Privacy statement of Hansecontrol

Date of last revision: 09.20.21


Since 25 May 2018, the uniform privacy requirements of the EU General Data Protection Regulation (GDPR) have been in force throughout Europe. The purpose of the following privacy statement is to inform you about the processing of personal data carried out by the test institute Hansecontrol GmbH (“Hansecontrol" and/or “We” and/or “Data Controller”) in accordance with the GDPR and the German Federal Data Protection Act (BDSG 2018).

Please read our data protection information carefully. If you have any questions or comments about our data protection information, please feel free to contact us at privacy.de@hansecontrol.com.


Content

1. Name and contact details of the data controller

2. Contact details of the data protection officer

3. Purpose of data processing, legal bases and legitimate interests pursued by the data controller or a third party, along with categories of recipient

3.1. Accessing our websites/applications

3.1.1. Log files

3.1.2. Google Web Fonts

3.2. Cookies, tracking, social media plug-ins

3.3. Data processing for dispatch of the newsletter

3.4. Contacting us

4. Your rights

5. Right to object

6. Right of revocation


1. Name and contact details of the data controller

This data protection information applies to data processing by

Prüfinstitut Hansecontrol GmbH and Hansecontrol Zertifizierungsgesellschaft mbH
Schleidenstrasse 1
22083 Hamburg
Germany

Represented by Managing Director, Ostrowski, Hervé

+49 (0)40 600 202 778
info@hansecontrol.com

Websites:
certificate.hansecontrol.com


2. Contact details of the data protection officer

The data protection officer(s) of the Data Controller can be contacted at

Prüfinstitut Hansecontrol GmbH
Schleidenstrasse 1
22083 Hamburg
Germany

privacy.de@hansecontrol.com


3. Purpose of data processing, legal bases and legitimate interests pursued by the data controller or a third party, along with categories of recipient

3.1. Accessing our websites/applications

3.1.1. Log files

Every time you access websites/applications, information is sent to the server of our website/application by the Internet browser of your end device and temporarily stored in what are known as log files. The records stored contain the following data, which are stored until they are automatically deleted: Date and time of access; name of the page accessed; IP address of the requesting device; referrer URL (the URL from which you accessed our websites); the amount of data transferred; loading time; and the product and version information of the browser you have used along with the name of your access provider. The IP addresses are stored in anonymized form. To render them anonymous, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are anonymized in the same way.

The legal basis for processing the IP address is Article 6 (1) (f) GDPR. Our legitimate interest arises from the need

  • to ensure that you can connect to the site without difficulty,
  • to ensure that your use of our website/application is as easy as possible,
  • to evaluate system security and stability.


It is impossible to directly infer your identity from the information, nor do we make any attempt to do so

The data will be stored and automatically deleted once the aforementioned purposes have been achieved. The time limits for deletion are based on the criterion of necessity.


3.1.2. Google Web Fonts

This page uses web fonts provided by Google to display fonts in a consistent way. When you visit a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly.

For this purpose, the browser you are using must connect to Google’s servers. This will make Google aware that our website has been accessed via your IP address. The use of Google web fonts allows us to present our websites in a uniform and attractive way. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

If your browser does not support web fonts, your computer will use a default font.

You can find out more about Google web fonts at https://developers.google.com/fonts/faq and in the Google privacy policy: https://policies.google.com/privacy?hl=de.


3.2. Cookies, tracking, social media plug-ins

We use cookies, tracking tools, targeting procedures, and social media plug-ins for our website/application. The exact methods involved and how your data are used for this purpose are explained in detail below.

Google Analytics

We have implemented Google Analytics on this website.

Google Analytics is a website analysis service. Website analysis refers to the collection, recording and analysis of data regarding the behavior of visitors to the website. A website analysis service records e.g. data showing from which website a data subject has come to a website (so-called referrer), which subpages of the website were accessed or how often and how long a subpage was viewed. Website analysis is used mainly for the optimization of a website and for a cost-benefit analysis of Internet adverting.

Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is the operator of the Google Analytics component.

Google Analytics uses cookies. After you give your consent for the use of the Google Analytics cookies, the information about your use of our website generated by the Google Analytics cookie is normally transmitted to a Google server in the USA and stored there. Google might disclose these personal data collected via the technical procedure to third parties.

However, when you by activate IP anonymization on our website, Google shortens your IP address within the Member States of the European Union or in other countries that are parties to the European Marketing Area Treaty. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google uses this information to analyze your use of the website in order to compile a report about your website activities and provide us with other services associated with your website and Internet use. The IP address of your browser transmitted by Google Analytics is not linked to any other Google data.

This website also uses the UserID functions of Analytics in order to be able to track interaction data. This User ID is also anonymized and encrypted and is not linked to other data.

You may also prevent the storage of cookies by setting your browser software accordingly, but you might then not be able to fully use all functions of our website.

You may furthermore prevent the disclosure of the data generated by the cookie which refer to the use of the website (incl. your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

This browser add-on notifies Google Analytics via JavaScript that no data or information about website visitors may be transmitted to Google Analytics.

Besides, a cookie left behind by Google Analytics may be erased at any time via the Internet browser or other software programs.

Additional information and the applicable privacy policy of Google may be found in Google Analytics Privacy Policy.
 

3.3. Data processing for dispatch of the newsletter

On our websites/applications, you have the option to sign up for our newsletters. To avoid mistakes when you enter your email address, we use what is known as the double-opt-in procedure (DOI procedure): After you have entered your email address in the registration field, we will send a confirmation link to the address provided. Only when you have clicked on this confirmation link will your email address be included in our newsletter mailing list. The legal basis for this data processing is your consent.

Your data are jointly processed by Hansecontrol and its parent company QIMA Limited. They are made available to Hansecontrol’s and QIMA Limited’s communication team.

Your email address is retained for the period of time that is necessary to fulfil the original purpose for which is was collected, or until you opt-out of our newsletters services. 

Information on your right of revocation

You can revoke your consent at any time with permanent effect by mailing us at privacy.de@hansecontrol.com; you also have the option to unsubscribe at the end of every newsletter.


3.4. Contacting us

You have various options for contacting us. By email, by phone, through the contact form, and by mail. If you contact us, we will use the personal data that you voluntarily provide to us in this context for the purpose of contacting you and processing your request.

The personal data that you voluntarily provide to us in the context of inquiring about our services is jointly processed by Hansecontrol and its parent company QIMA Limited on the basis of your consent.

The beneficiaries of your personal data will be Hansecontrol’s employees, parent company and affiliates. 

Your data will be transferred outside the European Economic Area, to the USA. In the context of this transfer, your rights and interests as regards your data are guaranteed and protected as a result of the standard contractual clauses from the European Commission which have been inserted in the contracts we have entered into with the entities to which your data is being transferred. In particular, Hansecontrol’s parent company QIMA Limited might process your personal data on the basis of its legitimate interest to identify and to analyse data related to prospects to develop the business. You can access the privacy policy of QIMA Limited here.

Your data is retained by Hansecontrol for the period of time that is necessary to fulfil the original purpose for which is was collected, which is generally a period of 3 years from the last contact between Hansecontrol and you.


4. Your rights

In addition to the right to revoke any consent you have granted to us, you are also entitled, if the relevant legal requirements are met, to the following additional rights:

  • The right to information on your personal data stored by us (Art. 15 GDPR); you can in particular require information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or are to be disclosed, or the planned storage period, and – unless they were obtained directly from you – the origin of your data;
  • The right to rectification of incorrect data or completion of correct data (Art. 16 GDPR);
  • The right to erasure of any data on your person stored by us (Art. 17 GDPR),, insofar as we are not obliged to comply with statutory or contractual retention periods or other legal obligations or rights to extended storage; 

  • The right to restrict the processing of your data (Art. 18 GDPR), insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you nonetheless decline to have the data deleted, the Controller no longer needs the data, but you need it to assert, exercise or defend legal claims, or you have objected to the processing in accordance with Article 21 GDPR;
  • The right to data portability in accordance with Article 20 GDPR, i.e. the right to the transfer of selected data on your person that are stored by us in a common, machine-readable format or to demand their transmission to another controller;
  • The right to lodge a complaint with a supervisory authority.. As a rule, you can contact the competent supervisory authority for your usual place of residence or workplace or our registered office.

You can exercise the aforementioned rights to which you are entitled by writing to privacy.de@hansecontrol.com. You can exercise the right to data portability by writing to privacy.de@hansecontrol.com.


5. Right to object

Under the conditions of Article 21(1) GDPR, you may object to data processing for reasons arising from your particular situation as data subject.

The aforementioned general right to object applies to all processing purposes based on Article 6(1)(f) GDPR that are described in this data protection information. Unlike the special right to object that is directed at data processing for advertising purposes (see 3.3. Data processing for dispatch of the newsletter above), we are obliged under the GDPR to implement such a general objection only if you give us reasons of overriding importance to do so (e.g. a possible danger to life or health).


6. Right of revocation

Insofar as we process data on the basis of your consent, you have the right to revoke that consent at any time. The revocation of consent does not mean that the data processing carried out on the basis of that consent up to the point of revocation will become ineffective.