www.invest-in-hessen.com

Privacy Policy

The Data Controller in the meaning of the EU General Data Protection Regulation, the Hessian Data Protection and Freedom of Information Act (HDSIG) and other national Data Protection Acts of the Member States as well as other Data Protection Regulations is:

Hessen Trade & Invest GmbH

Konradinerallee 9
65189 Wiesbaden, Germany
Tel.: +49 611 95017 80
e-mail: info@htai.de
Managing Director: Dr. Rainer Waldschmidt
Website: www.htai.de

 

The Data Protection Officer of the party responsible can be contacted as follows:

Tel.: +49 611 95017 8286
Fax: +49 611 95017 8415
E-mail: datenschutzbeauftragter@hessen-agentur.de

 

Personal Data

Personal data are particulars about personal or factual circumstances of an identified or identifiable natural person. This includes, e.g. name, address, email address, and also an IP address. In the following we describe how we process your personal data.

 

Provision of the Website and Generation of Log Files

You can visit our website at any time without having to register yourself or providing personal details. Each time our Internet pages are accessed, our system, however, automatically records data and information from the computer system of the calling computer.

Description and Scope of Data Processing: The following data are collected automatically when a page is viewed:

  • Browser type and version,
  • Operating system used,
  • Website from where you visit us (Referrer URL),
  • Website which you visit,
  • Date and time of your access,
  • Your Internet Protocol (IP) address.

The collection of data to provide the website and the storage of the data in log files is mandatorily necessary for the operation of the website. 

Legal Basis for Data Processing: The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit. f EU General Data Protection Regulation (GDPR).

Purpose of Data Processing: The temporary storage of the IP address by the system is necessary to enable a delivery of the website to the computer of the user. For this purpose, the IP address of the user must remain stored for the duration of the session. The purpose of storing in log files is to guarantee the functionality and stability of the website. In addition, the data help us to optimize the website and ensure the security of our information technology systems. A data analysis for marketing purposes is not carried out in this context. These purposes also include our legitimate interests in data processing according to Art. 6 Para. 1 lit. f GDPR.

Duration of Storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. When data are collected for the provision of the website this is the case when the respective session has ended. The data stored in log files are deleted at the latest after a term of seven days.

 

Contact by E-Mail

Description and Scope of Data Processing: When contacting us via the provided email address the personal data transmitted by email are stored. Your data are not passed on to third parties.

Legal Basis for Data Processing: The legal basis for the temporary storage of the data which are transmitted during sending an email is Art. 6 Para.1 lit. f GDPR. Our legitimate interest is to answer the contact enquiry of the sender. If the reason for the e-mail contact is the conclusion of a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.

Purpose of Data Processing: The sole purpose of processing personal data from an e-mail is the processing of the contact enquiry.

Duration of Storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. For personal data sent by e-mail, this is the case when the respective conversation with the user is ended. The conversation is ended when the circumstances show that the relevant issues have been clarified conclusively. This does not apply when legal or contractual obligations and in particular retention periods are contrary to the deletion.

 

Newsletter

Description and Scope of Data Processing: When registering for one of our free of charge newsletters, the data from the input mask are transmitted to us. For the processing of the data, your consent is sought within the scope of the registration process and reference is made to this Data Protection Declaration.

At the time of sending the newsletter registration, the IP address of the user, as well as date and time of the newsletter registration are also stored. When you open one of our newsletters or click on a link therein, this may be logged via the webserver (date, time, email address). This serves internal statistical purposes so that we can tailor our range of information even better to the interests of our newsletter users. Herein lies our legitimate interest in the data processing. These data are not merged into personal usage profiles.

The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data. If personal data are not provided, the result is, as far as these are mandatory details, that we are unable to send you a newsletter.

Legal Basis for Data Processing: The legal basis for the processing of data after registering for the newsletter is your consent (Art. 6 Para. 1 lit. a GDPR). The legal basis for any statistical evaluations conducted is Art. 6 para. 1 lit. f GDPR.

Purpose of Data Processing: The data are used solely for sending the newsletter. Your email address is collected to deliver the newsletter to you. If other personal data are collected within the scope of the registration procedure, this serves the individualisation of the newsletter as well as preventing misuse of the service or the email address used.

Duration of storage: The personal data provided by you will be stored until a possible revocation of the consent to receive the newsletter on your part. After receipt of a revocation from you, your email address will be provided with a blocking notice to document that you do not wish to be contacted by us via email in future. Any other personal data collected with the registration for the newsletter will be deleted immediately. The blocking notice, as well as your email address will be deleted three years after conclusion of the calendar year in which the blocking notice was applied. The personal data collected additionally during the sending procedure are deleted at the latest after a term of seven days.

 

Dispatch of Newsletters by CleverReach

When sending our newsletter to registered interested parties, we employ CleverReach GmbH & Co. KG (Mühlenstr 43, 26180 Rastede, in the following termed “CleverReach”) within the scope of order processing. CleverReach was carefully selected by us as specialized service provider and is reviewed regularly by us to ensure that your privacy is preserved. CleverReach processes your personal data only on our behalf and in line with our instructions and may use your personal data exclusively for the purposes specified by us. Compliance with these data protection regulations as well as the required security measures is guaranteed at all times.

Description and Scope of Data Processing: If you use our comments function to express your opinion about contributions on our website, your comments, including your selected user name, will be visible to other website visitors. You are free to use the comments function. There is no obligation to submit a comment.

Legal Basis for Data Processing: When using the comments function, the legal basis for the processing of data is the consent given by you (Art. 6 Para. 1 lit. a GDPR).

Purpose of Data Processing: Data processing serves the publication of comments on our website.

Duration of the storage: The data are stored for the period of publication of your comment on our website and will then be deleted immediately.

 

Contact Form and E-Mail Contact
 

Description and Scope of Data Processing: By sending a contact request by means of our contact form the data entered in the input mask are transmitted to us and stored. At the time of sending the message, the IP address of the user, as well as date and time of sending the message are stored. Your consent is sought within the scope of the sending procedure and reference is made to this data protection declaration for processing the data.

The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data.  If personal data are not provided, making contact via the contact form is not possible if the provision of such details is mandatory.

Alternatively, making contact via the provided e-mail address is possible. In this case, the personal data of the user transmitted by e-mail are stored.

Legal Basis for Data Processing: The legal basis for the processing of data which are transmitted via the contact form is your consent (Art. 6 Para. 1 lit. a GDPR). The legal basis for the processing of data which are transmitted by sending an e-mail is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is to answer the contact enquiry of the sender. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.

Purpose of Data Processing: The sole purpose of processing the personal data from an input mask or e-mail is the processing of the contact enquiry.

Duration of Storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. For personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user is ended. The conversation is ended when the circumstances show that the concerned issues have been clarified conclusively.

This does not apply when legal or contractual obligations, in particular retention periods, are contrary to the deletion. The personal data collected additionally during the sending procedure are deleted at the latest after a term of seven days.

 

Registration for Events
 
Description and Scope of Data Processing: By sending a registration via a registration form, the data entered in the input mask are transmitted to us and stored. At the time of sending the message, the IP address of the user, as well as date and time of the registration are stored. Your consent is sought for the processing of the data within the scope of the sending procedure and reference is made to this data protection declaration for processing the data.

The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data.  If personal data are not provided a registration for an event is not possible if the provision of such details is mandatory.

Legal Basis for Data Processing: The legal basis for the processing of data is your consent (Art. 6 Para. 1 lit. a GDPR).

Purpose of the Data Processing: Processing of personal data exclusively serves the implementation of the registration and the event.

Duration of the storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. The personal data collected within the scope of the registration are deleted at the latest after one month following completion of the event, if you have not agreed to any further use or processing (e.g. consent to receive invitations for future events). 

The personal data collected additionally during the sending procedure are deleted at the latest after a term of seven days.

 

Registration for Partnering at Events
 
Description and Scope of Data Processing: In the run-up to certain events, visitors have the opportunity to register for the so-called Partnering and to deposit Partnering profiles. By sending the registration for Partnering and the Partnering profile, the data entered in the input mask are transmitted to us and stored. At the time of sending the registration, the IP address of the user, as well as date and time of the registration are stored. Your consent is sought within the scope of the sending procedure and reference is made to this data protection declaration for processing the data.

The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data.  If personal data are not provided, a participation in the Partnering is not possible if the provision of such details is mandatory.

All participants who have registered for the Partnering receive access to the profiles of other participants before the event and can agree 10-minute discussions on an individual basis. Apart from that, your data are not passed on to third parties.

Legal Basis for Data Processing: The legal basis for the processing of data is your consent (Art. 6 Para. 1 lit. a GDPR).

Purpose of Data Processing: Processing of personal data exclusively serves the registration for and implementation of the Partnering.

Duration of Storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. The personal data collected in the partnering profile within the scope of the registration for partnering are deleted at the latest after one month following completion of the event.

Additional personal data collected during the sending procedure are deleted after a term of seven days at the latest.

 

Taking and Publishing of Photos
 
Description and Scope of Data Processing: Within the scope of the special public contract to pursue business development and to develop it (further) in the State of Hesse, it is the responsibility of HA Hessen Agentur GmbH to inform the public about events in suitable publications using word and pictures. For this purpose, photos may be taken at events and published in print media, in Internet services of HA Hessen Agentur GmbH and/or presences of HA Hessen Agentur GmbH in social media (e.g. Facebook, Twitter, Instagram).
 
For the taking and publishing photos, consent is sought from the visitor during the registration procedure and reference is made to this data protection declaration. The visitor has the option of choosing whether photos portraying him or her may be shown only in print media and own Internet services of the party responsible or also in social media.
 
The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data.  The failure to consent to the taking of photos and publication of these photos in print media and own Internet services of the party responsible, however, means that a registration for the event is not possible as otherwise the party responsible cannot fulfil the special public contract described in the foregoing. 
 
Recipient and Data Transmission to Third Countries: For publication in print media, the photos taken are transmitted, in particular to daily newspapers and publishing houses. If the visitor has consented to the publication of photos portraying him or her in social media, the data are transmitted to the operators of these social networks. Within the scope of the consent, the visitor is informed that some operators of social media have their registered office outside of the EU territory and the European Economic Area (EEA), in particular in the USA and that these countries do not have an appropriate data protection level. Transmission is, possible to the following operators of social media in particular:

 

Facebook

Service provider is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland).

You can find further information about the collection and use of personal data by Facebook at http://www.facebook.com/policy.php.

Instagram

Service provider is Instagram LLC (1601 Willow Rd, Menlo Park CA 94025, USA).

You can find further information about data protection in the data protection declaration of Instagram at http://instagram.com/about/legal/privacy.

XING

Service provider is XING SE (Dammtorstraße 30, 20354 Hamburg, Germany).

You can find further information about data protection in the data protection declaration of XING at https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

Service provider is LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland).

You can find further information about data protection in the data protection declaration of LinkedIn at https://www.linkedin.com/legal/privacy-policy as well as in the Cookie Policy at https://www.linkedin.com/legal/cookie-policy.

Google+

Service provider is Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA).

You can find further information about data protection in the data protection declaration of Google at https://policies.google.com/privacy/update?hl=de&gl=de. Google also processes your personal data in the USA and has submitted itself to the EU-US Privacy Shield.

Twitter

Service provider is Twitter International Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland).

You can find further information about data protection in the data protection declaration of Twitter at https://twitter.com/de/privacy.

YouTube

Service provider is YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA; a company of Google LLC).

You can find further information about data protection in the data protection declaration of Google at https://policies.google.com/privacy/update?hl=de&gl=de. Google also processes your personal data in the USA and has submitted itself to the EU-US Privacy Shield.

Vimeo

Service provider is Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA.

You can find further information about data protection in the data protection declaration of Vimeo at https://vimeo.com/privacy.

Pinterest

Service provider is Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland).

You can find further information about data protection in the data protection declaration of Pinterest at https://policy.pinterest.com/de/privacy-policy.

We cannot exclude that, even when operators of social media have a registered office in Europe, the personal data are also transmitted to group companies in the USA or another country outside of the EU or the EEA and/or that these are stored on servers in the USA or another country outside of the EU or the EEA.

Legal Basis for Data Processing: The legal basis for the processing of data is the consent of the event visitors (Art. 6 Para. 1 lit. a GDPR). Apart from that, the legal basis is a legitimate interest of HA Hessen Agentur GmbH as well as the special public mandate conferred to it (Art. 6 Para. 1 lit. f GDPR and Art. 6 Para. 1 lit.) e GDPR). This follows from the special public mandate to pursue business development in the State of Hesse and to develop it (further), as described in the foregoing.
 
Purpose of Data Processing: The purpose of the publication of photos is the special public mandate of HA Hessen Agentur GmbH, to pursue business development in the State of Hesse and to develop it (further) and therefore to inform the interested public about events.

Duration of Storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. Insofar as photos are not published, these will be deleted at the latest one month after closing of the event. Published photos remain stored as long as the respective publications can be called up or are obtainable.  

 

Proposals for Awards and Participation in Campaigns
 
Description and Scope of Data Processing: By sending a proposal or registration form, the data entered in the input mask are transmitted to us and stored. At the time of sending the form, the IP address of the user, as well as date and time of the registration are stored. Your consent is sought for the processing of the data within the scope of the sending procedure and reference is made to this data protection declaration.

The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data.  If personal data are not provided, a proposal for an award or participation in a campaign is not possible if the provision of such details is mandatory.

Insofar as HA Hessen Agentur GmbH conducts the proposals for awards or campaigns as processor bound by instructions on behalf of a party responsible, in particular the Hessische Staatskanzlei (State Chancellery of Hesse) or a ministry of the State of Hesse, it will provide the principal with the collected data. Your data are not passed on to third parties.

Legal Basis for Data Processing: The legal basis for the processing of data is your consent (Art. 6 Para. 1 lit. a GDPR).

Purpose of Data Processing: The sole purpose of processing the personal data is the implementation of the respective award or campaign.

Duration of storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. In the case of order processing, HA Hessen Agentur GmbH stores the data for the period specified by the principal.

Additional personal data collected during the sending procedure are deleted at the latest after a term of seven days.

 

Brochure Shop

Description and Scope of Data Processing: By sending an order, the data entered in the input mask are transmitted to us and stored. At the time of sending the form, the IP address of the user, as well as date and time of the registration are stored. Your consent is sought for the processing of the data within the scope of the sending procedure and reference is made to this data protection declaration.

The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data.  If personal data are not provided, a mailing of the desired brochure(s) is not possible if the provision of such details is mandatory.

HA Hessen Agentur GmbH uses the web shop service provider A&M Service GmbH, Hinter dem Entenpfuhl 13/15, 65604 Elz, to process the orders. Your consent is sought for the transmission of the data to A&M Service GmbH within the scope of the order.

Legal Basis for Data Processing: The legal basis for the processing of data for performance of a contract is Art. 6 Para. 1 lit. b GDPR. The legal basis for the transmission of data to A&M Service GmbH is your consent (Art. 6 Para. 1 lit. a GDPR). 

Purpose of Data Processing: Processing of the personal data exclusively serves the completion of the order.

Duration of Storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. The data collected within the scope of the order are deleted after expiry of the legal retention period (as a rule six or ten years). 

Additional personal data collected during the sending procedure are deleted at the latest after a term of seven days.

 

Participation in Competitions

Description and Scope of Data Processing: By sending a competition form, the data entered in the input mask are transmitted to us and stored. At the time of sending the form, the IP address of the user, as well as date and time of the registration are stored. Your consent is sought for the processing of the data within the scope of the sending procedure and reference is made to this data protection declaration

The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data.  If personal data are not provided, a participation in a competition is not possible if the provision of such details is mandatory.

If prizes are sent by third parties (e.g. by the sponsor of the prize) and personal data of the winner are transmitted to these for the purpose of sending the winnings, you will be informed about this for the respective competition. 

Legal Basis for Data Processing: The legal basis for the processing of data from the competition form is your consent (Art. 6 Para. 1 lit. a GDPR).

Purpose of Data Processing: Processing of the personal data exclusively serves the implementation of the respective competition as well as the sending of the prizes.

Duration of Storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. The data collected within the scope of participating in the competition are deleted at the latest one month after completion of the competition, if you have not provided your consent for further use of your data (e.g. ordering a newsletter). Additional personal data collected during the sending procedure are deleted at the latest after a term of seven days.  

Registration Forms for Thematic Databases

Description and Scope of Data Processing: You have the possibility of registering for thematic databases on our web pages. By sending the registration, the data entered in the input mask are transmitted to us and stored. At the time of sending the form, the IP address of the user, as well as date and time of the registration are stored. Your consent is sought for the processing of the data within the scope of the sending procedure and reference is made to this data protection declaration.

The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data.  If personal data are not provided, a registration for the respective database is not possible if the provision of such details is mandatory.

Legal Basis for Data Processing: The legal basis for the processing of data from the input mask is your consent (Art. 6 Para. 1 lit. a GDPR).

Purpose of Data Processing: The processing of the personal data exclusively serves to include you or the organisation you represent in the respective database and to be able to contact you for this purpose. 

Duration of the storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. Should the verification of your registration lead to a negative result, we delete the data at the latest one month after rejection. In the case of a positive conclusion of your registration, we store the specified data for the duration of your stay in the respective database. The deletion of your registration and removal from the respective database is possible at any time. Please contact info@hessen-agentur.defor this purpose. Additional personal data collected during the sending procedure are deleted at the latest after a term of seven days.

 

Familienkarte Hessen (Family Card Hesse)

Description and Scope of Data Processing: By sending the registration form, the data entered in the input mask are transmitted to us and stored. At the time of sending the form, the IP address of the user, as well as date and time of the registration are stored. Your consent is sought for the processing of the data within the scope of the sending procedure and reference is made to this data protection declaration.

The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data.  If personal data are not provided, ordering the Familienkarte Hessen is not possible if the provision of such details is mandatory.

HA Hessen Agentur GmbH was commissioned as a processor bound by instructions with the operation of the website www.familienkarte-hessen.de by the Hessian Ministry of Social Affairs and Integration (HMSI). The data collected within the scope of the registration are also available to the HMSI. If you have a new-born or a child aged below one year and have provided your consent within the course of the registration, HA Hessen Agentur GmbH will also send the data required for mailing the HiPP New-born Parcel and/or membership in the HiPP Mein BabyClub (name, address, e-mail address, name and date of birth of the youngest child) to HiPP GmbH & Co. Vertrieb KG (Georg-Hipp-Str. 7, 85276 Pfaffenhofen (Ilm)).

Legal Basis for Data Processing: The legal basis for the processing of data from the input mask as well as, where appropriate, transmission of the specified data to HiPP GmbH & Co. Vertrieb KG is your consent (Art. 6 Para. 1 lit. a GDPR).

Purpose of Data Processing: Processing of personal data exclusively serves the issue of and participation in promotions of Familienkarte Hessen.

Duration of Storage: Your data are stored for the validity period of Familienkarte Hessen and are deleted one month after its expiry. If you move away from Hesse or do no longer wish to use your Familienkarte Hessen, you can either delete your data yourself in the restricted member section or inform us about this by e-mail to info@familienkarte.hessen.de and we will handle this for you. Your data will be deleted in full after one month.

Additional personal data collected during the sending procedure are deleted at the latest after a term of seven days.

 

Intermediate Storage of Questionnaires

Description and Scope of Data Processing: You have the possibility of intermediate storage of a commenced questionnaire to complete it at a later point of time. You can register by entering a name, password and your e-mail address. By sending the registration form, the data entered in the input mask are transmitted to us and stored. At the time of sending the registration, the IP address of the user, as well as date and time of the message dispatch are stored. The information provided in the questionnaire is also stored. Your consent is sought for the processing of the data within the scope of the sending procedure and reference is made to this data protection declaration

The provision of personal data by you is neither prescribed legally nor contractually, nor is it necessary for conclusion of a contract. You are not obliged to provide us with personal data.  If personal data are not provided, intermediate storage of the questionnaire is not possible if the provision of such details is mandatory.

Legal Basis for Data Processing: The legal basis for the processing of data which are transmitted during the registration is your consent (Art. 6 Para. 1 lit. a GDPR).

Purpose of Data Processing:The purpose of processing the personal data entered in the input mask is to give you the opportunity of accessing a stored questionnaire and to complete this at a later point of time.

Duration of the storage: The data are deleted as soon as they are no longer needed to achieve the purpose of their collection. The data you entered in the input mask, as well as the questionnaire in intermediate storage are deleted at the latest seven days after you have completed the questionnaire. If you do not wish to complete the questionnaire, you can have this, as well as the data stored in the input mask, deleted at any time. Please contact info@hessen-agentur.de in this case. Additional personal data collected during the sending procedure are deleted at the latest after a term of seven days.

 

Transmission of Personal Data

HA Hessen Agentur GmbH will not pass on your data to third parties, except when you have given your express consent to such transmission in advance or when the transmission is prescribed by law, respectively permitted by law. Exempted from this are service partners of HA Hessen Agentur GmbH, who are required for processing the contractual relations and are commissioned with the processing of personal data on our behalf and according to our instructions in the context of a data processing agreement. If HA Hessen Agentur GmbH was commissioned by the State Chancellery Hesse or a ministry of the State of Hesse to act as processor or project manager and support a project or campaign, the data collected during the respective project or campaign may, if necessary, be made available to the respective principal. Insofar as there is no order processing, the legal basis for this is the legitimate interest of HA Hessen Agentur GmbH and the respective principal (Art. 6 Para. 1 lit. f GDPR). The legitimate interest is, in particular, to evaluate the success of the respective project or campaign. Our employees are sworn to secrecy and compliance with the data protection regulations.

 

Use of Technically Necessary Cookies

Description and Scope of Data Processing: To design the visit to our Internet services attractively and enable the use of certain functions, we use so-called cookies on various pages. These are small text files which are placed on your terminal device.

You can set your browser so that you are informed about the placing of cookies and can decide individually about accepting these or generally exclude the acceptance of cookies for certain cases or generally. When cookies are not accepted, the functionality of our website can be restricted. The following links show you how the settings can be adjusted for the following common browsers:

Chrome: https://support.google.com/chrome/answer/95647?hl=de  

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen  

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies  

Safari: https://support.apple.com/kb/PH21411?viewlocale=de_DE&locale=de_DE   

If you use various devices to visit our Internet services (e.g. your computer, your smartphone, your tablet, etc.), you should make sure that the cookie settings you want are set in each browser and on each device.

Legal Basis for Data Processing: If personal data are processed with the use of technically necessary cookies, the legal basis is Art. 6 Para. 1 lit. f GDPR.

Purpose of Data Processing: The purpose of using technically necessary cookies is to design the visit to our Internet services attractively and enable the use of certain functions, such as e.g. selection of language, storage of articles in a shopping cart or recognition of the browser after the registration in the member section of a page. Some functions of our Internet site cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after switching sites. This is also our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

The user data collected by cookies are not used to generate user profiles.

Duration of Storage: We use “Session Cookies”. A Session Cookie is a cookie which is deleted automatically after the user has closed the browser.

 

Website Analysis, Social Plug-Ins

If you have given your consent with a click on “accept Cookies” or activation of a Social Plug-In (e.g. click on “Yes, continue with Facebook”) we use the following cookies as described below:

 

Social Plug-Ins from Providers of Social Networks

Social plug-ins from providers of social networks are used on our websites. Personal data can be sent to the service providers (including outside Europe) via these social plug-ins and used by these if necessary.

We ourselves do not record any personal data or information about their use via social plug-ins. We have configured the social plug-ins so that initially no personal data are passed on to the providers of the individual social plug-ins when you visit our website. Only when you click onto one of the social plug-ins, can data be transferred to the service provider and stored there.

When clicking on the corresponding buttons of the service provider, it will receive the information that you have accessed the corresponding subpage of our online service. You do not need to have an account with this service provider nor be logged in there. When you are logged in with this service provider, these data are assigned directly to your account. When you click on one of the social plug-ins and, for example, link the page, the service provider will also store this information in your user account and may possibly disclose this to your contacts publicly.

If you do not want the assignment with your profile at the service provider’s, you need to log out before clicking on one of the social plug-ins.

We have no influence on whether or in which scope the service providers collect personal data. The scope, purpose and storage period of the data collection are also not known to us. One must assume that at least the IP address and device-related information are recorded and used. It is also possible that the service provider uses cookies.

We would like to point out that the service providers of social networks have, in part, their registered office outside of the region of the EU and the European Economic Area (EEA), in particularly in the USA, and that these countries do not have an appropriate data protection level. We cannot exclude that, even when service providers of social networks have a registered office in the EU, the personal data are also transmitted to the group companies in the USA or another country outside of the EU or the EEA and/or that these are stored on servers in the USA or another country of the EU or the EEA. 

Further information of the service providers in detail:

 

Facebook

Service provider is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland).

You can find further information about the collection and use of personal data by Facebook at http://www.facebook.com/policy.php.

 

Instagram

Service provider is Instagram LLC (1601 Willow Rd, Menlo Park CA 94025, USA).

You can find further information about data protection in the Instagram Data Protection Declaration at http://instagram.com/about/legal/privacy.

 

XING

Service provider is XING SE (Dammtorstraße 30, 20354 Hamburg).

You can find further information about data protection in the XING Data Protection Declaration at https://privacy.xing.com/de/datenschutzerklaerung.

 

LinkedIn

Service provider is LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland).

You can find further information about data protection in the Data Protection Declaration of  LinkedIn at https://www.linkedin.com/legal/privacy-policy as well as in the Cookie Policy at https://www.linkedin.com/legal/cookie-policy.

 

Twitter

Service provider is Twitter International Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland).

You can find further information about data protection in the Data Protection Declaration of Twitter at https://twitter.com/de/privacy.

 

Google+

Service provider is Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043 USA).

You can find further information about data protection in the Data Protection Declaration of Google at https://policies.google.com/privacy/update?hl=de&gl=de. Google also processes its personal data in the USA and has submitted itself to the EU-US Privacy Shield.

 

YouTube Videos and related Data Collection and Use

On our websites you can watch videos which are integrated by means of a “Plug-In” from YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA; a company of Google LLC). YouTube uses cookies for data collection and statistical data evaluation. YouTube uses cookies, among others, to record reliable video statistics, to avoid fraud and to improve user friendliness. Through the YouTube cookies, the operator of the website receives statistical values for the retrieval of individual videos embedded in the website without reference to the respective user. When you watch one of the videos embedded in this manner, it can happen that YouTube stores and uses these data further. Should you be logged into your YouTube account at YouTube at the same time in this case, YouTube may be able to assign your surfing behaviour to your YouTube user profile. You can prevent a corresponding data processing by logging out of your YouTube account before visiting our website.

On our website, the “extended data protection mode” is activated for YouTube videos. This means: YouTube does not store cookies for a user, who views a website with an embedded YouTube video player, but does not click on the video, to start playback. In addition, before you call up a video, you will be informed that when you click on a video link, you leave the website of the person responsible and will be transferred to the Internet services of the video portal YouTube with transmission of the website currently called up by you. If you accept this, YouTube may possibly store cookies on the computer of the user, however no personal cookie information is stored for playback of embedded videos.

As this is the service of a third party, we have no influence on the processing of corresponding data by YouTube. For the purpose and scope of the data collection and the further processing and use of the data by YouTube, resp. Google as well as your corresponding rights and configuration options to protect your private sphere please refer to the corresponding references for data protection at  https://policies.google.com/privacy/update?hl=de&gl=de. Google also processes your personal data in the USA and has submitted itself to the EU-US Privacy Shield.

 

Vimeo Videos and related Data Collection and Use 

You have the option of accessing our video offers at Vimeo (an offer from Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA) via our video library or directly at https://vimeo.com/htai/videos. As these are the services of a third party, we have no influence on the processing of corresponding data by Vimeo. In its data protection notices, Vimeo points out that information of the users (including personal data) can be transferred to, stored and processed in the USA, where Vimeo’s servers are located and their central database is operated. Please see the corresponding data protection notices of Vimeo at https://vimeo.com/privacyfor further information for the purpose and scope of data collection and further processing and use of the data by Vimeo as well as your corresponding rights and configuration options to protect your privacy.

 

Using Google Maps

The services of Google Maps are used on our websites. With this we can display interactive maps directly on the website for you and enable the comfortable use of the map function.  

If you have consented to the data transmission to Google by clicking onto the corresponding button, Google receives the information that you have called up on the corresponding subpage of our website. Furthermore, the data stated under “Provision of the website and generation of log files” are transmitted. This takes place independent of whether Google provides a user account via which you are logged in, or whether there is no user account. If you are logged in with Google, your data are assigned directly to your account. If you do not want the assignment with your Google profile, you need to log out before activating the button.  Google stores your data as usage profiles and uses these for advertising purposes, market research and/or needs-based design of its website. Such an evaluation is carried out (even for users who are not logged in), in particular to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you need to contact Google if you wish to exercise this right.

Further information for the purpose and scope of data collection and processing by Google is available at https://policies.google.com/privacy/update?hl=de&gl=de. There you will receive further information about your corresponding rights and configuration options to protect your privacy. Google also processes your personal data in the USA and has submitted itself to the EU-US Privacy Shield.

 

Using Open Street Map

Map sections on the basis of the Open Data Project OpenStreetMap (OSM) are used on our websites.

If you have consented to the data transmission, information about the use of the website (e.g. your IP address) is transmitted to retrieve so-called tiles (map sections). Depending on which tiles are retrieved for this, data can also be transferred to countries outside of Germany and the European Union, resp. the European Economic Area, including the USA. Main server and infrastructure are currently operated in London, UK.

This service is an Open Source service and we have no influence on its data collection and processing. In this connection, the collected data may be transferred to third parties, can be processed for order of third parties and the data can be merged with further data stored about the person of the user, however we have no information about this issue.

You can deactivate the collection of data through the use of OpenStreetMap by not using the map display.

You can find further information about the use of personal data by OpenStreetMap at http://wiki.osmfoundation.org/wiki/Privacy_Policy.  

 

Automated Decision-Finding including Profiling

There is no automated decision-finding including profiling.

 

Rights of the Data Subject: If your personal data are processed, you are the data subject within the meaning of the GDPR and you have the following rights against the data controller: 

Right of Access by the Data Subject: In accordance with Art. 15 GDPR you have the right to request information about your personal data processed by us; in particular you can request information about the processing purposes, the category of the personal data, the categories of recipients to whom your data were or are disclosed, the planned storage period, the existence of a right to correction,  deletion, restriction of processing or contradiction, the existence of a right of appeal, the origin of your data, if these were not collected by us, as well as the existence of an automated decision-making including profiling and, if necessary, meaningful  information about their details.

Right to Rectification: In accordance with Art. 16 GDPR you have the right to request immediate correction of incorrect, or completion of your personal data stored with us.

Right to Erasure (“Right to be Forgotten”): In accordance with Art. 17 GDPR you have the right to request the deletion of personal data stored with us, provided that the processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercising or defence of legal claims.

Right to Restriction of Processing: In accordance with Art. 18 GDPR you have the right to request restriction of the processing of your personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful, but you reject their deletion and we no longer require the data, but you require these for asserting, exercising or defending legal claims or you have entered an objection against the processing in accordance with Art. 21 GDPR.

Right to Data Portability: In accordance with Art. 20 GDPR you have the right to receive your personal data, which you have provided to us, in a structured, common and machine-readable format or to request transmission to another responsible person. 

Right to Lodge a Complaint: In accordance with Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority. As a rule, you can turn to the supervisory authority of your usual residence or workplace or our registered office. In the present case, the responsible supervisory authority is: The Hessian Data Protection Officer, visitors’ address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden, postal address: PO Box 3163, 65021 Wiesbaden, email: Poststelle@datenschutz.hessen.de, Tel.: +49 611 1408 - 0, Fax: +49 611 1408 – 900.

Right to Object: You have the right, for reasons which result from your special situation, to enter an objection against the processing of your personal data, which is carried out on the basis of Art. 6 para.1 lit. f GDPR, at any time.

If your personal data are processed to conduct direct advertising, you have the right to enter an objection at any time against the processing of your personal data for the purpose of such advertising.

Right of Revocation: You have the right to revoke the consent you issued for the processing of your personal data, at any time. By revoking the consent, the legality of the processing conducted prior to such revocation is not affected. You can direct a revocation to the email address given during the registration/order or in any case to info@hessen-agentur.de or by mail by using the above stated address.

 

Security during Data Transmission

During data communication in open networks, such as the Internet, protection of the transmitted data cannot be guaranteed comprehensively by means of current technology, and they cannot be protected completely against access by third parties. Therefore, please do not send us confidential data via the Internet (e.g. via contact form or email) without adequate protection. However, all forms on this website where personal data are recorded, were encrypted with the protocol TSL 1.2. Apart from that we make use of suitable technical and organisational security measures to protect your data against accidental or intentional manipulations, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are improved continuously in accordance with the technological developments.

 

Changes to our Data Protection Regulations

We reserve the right to adjust this Data Protection Declaration occasionally, so that it always complies with the current legal requirements or to implement changes of our services in the Data Protection Declaration, e.g. when introducing new services. The Data Protection Declaration current from time to time applies for your further visits to our website.