Data protection declaration according to § 5 and § 13 German Telemedia Act (Telemediengesetz, TMG) Information according to articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

We hereby inform you about the processing of your personal data by our company and about the claims and rights accruing to yourself under the provisions of the data protection legislation.

Accountable body for data processing

Herth+Buss Fahrzeugteile GmbH & Co. KG
Dieselstraße 2-4
63150 Heusenstamm, Germany
Phone: +49 6104 608 0
Fax: +49 6104 608 333
E-mail: verwaltung@herthundbuss.com
Entered in the commercial register at the Munich District Court: HRB 104599

Company data protection officer:

Herth+Buss Fahrzeugteile GmbH & Co. KG
Dieselstraße 2-4
63150 Heusenstamm, Germany
Data protection officer
Phone: +49 6104 608 400
E-mail: datenschutz@herthundbuss.com

Sources and data for processing personal data

We process personal data that we receive from you in the course of your Internet or social media use or which you have provided us with via the contact form by logging in our database.

Data is stored in server log files, which are collected and automatically saved by the provider and transferred to us for the most part by your browser. These are:

  • Referrer URL
  • Host name of the access computer
  • Date and time of server request
  • Name of requested file
  • Page from which the file was requested
  • Web browser used and operating system used
  • (Complete) IP address of the requesting computer
  • Transferred data volume

We also process other data comparable with the categories mentioned if necessary.

We collect the listed data to ensure a smooth connection to the website and to facilitate convenient use of our website by users. In addition, the log file is used to evaluate system reliability and stability, as well as for administrative purposes. The legal basis for temporary storage of the data or the log files is Art. 6 (1) (f) GDPR.

We currently offer the following social media channels:

In the context of such social media usage, we are able to retrieve statistics on usage from the social media company in question. This can be information on the call-up of pages and associated activities; call-up of individual articles, videos, services (e.g. route planners), etc.; comments, shared content, responses, levels of usage: men and women, origin in terms of country and city, language. The legal basis for calling up the data when using social media is Art. 6 (1) (f) GDPR.

Purpose of processing and legal basis
We process personal data in conformity with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

The legal basis for storage of the data or the log files is Art. 6 (1) (f) GDPR.

Where necessary, we process your data beyond the purposes of fulfilling the contract in order to safeguard our legitimate interests or those of third parties. We collect the listed data to ensure a smooth connection to the website and to facilitate convenient use of our website by users. In addition, the log file is used to evaluate system reliability and stability, as well as for administrative purposes. In addition, we store your data for technical security reasons, particularly to prevent attacks on our Web server.

Examples in this context:

  • Checking and optimising procedures for requirements analysis and direct customer address;
  • Advertising or market and opinion research, e.g. by using cookies, unless you have objected to the usage of your data;
  • Assertion of legal claims and defence in the event of legal disputes;
  • Safeguarding of IT security and IT operations;
  • Measures for business management and further development of services and products.

Social media companies will particularly utilise your usage pattern to create what is known as usage profiles and employ them for the placement of advertising. This generally involves the storage of cookies on your computer.

On the basis of your consent, Art. 6 (1) (1) (1) (a) GDPR and Art. 49 (1) (1) (a) GDPR

Where you provide us with consent for the processing of personal data for specific purposes (e.g. disclosure of data to third parties, evaluation of data for marketing purposes), the lawfulness of such processing shall be deemed to exist on the basis of your consent. Where consent has been given, it can be revoked at any time.
Please note that such revocation will only apply with effect for the future. Any processing performed prior to revocation will not be affected here.
Where you have given social media companies consent regarding specific data processing, this processing shall be performed on the legal basis of Art. 6 (1) (a) GDPR.

On the basis of legal requirements, Art. 6 (1) (c) GDPR, or in the public interest Art. 6 (1) (e) GDPR

We are furthermore subject to various legal obligations, i.e. statutory requirements. If data is processed for such ends, this exclusively takes place as defined by these regulations.

Passing on the data

Within the company, departments that require your data to fulfil our contractual and legal obligations will be provided with such data. Data processors (Art. 28 of the GDPR) commissioned by us can also receive data for the aforementioned purposes. These are companies operating in the following categories: IT services, telecommunications, advice and consulting, sales and marketing.
The following must be noted with regard to the transfer of data to recipients outside the company: we only pass on your data where legal provisions permit or command us to do so, if you have consented to this or where we are authorised to provide the information in question. As defined by these prerequisites, recipients of personal data may include the following, among others:

  • Public authorities and institutions (e.g. public prosecution offices, the police, supervisory authorities) where a legal or official obligation exists.

Further recipients of data may include parties for which you have consented to the transfer of data.

Duration of storage

Where permitted by law, we process and store your personal data, specifically for as long as necessary to fulfil the purposes in question.

Data transfer to third countries

A transfer of data to third countries (countries outside the European Economic Area – EEA) only takes place when this is required to provide our social media channels, where it is a legal requirement or where you have given us your consent to do so. We will inform you separately about the details provided this is required by law.

When availing yourself of our social media channels, please note that data belonging to yourself as a user may be processed outside the EU with your use of our social media channels.

Use of cookies

Our website uses cookies that are stored on your device by the browser and contain certain settings for using the website (e.g. for the ongoing session). Cookies are used to make our website more user-friendly, more effective and secure. Cookies are small text files that are stored on your computer and which your browser stores. Most of the cookies we use are so-called session cookies, which are automatically deleted after the browser is closed. Other cookies remain stored on your device until you permanently delete them or the storage duration expires. These cookies enable us to recognise your browser on your next visit.
The cookies are used to simplify website processes by saving settings (e.g. retaining options that have already been selected). If personal data is also processed by individual cookies implemented by us, processing takes place on the basis of your consent in accordance with Art. 6 (1) (a) GDPR and to ensure the best possible functionality of the website, as well as a customer-friendly and efficient operation when visiting the site.
You can set your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, to rule out the acceptance of cookies in certain cases or generally, and to activate automatic deletion of cookies when you close your browser. The functionality of this website may be restricted if cookies are deactivated.
You can declare a general objection to cookies used for online marketing purposes via the US website http://www.aboutads.info/choices/ or via the EU page http://www.youronlinechoices.com/ .
You can also deactivate the storage of cookies in the settings of your browser. Please note that, in this case, it may not be possible to use all functions of this website.

Contact form and contact by e-mail

If you send us a contact form or e-mail enquiry, your information from the enquiry form or e-mail, including the contact data provided by you there, will be stored with us for processing the enquiry and for any follow-up queries. Your name and e-mail address must be entered. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 (1) (f) GDPR and, where applicable, Art. 6 (1) (b) GDPR, provided that your enquiry is aimed at concluding a contract. Your data will be deleted after final processing of your request, unless statutory retention obligations are contradicted. In the case of Art. 6 (1) (f) GDPR, you may object to the processing of your personal data at any time.

Cavok database
Cavok is a browser-based digital-asset management system (DAM) from our service partner PEAK-14 (PEAK-14 GmbH, Otto-Röhm-Str. 69, 64293 Darmstadt, Germany), which deals with managing content and data. It is used as an image database on our homepage. You have the option of receiving access on request to download image material for our products.
The following data is stored in this access:

  • Complete company name
  • Complete contact name
  • Email address
  • Login name (consisting from customer number_surname, e.g. 1234567_samplemann)

Your name and e-mail address must be entered. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 (1) (f) GDPR and, where applicable, Art. 6 (1) (b) GDPR, provided that your enquiry is aimed at concluding a contract.

Further information on the data processing at our service partner can be found at:
https://www.cavok.pro/de/datenschutz

Google Analytics

On our website, we use the Web analysis service Google Analytics of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, to analyse the use of our website, to compile reports on website activities and to provide further services linked to website use and Internet use. The legal basis is the consent you give pursuant to Art. 6 (1) (a) GDPR or Art. 49 (1) (1) (a) GDPR.
For this service, a cookie is placed on your computer and the user data stored in the process is forwarded to Google and transferred to a server that is generally located in the USA and stored there.
Google uses this information to analyse the use of our online services and in particular to create user statistics with plausible usage profiles. Google Analytics is only used with activated IP anonymisation, which means that the IP address of Google users is shortened within member states of the European Union or in other member states of the Agreement on the European Economic Area. However, transfer of the full IP address to a Google server in the USA cannot be ruled out. Users can prevent the storage by cookies by denying their consent or by setting their browser software accordingly. Furthermore, they can prevent the data stored by the cookie from being transferred to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information can be found in the Google privacy policy: https://policies.google.com/technologies/ads.

Google marketing services
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the scope of Art. 6 (1) (f) GDPR), we use marketing and remarketing services (Google marketing services) of Google Ireland Limited (Gordon House, Barrow Street, iTunes 4, Ireland), ("Google").
The Google marketing services enable us to display advertisements for and on our website in a more targeted manner, in order to only present advertisements that could be of potential interest to the user. For this purpose, cookies can be set by various domains, including google.com or double-click.net. This file notes which websites the user is looking for, the content they are interested in and which services they have clicked on, as well as technical information on the browser and operating system, related websites, visit time and other information on the use of the website. The IP address of users is also recorded, whereby, within the framework of Google Analytics, the IP address is truncated within member states of the European Union or member states of the Agreement on the European Economic Area and is only transferred to a Google server in the USA and shortened there in exceptional cases.
Users' data is processed pseudonymously as part of Google marketing services. In other words, Google does not store and processes the user's name or e-mail address, for example, but processes the relevant data in a cookie-based manner within pseudonymous user profiles. This does not apply if an user has expressly permitted Google to process the data without this pseudonymisation.
We can integrate advertisements from third parties on the basis of the Google marketing service "DoubleClick". DoubleClick uses cookies that enable Google and its partner websites to be used to position advertisements based on users' visits to this website or other websites on the Internet.
We can also use the Google Tag Manager to integrate and manage the Google analysis and marketing services in our website.
Further information on data use for marketing purposes by Google can be found on the overview page: https://policies.google.com/technologies/ads
You can find the Google privacy statement at https://policies.google.com/privacy
If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/authenticated

Google Maps
We use the Google Maps service on this website. This enables us to display interactive maps directly on the website and enable convenient use of the map function.
When you visit the website, Google receives information that you have called up the corresponding sub-page of our website. The data specified in this privacy policy is transmitted, regardless of whether you have a user account with Google that you are logged in with, or whether there is no user account. If you are logged in with Google, your data will be assigned directly to your account. If you do not wish the information to be assigned to your profile with Google, you must log out before activating the button. User profiles are stored by Google and used for the purposes of advertising, market research and/or demand-based design of the website. Such an evaluation will be used to provide tailored advertising and to inform other users of the social network about your activities on the website. You have the right to object to the formation of these user profiles and you must contact Google to log the objection.
Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the provider's data privacy statements. There, you will also receive further information on your rights and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy
Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
An opt-out can be implemented using the following link: https://adssettings.google.com/authenticated

Social plug-ins
On the basis of our legitimate interests, i.e. interest in the analysis, optimisation and efficient operation of our website, within the meaning of Art. 6 (1) (f) GDPR, we use social plug-ins. When you visit our site, a direct connection is established between your browser and the Facebook server via the plug-in. Facebook receives information that you have visited our site with your IP address. If you click on Facebook while you are logged into your account, you can link the content of our pages on your Facebook profile. This enables the visit to our site to be assigned to your user profile. If you are not a member of Facebook, it is nevertheless possible for Facebook to obtain and store your IP address. According to Facebook, only an anonymized IP address is stored in Germany. If you do not want Facebook to collect data via this online service, you must log out on Facebook before using our website and delete your cookies.
As a provider of the website, we have no knowledge of the content of the transferred data and their use by Facebook. Further information can be found in the Facebook privacy policy at https://de-de.facebook.com/policy.php.
In addition to Facebook plug-in, we also use plug-ins from Xing and Kununu. The above also applies here.
As a provider of the website, we have no knowledge of the content of the transferred data and their use by NEW WORK SE. For further information, refer to the data protection declaration of Xing and Kununu at https://privacy.xing.com/de/datenschutzerklaerung.

Youtube
In the context of the legitimate interests pursuant to Art. 6 (1) (1) (f) GDPR, YouTube videos have been incorporated into our online service, which are stored on http://www.youtube.com and can be played directly from our homepage. The integration (plug-in) serves to make our websites appealing.
YouTube is a service provided by the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you call up the website provided with such a plug-in, a connection to the YouTube servers is established and the plug-in is displayed. This transmits to the YouTube server that you have visited our website. If you are a member of YouTube, YouTube assigns this information to your personal user account. When using the plug-in, e.g. clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment if you log out of your YouTube user account and other user accounts of YouTube LLC and Google Inc. before using our website and delete the corresponding cookies of the companies.
The data collected by the cookies is usually sent to a server in the USA and stored there. In the event of transfer of data to the USA, data transmission is based on valid standard contractual clauses.
Further information on data processing and information on data protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.

Userlike Chat
Within the framework of our legitimate interest pursuant to Art. 6 (1) (1) GDPR, we use the chat software from Userlike UG (limited liability), Probsteigasse 44- 46, 50670 Cologne, Germany.
You can use the chat function like a contact form to chat with our employees in real time. When the chat starts, the following personal data is available:

  • date and time of call,
  • browser type/version,
  • IP address
  • operating system used,
  • URL of the website previously visited,
  • quantity of sent data.

And if specified: First name, surname and e-mail address.
Depending on the course of conversation with our employees, other personal data entered by you may be provided in the chat. The type of data is heavily dependent on your enquiry or the problem that you tell us about. Processing all of this data serves to provide you with a fast and efficient contact option and thus improve our customer service.
When our homepage is accessed, the chat widget is loaded in the form of an AWS Cloudfront JavaScript file. The chat widget is technically the source code that is run on your computer and enables the chat.
The purpose of saving the chat data is also to ensure the security of our information technology systems. This also represents our legitimate interest, which is why processing in accordance with Art. 6 (1) (f) GDPR is permissible.

You can find further information here: http://www.userlike.com/terms#privacy-policy

Your rights

Below, you will find information on the rights under the applicable data protection law granted to you as the affected party with regard to the processing of your personal data:

Right to information:
The right to request information about your personal data processed by us in accordance with Art. 15 GDPR.

Right to correction:
The right, in accordance with Art. 16 GDPR, to immediately request the correction or completion of your personal data stored by us.

Right to deletion:
The right to demand the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

Right to restriction of processing:
The right to demand the limitation of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you reject the option of having it deleted and we no longer need the data, but you need this data to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.

Right to data portability pursuant to Art. 20 GDPR:
You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another data controller if this is technically feasible

Right to lodge a complaint:
You have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. You can usually contact the supervisory authority for the Federal State of our headquarters or, if necessary, that of your usual place of residence or workplace.

Right of revocation:
Right to revoke consents granted in accordance with Art. 7 (3) GDPR: You have the right to revoke consent once granted to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned promptly, providing there is no legal basis for continued processing without consent. The legality of the processing carried out on the basis of the consent until the revocation is not affected by the revocation of the consent;

We would like to point out here that your rights as a data subject in conjunction with your social media usage can be most easily asserted against the social media company.
On Facebook, you can find further information at: https://www.facebook.com/legal/terms/information_about_page_insights_data
With Xing and Kununu, further information can be found at: https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen
On YouTube, you can find further information at: https://policies.google.com/privacy?hl=de#infocollect

Right to object
For reasons arising from your particular situation, you have the right to object at any time to the processing of your own personal data that takes place in accordance with Art. 6 (1) (e) GDPR (data processing in the public interest) and Art. 6 (1) (f) of the General Data Protection Regulation (data processing based on the evaluation and balancing of interests). This also applies to profiling as based on this provision and defined by Art. 4 (4) GDPR.
Should you object to processing, we will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Such objection need not take any set form and should be addressed, where possible, to:

Herth+Buss Fahrzeugteile GmbH & Co. KG
Dieselstraße 2-4
63150 Heusenstamm, Germany
Data protection officer
Phone: +49 6104 608 400
E-mail address: datenschutz@herthundbuss.com
We would like to point out here that your rights as a data subject in conjunction with your social media usage can be most easily asserted against the social media company.
On Facebook, you can find further information at: https://www.facebook.com/legal/terms/information_about_page_insights_data
With Xing and Kununu, further information can be found at: https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen
For YouTube, you can find further information at: https://policies.google.com/privacy?hl=de#infocollect

Obligation to provide data
In the context of usage of the Internet or social media, you are only obliged to provide the personal data required for usage or which we are obliged by law to collect. Without this data, practical usage may be restricted or rendered impossible.

External links
Where other websites are linked, we have no influence or control over the linked content or the data protection provisions there. When calling up linked websites, we recommend checking the data protection statements of these websites in order to determine whether and to what extent personal data is collected, processed, used or made accessible to third parties.

Automated decision-making in individual cases
Fully automated decision-making as defined by Art. 22 GDPR does not take place. Should we make use of such procedures in individual cases, we will inform you of this separately where required to do so by law.

Data use for profile formation (scoring)
We do not process your data with the objective of evaluating specific personal characteristics (profiling). Within the framework of data collections through tracking services, your data will be used to evaluate your usage behaviour and possibly to create movement profiles.

Other
We would like to inform you here about additional options for the protection of your rights, the selection of settings and the protection of your privacy in the case of social media companies.
Information on Facebook: https://www.facebook.com/about/privacy/
and in “Information about Page Insights data”: https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-out: https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com