Purifying our Planet
Sustainable Filtration Solutions
 0
Data protection

Data protection

1. name and contact details of the controller and the company data protection officer

This data protection information applies to data processing by:
Responsible person:

Hengst SE,
Nienkamp 55-85
48147 Münster, GERMANY
(hereinafter: Hengst SE)

Legal form and registered office of the company: Societas Europaea, Münster
Register court: Münster HRB 16761
Managing Director: Christopher Heine (CEO), Howard Boyer (COO)
Chairman of the Board of Directors: Jens Röttgering

VAT ID No. DE313827905

The company data protection officer of Hengst SE can be contacted at the above address, for the attention of the data protection officer, or at [email protected].

2. when visiting the website

When you visit our website www.hengstfilter.shop, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process the aforementioned data for the following purposes:

  • Ensuring a smooth connection to the website,
  • To ensure a comfortable use of our website,
  • Evaluation of system security and stability and
  • for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes of data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

We also use cookies and analysis services when you visit our website. You can find more detailed explanations on this in section 5 of this privacy policy.

3. cookies

a) General

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device when you visit our site. Cookies are small text files that are used by websites to make the user experience more efficient. They store information that is generated in connection with your device. However, this does not mean that we obtain direct knowledge of your identity. This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

b) Functional cookies

On the one hand, the use of cookies serves to make the use of our website technically easier for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

The data processed by cookies are necessary to safeguard our legitimate interests in a user-friendly design of the website in accordance with Art. 6 para. 1 lit. f GDPR. In accordance with Section 25 (2) No. 2 TDDDG, information can be stored on your device without consent if it is absolutely necessary for the operation of the site. We require your consent for all other cookie types. The use of technically necessary cookies takes place automatically when you visit our website. However, you can generally prevent the storage of functional cookies by configuring your browser. Please note that the complete deactivation of cookies means that we will not be able to provide you with the claimed service of a fully functional website.

c) Cookies for analysis

We also use cookies to personalize content and advertisements, to offer social media functions and to analyze access to our website. This enables us to statistically record the use of our website and to evaluate and optimize our offer to you (see section 5). These cookies enable us to automatically recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period of time.

For these purposes, we may only store cookies on your end device to the extent that you have given us your consent to do so in accordance with Section 25 (1) TDDDG.

If you have already consented to the storage of information on your device for analysis purposes, you have the right to withdraw this consent at any time in accordance with Art. 7 (3) GDPR.

You can change or withdraw your consent at any time from the cookie settings on our website and from your browser settings.

Please note that if we collect personal data about you for analysis purposes, the analysis service provider may link this to data already held about you in order to gain new information about you.

d) Cookiebot

We use the consent management service Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics) to obtain and manage the consent of the users of our website for data processing. The processing is necessary to comply with a legal obligation to which we are subject (Art. 6 para. 1 lit. c GDPR).

For this purpose, the following data is processed using cookies:

  • Your IP address (the last three digits are set to '0').
  • Date and time of consent.
  • Browser information.
  • URL from which the consent was sent.
  • An anonymous, random and encrypted key.
  • Your consent status as proof of consent.

The key and the consent status are stored in the browser for 12 months using the "Cookie Consent" cookie in order to maintain your cookie preference for subsequent page requests. The key makes it possible to prove and track your consent.

The functionality of the website cannot be guaranteed without this processing.

Usercentrics is the recipient of your personal data and acts as a processor for us in accordance with Art. 28 GDPR.

The processing takes place in the European Union. Further information on objection and removal options vis-à-vis Usercentrics can be found at: https://www.cookiebot.com/de/privacy-policy/

Your personal data will be deleted on an ongoing basis after 12 months or immediately after termination of the contract between us and Usercentrics.

4. registration and orders in our webshop

When accessing our webshop, you have the option of registering in order to place subsequent orders. Within the webshop, it is possible to register with or without entering a customer number.

As part of the registration process, only the personal data required for processing the respective transaction is collected. This includes the first and last name as well as contact numbers. Furthermore, the person making the request has the option of voluntarily providing additional information, for example with regard to title, position in the company and an additional contact number.

The data is then authenticated by us and by the respective customer. This is to ensure that the person making the request is an employee of the respective customer. After successful registration, a confirmation email will be sent to your work email address confirming successful verification by your employer.

If an order has been placed, your data will be processed to create invoices and order overviews in addition to processing the respective transaction.

The processing is carried out to fulfill a contract between us and our customer in accordance with Art. 6 para. 1 lit. b GDPR and to fulfill legal obligations in accordance with Art. 6 para. 1 lit. c GDPR.

Invoicing and the provision of order overviews are made to the company where the respective user is employed and, if applicable, to a subsidiary within our group of companies.

The transmission of order histories to our subsidiaries is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR for internal, administrative purposes.

At the request of the user, all data relating to the person will be anonymized or deleted after eight days in accordance with Art. 17 GDPR. Excluded from this deletion are log files, the order history and invoices that we need to comply with legal requirements and to assert, exercise or defend legal claims in accordance with Art. 17 para. 3 lit. b, e GDPR.

5. google analytics

We create pseudonymous user profiles with the help of Google Analytics in order to design our website in line with requirements. The service is provided by Neusta GmbH, Konsul-Smidt-Straße 24, 28217 Bremen, Germany. We also use Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, as a processor. We have concluded an order processing contract with both companies to ensure data protection in accordance with Art. 28 GDPR.

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site.

If you agree to the storage and use of your data, you can activate the storage and use with the help of our Consent Manager.

The following data is collected and processed with the help of Google Analytics:

  • Visited pages
  • Browser information
  • Click Path
  • Date and time of the visit
  • Device information
  • Downloads
  • Flash version
  • IP address (anonymized)
  • JavaScript support
  • Purchase activity
  • Usage data
  • Referrer URL
  • Location information
  • Widget interactions

If the function is activated in the Consent Manager, your personal data is processed in the context of Google Analytics cookies on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there. However, since we have activated IP anonymization on our website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage. We use Google Analytics, for example, to analyze clicks from Google Ads for purely statistical purposes.

Information on the use of data by Google can be found at
http://www.support.google.com/analytics/answer/6004245 and at
http://www.google.com/policies/privacy/partners/.

You can also prevent the storage of cookies by selecting the appropriate settings in your browser software. In this case, an opt-out cookie is stored in your browser that prevents Google Analytics from storing usage data.

If you delete your cookies, the Google Analytics opt-out cookie will also be deleted. The opt-out must be reactivated when you visit our site again. The information generated by the cookie about your use of this website, such as

  • Browser type/version of the website visitor
  • Operating system of the website visitor,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transmitted to a Google server in the USA and stored there.

The personal data is stored for as long as it is required to fulfill the purpose of processing. The data will be deleted as soon as it is no longer required to achieve the purpose.

In addition to Google Ireland Limited, the data may be transmitted to the following recipients in the USA as part of the processing :

  • Google LLC.
  • Alphabet Inc.

By your selection, with which you consent to the use of the service in our Consent Manager, you also consent to this data transfer to a third country in accordance with Art. 49 para. 1 lit. a) GDPR and assure that you are aware that an adequate level of data protection may not be guaranteed in these third countries.

The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on https://tools.google.com/dlpage/gaoptout. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

6. assisted service mode

As part of our support service, we offer the option of an assisted service mode. Under "My contacts", you can grant a Hengst employee access to your account in order to receive technical support. To do this, activate the "Grant Hengst employee access for 60 minutes" function. Your access data will then be activated on Hengst's servers for the respective employee for a period of 60 minutes so that they can access your account for technical support. In this way, we can support our customers as close as possible to the solution of the problem. Processing outside of the specific support case does not take place. The support function does not authorize Hengst employees to place orders on your behalf.

The legal basis for the processing is your express consent in accordance with Art. 6 para. 1 lit. a GDPR. Personal data to which the Hengst employee has access during the maintenance period will only be processed for the purposes stated here.

In addition, every access is logged. This means that it cannot be ruled out that your account data will be processed further. The processing is justified in accordance with Art. 6 para. 1 lit. f) GDPR. Hengst has a legitimate interest in data processing for the purpose of recognizing and ensuring the security and stability of the systems and to facilitate and improve the administration of this website and to collect evidence of each intended access.

Apart from logging, no further personal data will be collected from you either during or after the specific support case. All copies will be deleted in accordance with Art. 17 GDPR as soon as the purpose of the processing is fulfilled.

7. support cases

On our contact page, you have the option of getting in touch with one of our employees by phone or e-mail to get help with our website or one of our products.

We only collect the data that is absolutely necessary for processing your request. This includes, for example, your first and last name, contact details and, if applicable, your position in the company.

The legal basis is the fulfillment of a contract pursuant to Art. 6 para. 1 lit. b. We only process your data in order to fulfill our obligations to you under the support contract.

As soon as the purpose has been fulfilled, all collected data will be deleted in full, unless an exception according to Art. 17 para. 3 GDPR prevents deletion or your data serves other legitimate purposes.

8. use of our contact form and Cloudflare

If you have any questions, please use the form on our website. A valid e-mail address, first name, surname and business area are required so that we can assign and answer your request. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your voluntary consent.

As soon as your request via the contact form has been processed by us, the personal data transmitted by you will be automatically deleted.

We also use the services of Cloudflare to integrate the captcha function on our website. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The captcha function is used to check whether entries in our contact form have been made by a human or a program (suspected spam). Cloudflare analyzes the behavior of the visitor based on various characteristics. The function is provided to us by Neusta GmbH, Konsul-Smidt-Straße 24, 28217 Bremen, Germany. We have concluded a contract with the service provider Cloudflare and with Neusta for order processing in accordance with Art. 28 GDPR. The contract obliges the service provider to process your data only as instructed and to protect data privacy in accordance with the provisions of the GDPR.

Data from the visitor's end device is collected automatically when the contact form page is accessed. The collection includes at least IP addresses, traffic data such as time spent on the site and mouse movements, system configuration information and other information about traffic to and from the contact form page.

In addition to Cloudflare Germany as a subcontractor, the data may be transmitted to other recipients within the Cloudflare group of companies worldwide as part of the processing. It can therefore not be ruled out that your personal data may also be stored on US servers of Cloudflare Inc. since Cloudflare's headquarters are located in the USA. Cloudflare Inc. is certified under the EU-US Privacy Framework and therefore processes the data of data subjects in accordance with the requirements of the GDPR. They also take active measures to prevent requests for information from US authorities regarding data of EU citizens. Otherwise, data is only transferred to third countries subject to the additional conclusion of the EU Commission's standard contractual clause.

If the personal data collected by Neusta and Cloudflare on our behalf has fulfilled its purpose, it will be deleted in accordance with Art. 17 GDPR, provided that the deletion does not conflict with any statutory retention obligations.

Further information can be found in Cloudflare's data protection portal at:

https://www.cloudflare.com/de-de/trust-hub/gdpr/

9. e-mail marketing - existing customers

If you have provided us with your data when purchasing products or services, we reserve the right to send you regular offers and information on similar products from our range by e-mail. For this purpose, we process inventory data (e.g. names, addresses) and contact data (e.g. e-mail addresses). In accordance with Section 7 (3) UWG, no separate consent is required from you. The processing is carried out by our service provider, Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, under the name "Brevo". Brevo enables us to organize and evaluate our direct marketing. The personal data processed as part of email marketing is stored on the servers of Sendinblue GmbH in Germany. Brevo's email analysis provides us with information about which content is clicked on particularly frequently by our customers. We can also understand whether our offer is of interest to our existing customers.

Sendinblue is therefore the recipient of your data and the processor. We have concluded an order processing contract with the service provider in accordance with Art. 28 GDPR, with which we ensure compliance with data protection obligations in accordance with the GDPR. You can find more information about Sendinblue here: https://www.brevo.com/de/legal/privacypolicy/

Data processing is carried out exclusively on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f) GDPR. You can object to the processing of your data for the purpose of direct marketing at any time. You do not need to provide a specific reason for this. Simply send us an email to the contact address listed above. If you have objected to the use of your personal data, we will no longer send you emails for this purpose.

Otherwise, your personal data that has been used for direct marketing is subject to the statutory deletion periods in accordance with Art. 17 GDPR and will be deleted as soon as it is no longer required for other purposes and no statutory retention periods prevent deletion. Your personal data will be deleted by Sendinblue no later than 3 months after the end of the business relationship or as instructed.

If we are obliged to permanently observe objections, we also reserve the right to store your e-mail address in a blacklist for this purpose alone. Your e-mail address as part of the blacklist will be used exclusively for this purpose and will not be merged with other data. This processing is based on our legitimate interest in complying with the requirements of the GDPR in accordance with Art. 6 para. 1 lit. f GDPR.

10. disclosure of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

11. storage period

Unless otherwise stated in this declaration in individual cases, we only store personal data for as long as is necessary to fulfill the purposes pursued.

Your personal data will be deleted as soon as the purpose of the data processing no longer applies.

If there are legitimate grounds for erasure within the meaning of Art. 17 (3) GDPR, such as a legal obligation to retain data, the processing of the data will be restricted during this period. A statutory retention obligation exists, for example, due to documentation obligations under tax and commercial law. In these cases, the data will be deleted when the reason for further storage no longer applies, e.g. when the legally prescribed storage period expires.

12. processors

We pass on your data to service providers who support us in the operation of our website and the associated processes as part of order processing in accordance with Art. 28 GDPR. This includes hosting service providers, for example. Our service providers are strictly bound by our instructions and contractually obligated accordingly.

We have already named some of these processors in the above text of the privacy policy. If data is transferred outside the EU or the EEA, we will provide information on the appropriate level of data protection.

Processor Purpose Adequate level of data protection
Neusta GmbH Provision and maintenance of web services Processing only within the EU/EEA
Google Ireland Limited Analysis service on the website Processing within the EU/EEA
Appropriateness decision
Cloudflare Captcha services Appropriateness decision
SCCs of the EU Commission

13. rights of data subjects

You have the right to information, correction or addition, deletion, data portability, restriction and objection to the processing of your personal data within the framework of the applicable legal provisions.

We take the protection of your data very seriously. To ensure that personal data is not disclosed to third parties, please send your request by e-mail or post to the above address, clearly identifying yourself.

Right to information

You have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details (Art. 15 GDPR).

Right to rectification or completion

You have the right to demand the immediate correction of incorrect or incomplete personal data stored by us (Art. 16 GDPR).

Right to erasure

You have the right to request the deletion of your personal data stored by us, unless further processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims (Art. 17 GDPR).

Right to restriction of processing

You have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR (Art. 18 GDPR).

Notification obligation of the controller

If you have asserted your right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom we have disclosed your personal data of this rectification or erasure of the data or restriction of processing - unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients (Art. 19 GDPR).

Right to data portability

You have the right to data portability, i.e. the right to receive the data we have stored about you in a commonly used, machine-readable format (Art. 20 GDPR).

You also have the right to have your personal data, which we process on the basis of your consent or in fulfillment of a contract and by automated means, handed over to another controller in a commonly used, machine-readable format.

If you request the direct transfer of the data to another controller, this will only take place insofar as this does not restrict the rights and freedoms of other persons.

Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR (data processing on the basis of a balancing of interests).

If you file an objection, we will no longer process your personal data. Unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Or the processing serves the assertion, exercise or defense of legal claims.

Right to withdraw your consent to data processing

If we process your personal data on the basis of your consent, you have the right to withdraw this consent at any time with effect for the future.

In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent (e.g. statutory retention periods).

Your withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

14. right of appeal to the supervisory authority

You also have the right to lodge a complaint with the competent data protection supervisory authority at any time. To do so, you can contact the data protection supervisory authority of the federal state in which you reside or the authority of the federal state in which the controller has its registered office.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Competent supervisory authority:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Kavalleriestr. 2-4

40213 Düsseldorf

Telefon: 0211/38424-0

Fax: 0211/38424-999

E-Mail: [email protected]

15. up-to-dateness and amendment of this privacy policy

We reserve the right to adapt the privacy policy at regular intervals to the underlying data processing processes or due to changes in the legal situation.

This privacy policy is valid as of October 2024.