top of page

Privacy Policy

This is a privacy policy statement. Data protection is an important component of any website. This template contains sample texts and is not final; it must not be published as is. Depending on the features of your website, the wording of your privacy policy may vary. Please adapt this text accordingly. A privacy policy must list all third-party components used on your website. Make sure that the link to the privacy policy is accessible from every page of your website. 

​

Definitions

With regard to the terms used in this Privacy Policy—such as "processing", "controller", or "processor"—we refer, in addition to the definitions provided below, to the definitions found in particular in Article 4 of the General Data Protection Regulation (GDPR).

The following terminology is used in this Privacy Policy and on our website:

a) Personal Data

Personal data refers to any information relating to an identified or identifiable natural person. A person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to identifiers such as a name, customer or identification number, location data, online identifiers (e.g., cookies), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

b) Data Subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means. This includes, but is not limited to: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.

d) Restriction of Processing

Restriction of processing means the marking of stored personal data with the aim of limiting its future processing. This is particularly useful when data cannot be deleted due to legal obligations (e.g., statutory retention periods).

e) Profiling

Profiling refers to any form of automated processing of personal data consisting of the use of personal data to evaluate, analyze, or predict certain personal aspects relating to a natural person. These aspects may include work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information. Provided that such additional information is kept separately and subject to technical and organizational measures to ensure non-attribution, pseudonymized data cannot be traced back to a specific individual.

g) Controller / Responsible Party

The controller or responsible party is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, public authority, agency, or another body, to whom or to which personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third Party

A third party is any natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them for a specific purpose.

l) Cookies

Cookies are text files stored on the user’s device by their web browser. Cookies may contain various types of information and primarily serve to store data related to a user or their device—either during a session or for future visits.
Session cookies are temporary and are deleted once the user leaves the website and closes their browser. For example, a session cookie might store the contents of a shopping cart or login status.
Persistent cookies, on the other hand, remain stored even after the browser is closed. These may store user preferences or interests for purposes such as audience measurement or marketing.
Cookies may also be placed by third-party providers rather than the website operator.

​

Scope of the Right to Access

Pursuant to Article 15(1) of the GDPR, you have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is not the case or if the data has been anonymized, we will provide a negative response accordingly.

In addition, as a data subject, you have the right to request specific information about which personal data we are processing (e.g., name, address, date of birth, occupation, bank details, religious affiliation, etc.).
Note: To process your request, we require precise information regarding the subject matter of your inquiry and must be able to clearly identify you.

Upon request, and to the extent not already evident from this privacy policy, we are happy to provide the following information in accordance with Article 15(1) of the GDPR:

  • The purposes of the processing

  • The categories of personal data being processed

  • The recipients or categories of recipients to whom personal data has been or will be disclosed

  • The planned or specified retention period

  • The right to rectification, erasure, or restriction of processing

  • The right to object to processing pursuant to Article 21 of the GDPR

  • The right to lodge a complaint with a supervisory authority

  • The source of the data, if not collected directly from the data subject

  • The existence of automated decision-making, including profiling, and—where applicable—meaningful information about the logic involved, as well as the significance and intended consequences of such processing

  • If applicable, data transfers to third countries and the safeguards pursuant to Article 46 of the GDPR

You are not entitled to access if providing such information would conflict with a legal obligation of confidentiality or if other overriding legitimate interests, particularly those of a third party, require that the data be kept confidential. However, access may still be required if, for example, your interests outweigh the confidentiality interests, especially in light of potential harm.

Furthermore, the right to access is excluded if the data is retained solely because it must not be deleted due to statutory or contractual retention obligations, or if it is used solely for the purposes of data backup or data protection control—provided that granting access would involve a disproportionate effort and processing for other purposes is prevented through appropriate technical and organizational measures.

​

Controller

Huisman GmbH
An der Wiek 19
26689 Apen
Germany

Phone: +49 4489 935505
Email: info@huisman-gmbh.de
Website: www.huisman-gmbh.de
Contact Person: Johann Huisman

​

Purpose of Processing

The processing of personal data is justified and necessary in accordance with Article 6(1)(f) GDPR in order to provide visitors with access to this online service, including its features and content (e.g., to ensure fast page loading, enable user-friendly interaction, guarantee system security and stability, and support the administration and improvement of the website). Processing is explicitly not carried out for the purpose of drawing conclusions about the identity of website visitors.

Only when a visitor voluntarily submits personal data (e.g., through contact forms or communication), does further processing take place—for instance, to respond to inquiries or communicate with users. For the purposes of audience measurement and marketing, we use a combination of all available data within the legally permitted scope.

​

Categories of Personal Data and Data Subjects

When accessing our online service, data is automatically transmitted by the internet browser used by the visitor to the server hosting our online offering. This data is temporarily stored in a log file until it is automatically deleted. The following data is collected and stored without any action on the part of the visitor:

  • IP address of the visitor’s device

  • Date and time of access

  • Name and URL of the accessed page

  • Referrer URL (the website from which the visitor arrived)

  • Browser used, operating system of the visitor’s device, and the name of the visitor’s internet service provider

Categories of personal data processed by us or our data processors include:

  • Address data (e.g., name, street address, postal code, city, possibly place of work)

  • Contact data (e.g., email address(es), phone number(s))

  • Content data (e.g., text entries, photographs, images, videos, documents)

  • Usage data (e.g., visited websites, interest in content, access times)

  • Meta/communication data (e.g., device information, IP addresses)

Categories of data subjects:
Customers, visitors/guests, and other users of the online service (collectively referred to hereinafter as "data subjects", "customers", "visitors", or "users").

​

Contractual or Business-Related Processing

In addition, we process the following categories of personal data from our customers, prospective clients, and business partners for the purpose of fulfilling contractual obligations, providing services and customer support, and for marketing, advertising, and market research:

  • Contract data (e.g., subject of the contract, term, customer category)

  • Payment data (e.g., bank details, payment history)

​

Right to Object
According to Article 21 of the GDPR, you have the right to object at any time to the future processing of your personal data concerning you. The objection may, in particular, be made against processing for direct marketing purposes.

If the processing is based on Article 6(1)(e) GDPR (performance of a task carried out in the public interest or in the exercise of official authority) or Article 6(1)(f) GDPR (legitimate interests of the controller or a third party), you have the right to object at any time to the processing of your personal data concerning you for reasons arising from your particular situation. This also applies to profiling based on Article 6(1)(e) or (f) GDPR.

Upon exercising your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

Right to Object to Direct Marketing

You may object at any time to the processing of your personal data for direct marketing purposes. This also applies to profiling related to such direct marketing. After you exercise this right to object, we will no longer use your personal data for direct marketing purposes. You can communicate your objection informally to our company by phone, email, fax (if applicable), or by mail using the contact details provided in this privacy policy.

​

Right to Object to the Use of Cookies
We or third parties commissioned by us may use temporary and permanent cookies for marketing purposes and inform you about this pursuant to Article 13(1) of the German Telemedia Act (TMG) when you access our online services and/or in this privacy policy.

If you do not want cookies to be stored on your device, please disable the corresponding option in your browser settings. Stored cookies can be deleted in your browser settings. However, disabling cookies may lead to functional limitations of this online offer (cookies may be necessary even for simple functions such as displaying the navigation menu).

A general objection to the use of cookies for online marketing purposes can be declared for many services (e.g., at http://www.aboutads.info/choices/ or http://www.youronlinechoices.com/). Furthermore, cookie storage can be generally disabled in your browser settings. Please note that in this case, many online services may not be fully usable without restrictions.

​

Right to Erasure and Restriction
According to Article 17 of the GDPR, you have the right to erasure ("right to be forgotten") provided that the processing is not necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, or for the performance of a task carried out in the public interest, and one of the following reasons applies:

  • The personal data are no longer necessary in relation to the purposes for which they were processed.

  • The legal basis for the processing was solely your consent, which you have withdrawn.

  • You have objected to the processing of your personal data that we have made public.

  • You have objected to the processing of personal data that we have not made public, and there are no overriding legitimate grounds for the processing.

  • Your personal data have been unlawfully processed.

  • The erasure of personal data is necessary to fulfill a legal obligation to which we are subject.

There is no entitlement to erasure if the erasure is not possible or only possible with disproportionate effort due to the special nature of lawful, non-automated data processing, and your interest in erasure is minor. In this case, the restriction of processing under Article 18 GDPR shall replace erasure.

You may request the restriction of processing if one of the following reasons applies:

  • You dispute the accuracy of the personal data. The restriction may be requested for the duration that allows us to verify the accuracy of the data.

  • The processing is unlawful, and instead of erasure, you request the restriction of the use of your personal data. Your personal data are no longer needed by us for the purposes of processing but are required by you for the establishment, exercise, or defense of legal claims.

  • You have objected pursuant to Article 21(1) GDPR. The restriction of processing may be requested for the period during which it is not yet clear whether our legitimate grounds override your reasons.

Restriction of processing means that personal data will only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest. Before lifting the restriction, we are obligated to inform you.

​

Right to Rectification
Pursuant to Article 16 of the GDPR, you have the right to request the completion of the personal data concerning you or the correction of inaccurate personal data concerning you.

​

Complaint
If you believe that the processing of your personal data is unlawful, you have the right under Article 77 of the GDPR to lodge a complaint with a supervisory authority responsible for data protection at the location of your residence, workplace, or the alleged infringement (usually the state data protection authorities or comparable institutions). A list of addresses can be found here.

​

Right to Data Portability
You have the right to data portability if the processing is based on your consent (Article 6(1)(a) or Article 9(2)(a) GDPR) or on a contract to which you are a party and the processing is carried out by automated means. In this case, the right to data portability includes the following rights, provided that the rights and freedoms of others are not adversely affected:

  • You may request to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.

  • You have the right to transmit these data to another controller without hindrance from us.

  • To the extent technically feasible, you may request that we transmit your personal data directly to another controller.

Applicable Legal Bases
Pursuant to Article 13 GDPR, we inform you about the legal bases for our data processing activities. Unless otherwise specified in this privacy statement, the following applies:

  • If we obtain your consent as the data subject for the processing of personal data, Articles 6(1)(a) and 7 GDPR serve as the legal basis for processing personal data.

  • For the processing of personal data that is necessary to fulfill a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing necessary for pre-contractual measures.

  • Where processing personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

  • In cases where vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

  • If the processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override this interest, Article 6(1)(f) GDPR serves as the legal basis for processing.

The legal bases for:

  • the processing of data by processors based on a so-called "contract for order processing" is Article 28 GDPR,

  • the deletion of data are Articles 17 and 18 GDPR,

  • your right to information is Article 15(1) GDPR,

  • processing in a third country is based, for example, on special safeguards such as the officially recognized adequacy decision of the EU or in compliance with officially recognized special contractual obligations pursuant to Articles 44 ff. GDPR.

  • ​

Statement on Data Retention and Deletion
We process and store personal data of you as the data subject only for the period necessary to achieve the purpose or as required by laws, directives, regulations, or provisions to which the controller is subject.

If the purpose ceases to exist or a prescribed retention period expires (e.g., by the European legislator or another competent authority), the personal data will be routinely deleted or at least blocked in accordance with legal requirements.

​

Data Protection in Job Applications and the Application Process
We process applicants’ personal data for the purpose of managing the application process. The processing may take place both by postal mail and electronically (e.g., via email) if an applicant provides us with information. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal provisions. If no employment contract is concluded, electronically submitted application documents will be automatically deleted no later than six months after the rejection notification, unless there are overriding legitimate interests of the controller opposing deletion. Such legitimate interest may include the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
Postal applications will be destroyed no later than six months after notification of rejection or returned to the applicant upon special request.

​

Recipients of Data
Online Forms: If these are not addressed directly to the internal department in our company for organizational reasons, employees responsible for customer communication forward inquiries or other messages received via online form or email to the respective internal departments responsible for processing the inquiry.

Recipients of access data stored when accessing our online offerings may include the web hosting provider, website administrator, or other persons responsible within the company, provided that the data has not been automatically deleted or anonymized beforehand.

Additionally, personal data may be transmitted to third parties.

​

Collaboration with Processors and Third Parties
Personal data will be disclosed to third parties if:

  • The data subject has given explicit consent in accordance with Art. 6(1)(a) GDPR;

  • Disclosure is necessary under Art. 6(1)(f) GDPR for asserting, exercising, or defending legal claims and there is no reason to assume the data subject has overriding legitimate interests against the disclosure;

  • Disclosure is required by a legal obligation under Art. 6(1)(c) GDPR; and/or

  • Disclosure is necessary under Art. 6(1)(b) GDPR for fulfilling a contractual relationship with the data subject or based on our legitimate interest.

By integrating third-party services, at least the information sent by the browser is transmitted to these third parties (see below). Otherwise, personal data will not be disclosed to third parties.

​

Hosting

The hosting services we utilize serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, as well as technical maintenance services, which we use for the operation of this online offering.
Hosting and the directly associated processing of personal data take place exclusively in data centers located within the scope of the EU General Data Protection Regulation 2016/679, unless otherwise stated in this declaration.
In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects, and visitors of this online offering based on our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

​

Data Security
All personal data transmitted by you (e.g., via online forms) is transferred to us using commonly accepted encryption standards.

Integration of Third-Party Services and Content
Based on our legitimate interests (i.e., interests in analyzing, optimizing, and economically operating our online offering pursuant to Art. 6(1)(f) GDPR), we partially implement scripts/products from third-party providers globally (across all areas of our online offering) or only in certain parts to integrate their content and services, such as fonts, videos, or maps (hereinafter referred to as “content”).
In doing so, the respective third-party provider receives at least the IP address of the user of our online offering. The IP address is usually technically necessary for the correct display of content, and we strive to only integrate content from third parties who process the IP address solely for the provision of the content. However, we cannot exclude that third parties may process user data transmitted by the browser of the website visitors for marketing, market research, or statistical purposes. The usually anonymized or pseudonymized information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring online offers, visit times, and other usage information of our online offering, and may be combined with information from other sources.

​

Google Fonts
For a more modern presentation, we integrate fonts ("Google Fonts") from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, into our online offerings. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

​

Online Forms
Visitors can send messages to the controller or its employees via online forms (e.g., contact form, order form, reservation form, booking form, appointment calendar, etc.) on the website. To receive a reply, at least a valid email address must be provided. All other information can be provided voluntarily unless otherwise noted in the respective form. Generally, we only collect data necessary for the smooth processing or answering of an inquiry. By submitting a message via an online form, the visitor consents to the processing of the transmitted personal data. Data processing takes place solely for the purpose of processing and responding to inquiries submitted through the online form. This is based on the voluntarily given consent pursuant to Art. 6(1)(a) GDPR. The personal data collected for the use of the online form will be automatically deleted as soon as the inquiry has been processed and there are no reasons for further storage.

​

Profiling

Profiling is not conducted by us as a standard practice. However, profiling may occur if we use Google Analytics in conjunction with Google Adwords. In such cases, we notify you upon your first visit to our website and obtain your consent.

​

Status of the Privacy Policy
This privacy policy is current as of November 1, 2018. We reserve the right to update the privacy policy from time to time to improve data protection and/or to adapt it to changed regulatory practices or case law. This privacy policy by TOP Datenschutz has been legally reviewed.

​

bottom of page