I. Name and address of controller:
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
Hes Expo GmbH
Hes Expo GmbH
51147 Köln, Germany
Tel: +49 2203 9618363
E-Mail: [email protected]
II. General information on data processing
As a matter of principle, we only process personal data insofar as this is necessary to provide a functional website and our content and services. Personal data is only processed with the user’s consent or in cases in which obtaining prior consent is not possible for factual reasons and data processing is permitted by law.
Insofar as we obtain the data subject’s consent for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.
If the processing of personal data is necessary to meet a legal obligation to which our company is subject, Article 6 (1) (c) of the GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Article 6 (1) (f) of the GDPR serves as the legal basis for the processing.
The data subject’s personal data shall be erased or suppressed as soon as the purpose for storage no longer applies. In addition, data may be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be suppressed or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
III. Provision of the website and creation of log files
Each time you visit our website, our system automatically collects data and information from the accessing computer’s system.
The following data is collected:
browser type and version;
the operating system used;
the user’s Internet service provider;
the IP address;
date and time of access;
websites from which the user’s system accesses our website; and
websites that are accessed by the user’s system via our website.
The data is also stored in our system’s log files. The user’s IP addresses or other data that allows the data to be assigned to a user are not affected by this. This data is not stored together with any other personal data pertaining to the user.
The legal basis for the temporary storage of data and log files is Article 6 (1) (f) of the GDPR.
Temporary storage of the IP address by the system is necessary to allow the website to be provided to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. We do not evaluate this data for marketing purposes.
These purposes are also our legitimate interest in data processing according to Article 6 (1) (f) of the GDPR.
The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected. If data is collected to provide the website, this is the case when the respective session comes to an end.
If data is stored in log files, this is the case after seven days at the latest. It may, however, be stored for a longer period. In this case, users’ IP addresses are erased or distorted, so that we are no longer able to identify the accessing client.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary to operate the website. Consequently, the user does not have any options to opt out.
The legal bases for the processing of personal data using cookies are Article 6 (1) (f) of the GDPR and Article 6 (1a) of the GDPR.
The data collected by cookies required for technical reasons is not used to create user profiles. This type of cookies is also used for the purpose of improving the quality of our website and content. This is how we learn how the website is used and can therefore constantly optimise our offer.
The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash player’s settings.
V. Contact form and e-mail contact
If there are contact forms on our website which can be used for electronic contact and a user uses this option, the data entered on the contact form will be transmitted to us and stored. Depending on the form selected, this data generally includes:
1.2. Company name
1.3. E-mail address
The following data is also stored at the time the message is sent:
User’s IP address
Date and time of registration
Alternatively, it is possible to contact us using the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
In this context, data will not be shared with third parties. The data is used exclusively to process the conversation.
The legal basis for processing the data is Article 6 (1) (a) of the GDPR if the user has given their consent.
The legal basis for processing the data transmitted in the course of sending an e-mail is Article 6 (1) (f) of the GDPR. If the purpose of e-mail contact is to conclude a contract, the additional legal basis for processing is Article 6 (1) (b) of the GDPR.
We only process personal data provided on contact forms to process the request. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serves to prevent the contact form from being misused and to ensure the security of our information technology systems.
The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the contact form and data sent by e-mail, this is the case when the respective conversation with the user comes to an end. The conversation is terminated when it is clear from the circumstances that the matter in question has been conclusively resolved.
The additional personal data collected during the sending process will be erased after a period of seven days at the latest.
The user has the option to withdraw their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
It is possible to withdraw consent and object to storage verbally, in writing or by e-mail.
All personal data stored in the course of contacting us will be erased in this case.
VI.Web analysis through Google Analytics
We use Google Analytics on our website to analyse our users’ surfing behaviour. The software saves a cookie on the user’s computer (for cookies, see above). If individual pages of our website are accessed, the following data is stored:
1.1. Two bytes of the IP address of the user’s accessing system
1.2. The website accessed
1.3. The website from which the user reached the accessed website (referrer)
1.4. The subpages that are accessed from the website accessed
1.5. The time spent on the website
1.6. The frequency the website is accessed
The legal basis for processing users’ personal data is Article 6 (1) (f) of the GDPR.
The processing of users’ personal data allows us to analyse our users’ surfing behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and make it more user-friendly.
For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Article 6 (1) (f) of the GDPR. Anonymising the IP address sufficiently takes users’ interests in protecting their personal data into account.
Users can also prevent the collection of data generated by the cookie relating to the use of the website (including IP address) to Google and the processing of this data by Google, by users downloading and installing this browser add-on.
Opt-out cookies prevent the future collection of user data when visiting this website. To prevent collection by Universal Analytics across different devices, users must opt out on all systems used
VIII Google fonts
Our website uses ‘web fonts’ for the uniform display of fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). When a page is accessed, the visitor’s browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. Google is covered by the Privacy Shield Agreement listed, which means that it currently complies with European data protection law. For this purpose, the browser used by the website visitor must connect to Google’s servers. This allows Google to learn that our website has been accessed via the IP address used.
The legal basis for the processing of personal data using cookies is Article 6 (1) (f) of the GDPR.
Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offering. For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Article 6 (1) (f) of the GDPR.
Based on its own information, the log data collected by Google is anonymised by erasing part of the IP address and cookie information after 9 and 18 months respectively. Users can find more information here.