Privacy Statement
1.Subject matter of this privacy statement
We are Hettich UK of Unit 200, Metroplex Business Park, Broadway, Salford, M50 2UE. Protecting your personal data is important to us. This privacy statement tells you about personal data we collect when you visit the Hettich website and/or buy products from our online shop and how we process or use this data.
Some of the terms used in this privacy statement are technical so we have added a glossary at the end of this statement (see clause 15) to help you understand these terms.
2.Collecting and using your data
a) Automatically generated data
If you only visit our website to obtain information, data will automatically be collected in non-personal form. This relates to the following data:
- date and time of opening one of our web pages
- country of origin, language setting
- the type of your browser and your operating system
- the page you last visited
- access status (file transferred, file not found etc.)
- the time spent on our web pages as well as
- your IP address.
This data is collected and processed to make it at all possible for you to use the web pages you have opened, for statistical purposes as well as to improve the content and functionalities of our web pages. This data is processed anonymously, i.e. it is never matched up to your person.
b) Use of your Personal data
Your personal data will only be collected if you make it available to us, e.g. as part of registering to receive our newsletter, ordering products or services or by requesting images from our image database.
The data you provide will only be used for completing the activities you request, e.g. for completing orders or for providing the images you have requested from our image database.
Personal data will be collected when you contact us (e.g. by filling a contact form). The contact form shows what personal data will be collected when you contact us. This data will only be used for the purpose of making contact and for handling your specific request unless you are a potential business customer, in which case, your data may be added to our CRM.
In order to lawfully process your personal data we have to have a legal ground for doing so. When we complete an order for products our legal ground is the completion of our contract with you (if you are a consumer) or our legitimate interests (if you are acting on behalf of a company or other organisation).
When you contact us by filling in a contact form our legal ground for processing the personal data in that form is our legitimate interest.
We will only send you our newsletter on your request so our legal ground for this processing is consent.
You can withdraw your consent at any time with immediate effect for the future. Please submit your withdrawal of consent to the address in clause 7.
The only other ways in which we might process your personal data is if we have a legal obligation to do so.
3. Third-party access to your personal data
Personal data will be processed ether by us or by other companies belonging to the Hettich Group (“affiliated companies”).
To process orders, your personal data may be passed on to service providers supporting us (e.g. shipping, logistics and payment service providers).
If we grant you any credit period we pass your personal data to a credit reference agency in order to obtain information on creditworthiness.
We will make sure that our affiliated companies and the service providers we work with comply with data protection law and the obligations arising from this privacy statement.
The service providers we use may also receive data for the purposes of providing their services to us. These are IT services providers, PR and marketing agencies as well as telecommunications and CRM providers. Our service providers are carefully selected and regularly monitored by us. They only process personal data on our behalf and in strict accordance with our instructions on the basis of relevant processor contracts.
Other than those referred to above and any governmental or similar agency that has a legal right to it, no third party will have access to your personal data. In particular, we will neither sell them nor will we utilise them in any other way.
4.Use of cookies
We use cookies for our website. Cookies are small text files that are sent from our web server to your browser when you visit one of our web pages and saved by your browser on your computer. We use “permanent cookies” as well as “session cookies”.
The data stored in permanent cookies (stored for a maximum of 12 months) have the purpose of automatically recognising your computer the next time you open one of our web pages and of displaying information geared specifically to your interests.
The data filed in session cookies have the purpose of providing you with unrestricted usage of our services as well as making our web pages as convenient as possible to use while you are visiting our website. Session cookies are deleted as soon as you close your browser.
No personal data are stored in the cookies we use. We do not use any technologies either that associate information accruing through cookies with your personal data.
Settings in your browser let you yourself determine whether cookies are set and retrieved. In your browser, for example, you can completely deactivate cookies being stored, restrict such to specific web pages or configure your browser so that it automatically notifies you as soon as a cookie is to be set and you request feedback. If you deactivate session cookies you may not be able to use all of the functions provided by our web pages.
5. Web analysis service
We attach importance to optimising our web pages and making them attractive for our visitors. This makes it necessary for us to evaluate our web pages. To do this, we use the services of eTracker GmbH (www.etracker.com).
eTracker GmbH’s technologies collect and store data for marketing and optimisation purposes. From these data, usage profiles are generated under a pseudonym. Cookies can be used for this purpose (for information on the term “cookie”, refer to clause 4).
You can prevent data from being collected and stored by eTracker GmbH at any time with immediate effect for the future.
This is where you will find further information on data privacy at etracker here.
6. Retention of your personal data
Order details: Once your order has been fulfilled we will keep your personal data (as part of your order details) for a further seven years.
Contact forms: Once your request has been dealt with in full your data will be erased but your contact information may be entered into our CRM.
Newsletters: If you subscribe to our newsletters we will keep your personal data until you unsubscribe at which point it will be allocated to an “unsubscribed” list to ensure we don’t accidentally send you further newsletters.
7. Use of your data for direct advertising (newsletter)
Our website and sub-pages give you the opportunity to register for various newsletters.
To register for our newsletter, we use the double opt-in procedure. This means that after registration, we send you a message to the e-mail address you gave us in which we ask you to confirm your registration. If you do not confirm your registration, it will be automatically deleted.
When you register for the newsletter, we store your IP address as well as the date and time of your registration in order to trace any potential misuse of your e-mail address at a later time.
With immediate effect for the future, you can at any time withdraw your consent to the newsletter being sent. You can withdraw your consent via the link provided in every newsletter or by emailing: info@uk.hettich.com.
Our newsletters contain a click-tracking script. This click-tracking script is used to record a log file or analyse a log file. The embedded click-tracking script tells us whether and when you have opened an e-mail and which links in the e-mail you have clicked. Personal data collected via the click-tracking script contained in the newsletters is saved and evaluated by us in order to optimise delivery of our newsletters and match the content of future newsletter to your interests even better.
8. Social Media
We do not use any automatically activated plug-ins from social media platforms (“social media plug-ins”) on our website.
The buttons for our social media pages, such as Facebook, Twitter, Xing or Instagram, are merely links that direct users to the corresponding provider’s page. Furthermore, our website contains elements known as news boxes, which link to our pages on social media platforms. These news boxes – which are marked with the logo for the corresponding social media site – are also only links.
The integration of these buttons and news boxes in our website does not mean that any personal data is sent to the provider of these social media platforms when you open our website.
You will be directed to the corresponding social media page when you click on these buttons or news boxes (see clause 9 below for more details about third-party websites).
9. Links to third-party websites
This website contains links to websites of third parties (e.g. our sales partners or social media providers). Once you have clicked on the link, we no longer have any influence over the way any personal data sent as a result of clicking on the third party’s link (e.g. your IP address) is collected, processed and used as we have no control over the third party’s conduct. We have no responsibility for the processing of such personal data by third parties.
10. External services
We incorporate external services or contents (e.g. map service providers) on our website. If you use services of this type or if contents from third parties are displayed to you, communication data will be exchanged between you and the relevant provider for technical reasons.
The provider of the particular third-party services or contents may sometimes also process your data for further purposes of their own. As we have no influence on the data collected by third parties or on the way in which they process it, we cannot provide any binding information on the purpose for which or the extent to which your personal data is processed.
For further information on the purpose for which and the extent to which your data is collected and processed, please refer to the data privacy information given by the providers of the services and contents we incorporate.
11. Your rights
You have the following rights in relation to your personal data:
Right to revoke consent
If we process personal data on the basis of your consent, you have the legal right to revoke such consent at any time. We will then cease the relevant processing activity going forward. To revoke your consent to receive marketing emails please email us at info@uk.hettich.com or click on the unsubscribe option at the bottom of any one of those emails.
Right of access to your information
If you want to know what personal data we have collected or process about you, you may request us to provide a copy of your personal data by sending an email to info@uk.hettich.com. We will ask you to identify yourself. Once you have identified yourself, we will provide the requested personal data as soon as reasonably possible however, we will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.
Right to rectification and erasure of data, and restriction of processing
If you believe that our processing of your personal data is incorrect, inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you think that your data is stored longer than necessary, you may ask us to change or remove such personal data or restrict such processing activity, by sending an email to info@uk.hettich.com.
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format. If you want a copy of your personal data in this format please email us at info@uk.hettich.com.
Right to object
You have the legal right to object, on grounds relating to your particular personal situation, at any time to processing of your personal data. Furthermore, you have the right to object at any time to our processing of your personal data for direct marketing purposes or to profiling.
Opting out of marketing
You can opt out of receiving marketing messages from us by using the “unsubscribe” option we provide in the relevant direct marketing message or by sending an email to info@uk.hettich.com, or writing to:
Marketing Team, Hettich UK, Unit 200, Metroplex Business Park, Broadway, Salford M50 2UE
For the sake of clarity: we are at all times entitled to send you messages that do not constitute direct marketing, i.e. service messages even if you have opted out of receipt of our marketing messages.
General information relevant for all requests and queries
We will use reasonable endeavours to respond to your request or query within one month. We are entitled to extend this term by up to two months if the complexity of the situation so requires. If this is the case, we will let you know.
If your request is manifestly unfounded or excessive we may either (i) charge you a fee, or (ii) refuse to process your request. With respect to access requests we may also charge you for extra copies.
If we decide not to honour your request or answer your query, we will explain our reasons for doing so in our reply.
Direct Advertising
In individual cases, we process your personal data to carry out direct advertising. You have the right at any time to file an objection to your personal data being processed for the purpose of advertising of this type; this shall also apply to profiling insofar as this is in connection with such direct advertising.
If you object to processing for purposes of direct advertising, we shall no longer process your personal data for these purposes.
The objection can be made informally using the term “Objection” and indicating your name, address and date of birth, and should be addressed to: info@uk.hettich.com
Your right to complain
We are committed to resolve any complaints about our collection or use of your personal data. In case you have any questions in relation to this privacy statement or our practices in relation to your personal data please send an email to info@uk.hettich.com.
We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you have the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office. You can find their contact details at: www.ico.org.uk
Changes to this privacy statement
We have done our best to make sure that this privacy statement explains the way in which we process your personal data, and rights you have in relation thereto. We may change this privacy statement from time to time to make sure it is still up to date. We may also notify you in other ways from time to time about the processing of your personal information.
12. Glossary
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Personal Data means any information that relates to an identifiable living individual.
Processing means collecting, storing, using, disclosing or destroying personal data.