Thank you very much for visiting our website or for otherwise getting in contact with us.
We place very high value on the protection of personal data. In principle, it is possible to use this website without handing over any personal data. However, if you would like to make use of an offer from our company online, then it may be necessary to process personal data. If it does prove necessary to process personal data and if there is no legal basis for this processing, then we will generally obtain consent from the data subject.
Processing of a data subject’s personal data, for instance their name, address, e-mail address or telephone number, shall always be carried out in compliance with the current German Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG), the EU General Data Protection Regulation (GDPR), effective as of 25/02/2018 and the German Telemedia Act (Telemediengesetz; TMG).
With this data privacy statement, our company endeavours to provide information about the nature, scope and purpose of the personal data we process and to inform data subjects of their rights.
Our company has implemented numerous technical and organisational measures for the data collected in order to ensure as complete protection as possible for the personal data that is processed. Nevertheless, internet-based data transfers may have flaws in security and as such, absolute protection cannot be guaranteed.
Our company’s data privacy statement is based on the GDPR. Our data privacy statement should be easily readable and comprehensible. In order to ensure this, we shall first define the terms used.
1. Personal data
Personal data refers to “any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors that are specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (article 4, section 1 of the GDPR).
2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the person responsible for data processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processing
Restriction of processing refers to the marking of stored personal data with the aim of limiting its processing in the future.
Profiling is any form of automated processing of personal data in which this personal data is used in order to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation refers to processing personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information. This additional information is kept separately and is subject to the technical and organisational measures, thus guaranteeing that the personal data is not attributed to an identified or identifiable natural person.
7. Controller or person responsible for processing
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, regardless of whether this is a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
10. Third parties
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes in the form of a declaration or other clearly verified deed with which the data subject signifies agreement to the processing of personal data relating to him or her.
According to the General Data Protection Regulation, the national data protection laws of member states and additional data protection regulations, the controller is:
HORSCH Maschinen GmbH Sitzenhof 1
92421 Schwandorf Deutschland
Tel.: +49 9431 7143-0
Fax.: +49 9431 7143-9200
E-Mail: info @ horsch.com
Technical Expert Office for Information and Communication Technology
Tel.: +49 9404 969638
E-Mail:datenschutz @ bcco.de
1. Every time you visit our webpage, our system automatically gathers data and information from the system of the accessing computer.
The following data is collected here:
- the user’s operating system
- the user’s internet service provider
- the user’s IP-address
- date and time of access
- websites that direct the user's system to our website
- websites accessed by the user's system from our website
- files retrieved
- quantity of data sent
The legal basis for the temporary storage of data is Art. 6 (1) (f) of the GDPR.
2. The temporary storage of the IP address by the system is required so that the website can be connected to the user’s computer. For this purpose, the IP address of the user must be saved for the duration of the web session. For this purpose, our legitimate interest is in accordance with Art. 6 (1) (f) of the GDPR.
3. Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the event of collecting data to ensure the website is functioning correctly, this is the case once the relevant session has ended.
4. The collection of data for providing the website is absolutely necessary for the website to operate and therefore the user has no right to object.
1. The data is also stored in our system’s log files. This data is stored separately from the user’s personal data. The legal basis for the creation of log files is Art. 6 (1) (f) of the GDPR.
2. Storage takes place in log files to ensure that the website is functioning correctly. Furthermore, the data allows us to optimise the website and to guarantee the security of our information technology systems. The data is not evaluated for marketing purposes in this context. For this purpose, our legitimate interest in data processing corresponds with Art. 6 (1) (f) of the GDPR.
3. The data in the log files is deleted after seven days at the latest. However, data may be stored for periods extended beyond this. In such cases, the users’ IP addresses are deleted or altered, meaning that the IP address can no longer be traced back to the respective client.
4. The storage of data in log files is absolutely necessary to ensure that the website is fully operational. As such, users have no right to object.
The following data is saved and transmitted in the cookies:
- language settings
- login details
- items in shopping carts
- search terms entered
- frequency of page views
- use of website functions
2. The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) of the GDPR.
Under VII. GOOGLE ANALYTICS you have the possibility to deactivate the corresponding cookies.
Google Analytics has been extended on this website by the code “grt._anonymizeIP()” in order to guarantee an anonymised collection of IP addresses.
As a result of the activation of IP anonymisation on this website, your IP address will be abbreviated by Google in advance within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there.
Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties, if this is required by law, or as far as third parties process this data on behalf of Google. In no case will Google link your IP address to any other data provided by Google. The IP address transmitted from your browser by Google Analytics will not be merged with other data belonging to Google.
3. The purpose of using Google’s web analysis services and cookies is to increase the efficiency of our website through perfected analysis of user behaviour in order to accommodate the interests and needs of our users to the fullest extent. For this purpose, our legitimate interest in data processing is in line with Art. 6 (f) of the GDPR.
4. You can prevent the storage of cookies by Google by adjusting your browser software settings accordingly. However, we would point out that in this case you may not be able to use all the functions of this website fully. In addition, you can prevent the use of Google Analytics, thus preventing Google from collecting the data generated by the cookie and regarding your use of the website (including your IP address), and also prevent Google from processing this data by downloading and installing the browser plug-in available from the link below: (http://tools.google.com/dlpage/gaoptout?hl=en).
If your personal data is processed, you are defined as a data subject according to the GDPR, and you have the following rights in relation to the controller:
1. Right of access
You are entitled to request confirmation from the controller as to whether we are processing personal data relating to you.
If such processing is taking place, you are entitled to demand the following information from the controller:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data being processed;
(3) the recipients and/or categories of recipient to which personal data relating to you has been or is being disclosed;(4) the envisaged retention period for the personal data relating to you or, if it is not possible to state this definitively, the criteria used to determine this period;
(5) information regarding your right to correction or erasure of the personal data relating to you, your right to restrict processing by the controller or your right to object to this processing;
(6) your right to lodge a complaint with a supervisory authority;
(7) any available information about the source of data if the personal data is not collected from the data subject;
(8) the existence of an automatic decision-making process, including profiling, pursuant to Art. 22 (1) and (4) of the GDPR and – at least in those cases - express information about the logic involved, as well as the significance and targeted consequences of such processing for the data subject.
You have the right to demand information regarding whether personal data relating to you is being transmitted to a third country or international organisation. In this regard, you are entitled to demand to be informed of the appropriate safeguards related to the transfer pursuant to Art. 46 of the GDPR.
2. Right to rectification
You have right to rectification and/or completion of your personal data in relation to the controller, provided that the processed personal data concerning you is inaccurate or incomplete. The controller must undertake any rectification without undue delay.
3. Right to restriction of processing
You are entitled to demand the restriction of the processing of personal data relating to you in the following circumstances:
(1) if you dispute the accuracy of the personal data relating to you for a period, allowing the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the erasure of the personal data and request the restriction of its use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims, or
(4) you have objected to processing pursuant to Art. 21 (1) of the GDPR pending the verification of whether the legitimate grounds of the controller override your own.
If the processing of the personal data relating to you has been restricted, this data, with the exception of its storage, shall be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where processing has been restricted according to the provisions listed above, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Duty of erasure
You shall have the right to demand from the controller the erasure of personal data relating to you without undue delay and the controller shall have the obligation to erase this data immediately, where one of the following grounds applies:
(1) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Art. 6 (1) (a), or Art. 9 (2) (a) of the GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR.
(4) The personal data relating to you has been unlawfully processed.
(5) The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data has been collected in relation to the offer of information society services in line with Article 8 (1) of the GDPR.
b) Provision of information to third parties
If the controller has made public the personal data concerning you and is obliged to erase it pursuant to Art. 17 (1) of the GDPR, then this person must take all appropriate measures, taking into account the technology and implementation costs available, including measures of a technical nature, in order to inform the controller of data processing who processed the personal data that you as a data subject have requested that they erase all links to this personal data and any copies or replicas of this personal data.
The right to erasure shall not apply where processing is required for the following purposes;
(1) for exercising the right of freedom of expression and information;
(2) for fulfilling a legal obligation that requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i), as well as Art. 9 (3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) of the GDPR insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to notification
Where you have asserted the right to the rectification, erasure or restriction of processing to the controller, the controller shall be obliged to communicate this correction or erasure of data or restriction of processing to all recipients to whom personal data relating to you has been disclosed, unless this proves impossible or involves disproportionate effort.
You are entitled to demand that the controller informs you of these recipients.
6. Right to data portability
You have the right to receive the personal data relating to you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
(1) the processing is based on consent pursuant to Art. 6 (1) (a) of the GDPR or Art. 9 (2) (a) of the GDPR, or on a contract pursuant to Art. 6 (1) (b) of the GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another, where this is technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to the processing of personal data that is required for performance of a task carried out in the public interest or in the exercise of public authority vested in the controller.
7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you based on Art. 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms or that serve the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data relating to you for the purposes of such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data relating to you shall no longer be processed for such purposes.
In the context of the use of information society services, regardless of Directive 2002/58/EC, you have the option to exercise your right to object by automated means using technical specifications.
8. Right to withdraw declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of the consent up to the point at which it is withdrawn.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision that is based solely on automated processing, including profiling, which produces legal effects in relation to you or which similarly significantly affects you. This right does not apply if the decision
(1) is necessary for concluding, or performing, a contract between you and the data controller,
(2) is authorised by the statutory provisions of the Union or Member State to which the controller is subject and which also lay down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions may not be based on particular categories of personal data pursuant to Art. 9 (1) of the GDPR, unless Art. 9 (2) (a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the location at which the suspected breach occurred, if you consider that your rights under GDPR are infringed by the processing of personal data relating to you, regardless of another regulatory or statutory appeal.
The supervisory authority to which the complaint is submitted must inform the complainant of the progress and the outcome of the complaint, including the right to an effective judicial remedy pursuant to Art. 78 of the GDPR.