e.g. LinkedIn or Xing).

Relevant personal data can be:

First name and surname, if applicable maiden name, gender, residential address, contact data, date of birth, place of birth, nationality, religious affiliation, marital status, job description, callable contact data, start / end of employment, educational background (school, studies, training etc.) and professional development, title, residence permit / work permit and its period of validity, data from identification document, qualifications (driver's license, first-aider, knowledge of foreign languages etc.) Status information (mainly pupil or student), information about certificates and qualifications, severe disability (e.g. for holiday entitlement or job description), honorary position / active membership in a club (sports etc.), information about previous employment relationships, criminal records (e.g. for security-relevant functions), photos, bank records (for travel expense accounting).

4. Recipients or categories of recipients of your personal data

We only process your personal data within the company. Within our company, those internal departments or organizational units receive your personal data insofar as they need it to fulfil the purpose and within the scope of processing. Internal data recipients are obliged in each case to use your personal data only to the aforementioned extent.

If we transfer your personal data to other persons and companies (third parties), e.g. to service providers who provide our recruiting services or at least support us, or grant them other access to the personal data, this is only done on the basis of a legal permission. If we commission third parties to process personal data on the basis of a so-called "contract processing agreement" and thereby secure the necessary powers of influence or control with regard to the processing and use of the personal data, this is done on the basis of Art. 28 GDPR. However, we remain responsible to you for the legality of the data processing.

5. Storage of your personal data

First, we would like to point out that we do not delete your personal data but make it anonymous. After the anonymization process has been carried out, a reference to your person no longer exists and cannot be restored. The data protection regulations are then no longer applicable. We use the anonymized data in particular for evaluation purposes.

In principle, we process or store your personal data for the duration of the direct contact within the framework of active sourcing, for the duration of an active application process and for the duration of your activity in the candidate profile. This means that your personal data in connection with a specific application will be made anonymous at the latest 6 months after the application process has been completed (beginning especially by refusal). If we only have your application documents in paper form, we will return them to you after the end of the application procedure to our credit. The anonymization of your personal data stored in the candidate profile is done automatically in case of inactivity of 6 months (no login was made for 6 months). You will be informed about this in advance by email. By logging in again, the period is automatically extended by a further 6 months. The prerequisite in each case is that there is no active application. If you set up a "deletion" in your candidate profile yourself, the anonymization will take place automatically 6 months after setting up.

The above-mentioned information on the anonymization does not apply if, among other things, legally prescribed retention periods prevent immediate deletion –here anonymization– (cf. Art. 17 (3) GDPR) and/or another case of Art. 17 (3) GDPR exists and/or a new purpose justifies further processing.

We would like to point out that the withdrawal of a consent granted by you for the purposes mentioned in No. 2.3 above only has the effect that the respective processing (e.g. sending of "Job Alerts") is stopped by us. No personal data will therefore be anonymized by the withdrawal.

6. Processing of your data in a third country or by an international organization

A transfer of data to entities (e.g. subsidiaries) in countries outside the European Economic Area EU/EEA (so-called third countries) takes place in particular if it is necessary for the decision on the establishment of an employment relationship with you. The processing of your personal data in a third country may also take place in connection with the use of service providers in the context of processing orders.Unless the EU Commission has decided on an adequate level of data protection in the country concerned, we guarantee - in accordance with Article 13 (1) f of the GDPR - that your rights and freedoms are protected in the case of transfers in accordance with Articles 46, 47 or 49 (1) subparagraph 2 of the GDPR by providing suitable and appropriate guarantees. Information on the suitable or appropriate guarantees and the possibility of how and where to obtain a copy of them can be obtained on request from the Data Protection Department or the Human Resources Department responsible for you.

7. Your rights

• You have the right to withdraw your consent to the processing of your personal data in accordance with Art. 7 (3) GDPR at any time with effect for the future. Processing that took place before the withdrawal therefore remains lawful.
• In accordance with Art. 15 GDPR, you can request information about your personal data processed by us.
• In accordance with Art. 16 GDPR, you can demand the immediate correction of incorrect or incomplete personal data stored by us.
• In accordance with Art. 17 GDPR, you can request the deletion (here anonymization) of your personal data stored by us in accordance with the conditions stated therein, unless legally prescribed retention periods prevent immediate deletion –here anonymization– (see Art. 17 (3) GDPR) and/or another case of Art. 17 (3) GDPR exists and/or a new purpose justifies further processing.
• Pursuant to Art. 18 (1) GDPR, you may request the restriction of data processing if one or more conditions pursuant to Art. 18 (1) GDPR lit. a to d are met.
• In accordance with Art. 20 (1) GDPR, you can receive the personal data processed by us in a structured, common and machine-readable format and transfer this personal data to another person responsible without hindrance from us.
• In addition, you can object to the processing of your personal data in accordance with Art. 21 (1) GDPR. In the event of an objection, we will terminate the processing of your personal data. However, the right of objection only applies in the event of special circumstances arising from your personal situation. In addition, compelling reasons worthy of protection that speak in favour of processing may prevail. Furthermore, certain processing purposes may conflict with your right of objection.
• According to Art. 21 (2) GDPR, you have the right to object to the processing of personal data concerning you for the purpose of direct marketing at any time without further conditions. This also applies to profiling, insofar as it is connected with such direct marketing. If you object, your personal data will no longer be processed for these purposes (cf. Art. 21 (3) GDPR).
• Without prejudice to any other administrative or judicial remedy, you also have the right to appeal to the competent supervisory authority (see Art. 77 GDPR) if you believe that the processing of your personal data violates data protection provisions. In this context, however, we would ask you to address any complaints first to the contact details given under (1) above.

8. Scope of your obligations to provide us with your personal data

You only need to provide personal data that is necessary for the decision on the establishment of the employment relationship or that we are legally obliged to collect (e.g. to provide evidence to authorities). Without this personal data, we will generally not be able to carry out the application process. If we request additional personal data from you, you will be informed separately about the voluntary nature of the information.

9. Automated decision making in individual cases (including profiling)

We do not use purely automated decision-making procedures in accordance with Art. 22 GDPR. Should we nevertheless use such a procedure in individual cases in the future, we will inform you of this separately if this is required by law.

Data that we hold and how we use it

If you are a direct individual customer of ours, we hold the contact and payment details required to carry out our contract with you and manage our relationship. If you signed up for our newsletter then we hold your contact details and your preference choices to keep you up to date with changes and improvements to our services. This data would have been sourced from you directly.

Managing our relationship with you includes any customer service related data and order history. Incoming calls are recorded, and you will always be made aware of this when you call in. They are recorded to ensure that we capture your order correctly, help us with quality control and training, as well as helping to resolve disputes should they arise.

If you are a customer who has agreed to give a testimonial or provide photos to help with our marketing, then we will hold the data that you gave up (Contact details, opinion and any corresponding photos) and make them available on our website and marketing materials.

If you are a potential customer then you are likely to be an employee of an entity that we believe would benefit from our services, we will hold your contact details.Potential corporate customer data is sourced from third parties such as the CQC website and providers of healthcare data.

Where possible, we will endeavour to let you know within 30 days that we have your data, where we sourced it, and provide you with this privacy notice if we did not source your personal data directly from you.

Lawful basis for processing

Our lawful basis for processing your data is a combination of Contract, Legitimate Interest and consent. We use legitimate interest when we use your data to keep you up to date with changes and improvements to our goods and services. Our legitimate interest balancing test indicates that this is a legitimate purpose; it is necessary for the purpose of keeping you updated and growing our business, and unlikely to cause you risk or harm. Likewise, if you are a potential customer, who has not yet placed an order, then we process this data under legitimate interest. All other data is processed to enable us to fulfil our contract with you and manage our relationship with you. We only use consent when we ask you to process your personal data in our marketing collateral, including our newsletter.

Data Sharing and Transfers

Like most companies, we use a number of other entities to facilitate data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. If data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example Standard Contractual Clauses and due diligence. We do not sell your data to anybody. All data processed by Paul Hartmann Ltd is shared with our parent company in Germany, and such transfers are done on a need to know basis and are subject to an inter-company agreement.

Retention Periods

As a customer we hold your data for the time that you are a customer of ours plus 7 years in case of any dispute and to abide by accounting regulations.If you withdraw consent for marketing collateral then we will update our records in the Hartmann marketing preference center and CRM system accordingly to ensure you no longer receive marketing material from us.If you are a potential customer we will delete your data 2 years from your last engagement with us.

Technical and Operational Security

All data is password protected, access controlled by 2factor authentication, backed up securely and encrypted when appropriate. All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects. We take the protection of personal data into account as early as possible in the development and selection of hardware, software and our standard procedures.

Data that we hold and how we use it

As a supplier to HARTMANN UK&I, we hold the contact and payment details required to carry out our contract with you, and any data to manage our relationship with you, for example our email communications. Most of this data would have been sourced from you directly, although your initial contact details may have been sourced from a recommendation or a website, with the intention of entering into a contract with you.

Lawful basis for processing

Our lawful basis for processing your data is contract; all data is used to enable us to fulfil our contract with you, including paying you and managing our relationship with you.

If we are asked to recommend a supplier to another company then we will share your company name and phone number. The lawful basis for this is legitimate interest and we believe this has benefits to both you and us.

Data Sharing and Transfers

Like most companies, we use a number of other entities to facilitate data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. If data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example Standard Contractual Clauses and due diligence. We do not sell your data to anybody. All data processed by HARTMANN UK&I is shared with our parent company in Germany, and such transfers are done on a need to know basis and are subject to an inter-company agreement.

Retention Periods

We hold data on suppliers for the duration of our contract, plus 7 years to account for accounting regulations and in case of any dispute.

Technical and Operational Security

All data is password protected, access controlled by 2factor authentication, backed up securely and encrypted when appropriate. All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects. We take the protection of personal data into account as early as possible in the development and selection of hardware, software and our standard procedures.

Data that we hold and how we use it

As someone who has agreed with their Health Care Professional to participate in a clinical trial on our product, we will hold the following personal data:

• Identification data
• Medical data observations
• Clinical trial results

If you are a Healthcare professional who carries out our trials, then we will hold the following:

• Contact details
• Place of work, role and qualifications
• Details of the training provided to enable you to carry out the trial

Lawful basis for processing

Our lawful basis for processing your data is a combination of Contract (with the health care provider), and legal obligation for the trial participant. Where health data is used, the additional lawful basis for this will be ensuring high standards of quality and safety of health care and of medicinal products or medical devices.

Whilst consent is given to participate in the trial, this is not the same as consent to process the data. We do not use consent to process the data as this would not be the most appropriate since we are obliged by law to carry out these trials to ensure the quality and safety of our products. We do however ask for consent to publish the data if it is not fully anonymised.

Data Sharing and Transfers

Like most companies, we use a number of other entities to facilitate data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. If data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example Standard Contractual Clauses and due diligence. We do not sell your data to anybody. All data processed by Paul Hartmann Ltd is shared with our parent company in Germany, and such transfers are done on a need to know basis and are subject to an inter-company agreement.

Retention Periods

Data processed on the Health care professional is retained for 5 years after their last clinical trial/study.

Clinical trial/study data is retained 7 years after the withdrawal of a product.

Technical and Operational Security

All data is password protected, access controlled by 2factor authentication, backed up securely and encrypted when appropriate. All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects. We take the protection of personal data into account as early as possible in the the development and selection of hardware, software and our standard procedures.

Data that we hold and how we use it

When you come to our offices, you will be asked to sign in via a device in the lobby. The data collected is your name, email address, phone number, car registration number and the person you are visiting, as well as a photograph.

The device will then provide you with a label containing your name and photo that we ask you to wear whilst you are on the premises.

Lawful basis for processing

Our lawful basis for processing your data legitimate interest. It is legitimate for us to know who is visiting the site and to protect the premise against unauthorised entry, and crime.

Data Sharing and Transfers

Like most companies, we use a number of other entities to facilitate data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. If data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example Standard Contractual Clauses and due diligence. We do not sell your data to anybody. All data processed by Paul Hartmann Ltd is shared with our parent company in Germany, and such transfers are done on a need to know basis and are subject to an inter-company agreement.

Retention Periods

Data in our sign in system is kept for 6 months after your visit to make it easier for you, should you return in that timeframe.

Technical and Operational Security

All data is password protected, access controlled by 2factor authentication, backed up securely and encrypted when appropriate. All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects. We take the protection of personal data into account as early as possible in the the development and selection of hardware, software and our standard procedures.

Data that we hold and how we use it

As a user of our websites (hartmann.info, hartmanndirect.co.uk, hartmannhelp.co.uk, hartmannmarketing.com) and depending on the cookie preferences you gave, we collect your individual usage data which includes information about how you use our website, products and services. This is used to create aggregated data.

If cookies are accepted loaded, we will process information about the pages you have visited, your searches on our website, load and download times, time spent on our pages, interaction with the page and what led you to our website (link in an article, google search etc).

We perform analytics based on this data. Performing analytics is vital for us to understand how you interact with our website and various services in order to improve them and to give you a good user experience.

We do not use your browsing data to predict or make any assumptions about you.

You can view our Cookie policy here: Cookie Policy

Social Media:

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users. When accessing social networks and platforms, the terms and conditions and data processing guidelines of the respective operator apply.

We process your personal data if you communicate them within social networks and platforms, e.g. by writing articles on our online presences or sending us messages. In addition, Facebook, among other things, may provide statistics and insights (e.g., total number of page views, "Like" information, page activity, post interactions, video views, post reach, comments, shared content, responses, etc.) that help us understand the types of actions you take on our sites. This enables us to better understand your interests and preferences and can, for example, increase the attractiveness of articles or our performance presentation or choose the right time for publication.

Your personal data may be processed by the respective operator outside the European Union or the European Economic Area. As a result, risks may arise for you, in particular the enforcement of rights may become more difficult.

If you click on the button of the respective operator eg. Facebook, you will be redirected to the Hartmann presence on their site in a separate browser window and can - if you are logged in to your user account - share or subscribe to our news, among other things. Clicking the button will establish a direct connection between your browser and the server of the respective operator. The respective operator receives the information that you have visited our website with your IP address. The respective operator may collect further personal data as soon as you use their offers. In addition, it is then possible for the respective operator to assign your visit to our website to you and your user account, provided you are logged in to your user account.

In addition, your personal data may be further processed for the purposes of market research and advertising. This means that profiles can be created from your usage behaviour and the preferences and interests derived from it. Such profiles can be used, for example, to place suitable advertisements within our online presence or on other online presences or websites based on the interests determined. Cookies are placed and stored on your end device, with the help of which personal data on usage behaviour can be collected and bundled for further processing - to determine your interests. The collection and bundling of this personal data can - especially if you are logged in to your user account - also be realised across several end devices used by you.

Should you request information or wish to exercise other rights to which you are entitled, please contact the respective operator directly. The background to this is that only the respective operators have access to your personal data and can provide you with the relevant information and take further measures if necessary. Should you require assistance in exercising the rights to which you are entitled, you can also contact us at any time.

A description of the data processing carried out by the respective operator as well as the requirements for the implementation of an objection (opt-out) can be found in the information provided by the respective operator:

Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Site insight data: https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-Out: https://www.facebook.com/settings?tab=ads

Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization
Anbieter: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy policy: https://www.xing.com/app/share?op=data_protection

Provider: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de

Provider: (Instagram) Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy:https://help.instagram.com/519522125107875

Integration of third-party services and content:

Within our online offering, we use content or service offerings from third parties. This happens based on our legitimate interests (interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1) f GDPR) or based on your consent according to Art. 6 (1) a GDPR. This means that we integrate third-party content and services, such as videos or fonts (hereinafter referred to uniformly as "content"). This requires the third party providers to be aware of your IP address, as without the IP address they would not be able to send the Content to your browser. The IP address is therefore required for the display of content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the website. The pseudonymous information can also be stored in cookies on your device and may contain technical information about the browser and operating system, referring websites, visiting time and other details about the use of our online offer, as well as being linked to such information from other sources.
In the following presentation we have compiled an overview of third party providers together with their offered contents as well as links to their data protection declarations, which may contain further information on the processing of data as well as information on objection. Please note that we have listed further third-party providers in our cookie policy.

Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalizationProvider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA

Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Within our online offer we use the conversion tool "LinkedIn Insight Tag". This tool creates a cookie in your web browser, which enables the collection of data. Based on the collected data, LinkedIn creates anonymous reports about the website target group and makes them available to us. LinkedIn also shows us the display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. We can use this data to display targeted advertising outside of our online offering without identifying you.

Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy policy: https://www.xing.com/app/share?op=data_protection

Provider: (Youtube) Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
Opt-Out: https://adssettings.google.com

We have integrated components of YouTube within our online offers. YouTube allows the free posting of video clips and their free viewing, rating and commenting. By calling up one of the individual pages of our online offers on which YouTube content has been integrated, a connection to YouTube is established in order to download the necessary elements for displaying the corresponding video. In doing so, YouTube or the operating company Google receives information about which subpage within our online offers has been called by the respective user. In addition, further information, such as the IP address, the browser used, the operating system and technical device information, date and duration of the visit are forwarded. If the user is logged on to YouTube at the time of visiting our online offers with the same device, YouTube recognizes the user by calling up a single page that contains a YouTube video. This occurs regardless of whether the person concerned clicks on a YouTube video or not. This information can be aggregated by YouTube or Google and assigned to the profile of the respective user, unless the elements have been integrated in "privacy mode". We always use the "Privacy Mode", as far as this is possible.

Provider: (Instagram) Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://help.instagram.com/519522125107875

Provider: (Facebook-Pixel) Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
Privacy policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads

With the help of the Facebook pixel, Facebook is on the one hand able to determine the visitors of our online offer as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who exhibit certain characteristics (e.g. interest in certain topics or products that are evident from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. The Facebook Pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion measurement“).

Provider: Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 United States of America
Privacy policy: https://policies.google.com/privacy?hl=de
Opt-Out: http://tools.google.com/dlpage/gaoptout?hl=de

Within our online offers we use Google Universal Analytics. Google Universal Analytics' cookies are used to collect visitor sessions and behavioral data for analysis reports. This enables us to obtain information about the use of our offers on different devices ("cross device") and to improve the user-friendliness of our offers with the results obtained. For this purpose, pseudonymised user profiles are used, which do not receive any personal data such as names or e-mail addresses, and these are not transmitted to Google. Google uses this information to evaluate the use of our online offers, to create reports on the activities within our online offers and to provide us with further services associated with the use of our online offers. The processed data can be used to create pseudonymous user profiles of the users. We use Google Universal Analytics with activated IP anonymization (i. e. using the function anonymizeIP). This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other Google data. We would like to point out that the use of IP anonymisation does not result in any fundamental anonymisation, as further usage data is nevertheless collected (e. g. such as identification features that also allow a link to an existing Google account). The cookies have a validity of 14 months.

Lawful basis for processing

Our lawful basis for processing tracking data as a result of dropping unnecessary cookies is consent. You will have provided this consent via our cookie banner.

If you accessed our social media presence then we are slightly constrained by the way that site operates and cannot give assurances that they will always use consent as the lawful basis.

Data Sharing and Transfers

Like most companies, we use a number of other entities to facilitate data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. If data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example Standard Contractual Clauses and due diligence. We do not sell your data to anybody. All data processed by HARTMANN UK & I is shared with our parent company in Germany, and such transfers are done on a need to know basis and are subject to an inter-company agreement.

Technical and Operational Security

All data is password protected, access controlled by 2factor authentication, backed up securely and encrypted when appropriate. All employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects. We take the protection of personal data into account as early as possible in the the development and selection of hardware, software and our standard procedures.