Data privacy
1. General
Responsible body
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is
HYFRA Industrekühlanlagen GmbH
Industriepark 54
56593 Krunkel
DPO
You can reach our data protection officer at:
E-Mail: extdsb@ask-datenschutz.de
HYFRA is part of the Glen Dimplex group of Companies, please see https://www.glendimplex.com/en-ie.
The protection of personal data is important to us. We therefore conduct our activities in accordance with the applicable legal provisions on the protection of personal data and data security. Below you will find information about data protection on our website.
2. Definition of terms
The data protection declaration of the HYFRA Industriekühlanlagen GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance. We use the following terms, among others, in this privacy policy:
a) Personal Data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data Subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction/limitation on processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. What data do we collect and use?
How your personal data is collected and processed depends on how you communicate with HYFRA:
a) Customers
When you research, purchase or use products from us, we collect your personal data directly or indirectly, whether through our websites, dealers or wholesalers, marketing events or in other ways. We use this data to provide you with information about devices, services, customer support and other relevant topics. We collect the following personal data: Your name and contact information, company name, customer ID IP addresses, identification codes of thermostats or other devices. We collect and use personal data for product registration, to manage warranty or discount information, for newsletters, social media and email campaigns, for the registration and use of thermostats, for the operation and optimization of devices, services and support offers and for the distribution and marketing of our devices and services.
If you connect to our platforms and online services via a social network, you declare your consent to share your user data with us.
Dealers and other intermediaries provide HYFRA with personal data of third-party customers and other persons. HYFRA processes the personal data provided by third parties as specified in the respective contract and for other purposes permitted under this Privacy Policy.
b) Job Candidates
When we consider you as a candidate for an open position at HYFRA, we collect your personal data. We collect and process the following types of data: Contact information, IP addresses and device identifiers, employment history, education and training, wage or salary information, preferred activities, special needs or required accommodations, references, certificates of good conduct, and data you have publicly disclosed or provided in a resume, job application or similar document. Where applicable, we also collect data such as gender, religion, ethnicity, employment and residence status and marital status. In this context, personal data may also be provided by external data services. We use this personal data to review and process your job application and manage your employment relationship if you are hired.
If you apply for a vacant position with us, via our recruitment portal, we will process your personal data as described in the privacy policy of the HYFRA Recruiting Portal
c) Use of personal data for newsletter registration
When you register for the free HYFRA newsletter, you consent to the collection of personal data. This data will be used exclusively for sending the newsletter and will not be passed on to third parties. If you do not wish to receive any further newsletters from HYFRA in future, please click on the unsubscribe link contained in the newsletter
d) What other data do we collect and use
We also collect and use personal data from third party sources, such as affiliates, third party services, retail partners and public directories. HYFRA also uses personal data to protect its employees, affiliates and others from error, fraud and theft, to protect our goods and property, to prevent fraud and other forms of abuse and to investigate such incidents, and to comply with laws, regulations and governmental orders, including the consistent implementation of this Privacy Policy.
4. How do we share personal data?
When we share your personal data, we require the recipients of the data to have appropriate safeguards in place to protect the data and prohibit them from using this data for their own purposes or in a way that is not necessary for the provision of the service in question. We share personal data with the following recipients:
a) To third-party service providers, dealers, distributors, contractors and subcontractors to help us establish, maintain and manage our business relationship with you and as necessary for our business operations, such as to support the installation, maintenance, technical operation and improvement of our equipment and services.
b) To external technology service providers who assist us in operating our websites, maintaining our customer and marketing databases, conducting promotions, implementing marketing activities and achieving other legitimate business purposes
To external partners who support our recruitment processes, for example through interviewing and testing, travel logistics, relocation, immigration advice, reporting and analytics, and pre-employment background checks.
c) To public authorities within the scope of our legal obligations or insofar as it is necessary to protect our rights or the rights of third parties
5. International data transfers
If we transfer your personal data to a recipient that is not based in the European Economic Area, we will ensure that your data is adequately protected in accordance with the General Data Protection Regulation. In this context, personal data will only be transferred to recipients in such countries if they (i) have entered into EU standard contractual clauses with us or (ii) have implemented binding corporate rules.
6. Consent and Revocation
Personal data provided to us via our website is generally only stored until the purpose for which it was entrusted to us has been fulfilled. In special cases, data may be used beyond the statutory retention periods if this is necessary to establish or protect legal claims or to defend against legal action. Otherwise, the use of your e-mail address, your telephone and/or mobile phone number for the purpose of advertising or market or opinion research requires separate consent. You can give this consent electronically when entering your data and revoke it at any time for the future. If you no longer consent to the storage of your personal data or if it has become incorrect, we will arrange for your data to be deleted (insofar as this is possible under the applicable law) or blocked or make the necessary corrections at your request.
7. Internal safety measures
We take appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, use or alteration, as well as against unauthorized disclosure or access. Our employees are obliged to maintain confidentiality, our security precautions correspond to the current state of the art to an appropriate extent and our systems are regularly checked for security so that we can provide long-term protection against any damage, loss and access to data held by us.
8. Links to other websites
We occasionally refer to the websites of third parties. Although we select these third parties carefully, we cannot assume any guarantee or liability for the accuracy or completeness of the content and data security of third-party websites. This privacy policy also does not apply to linked third-party websites.
9. Use of cookies
Cookies are small text files that are stored on the Internet user's PC. They are used to control the Internet connection during your visit to our website. At the same time, these cookies provide us with information that enables us to optimize our websites to the needs of our visitors. In some cases, we only use cookies for the duration of your visit to the website. See our cookie policy for details: open configuration.
10. Data Subject Rights
Under applicable data protection law, you may have the right to
a) to request confirmation as to whether we process personal data about you and to obtain information about the personal data we process,
b) to request the rectification of inaccurate personal data,
c) to request the erasure of personal data processed by us
d) to request the restriction of the processing of personal data
e) to request the transfer of personal data that you have actively provided to us
f) to object to the processing of personal data on grounds relating to your particular situation, or
g) to revoke a declared consent.
11. Legal Basis for the processing
a) Consent
Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
b) Fulfilment of a contract
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service or consideration, the processing is based on Art. 6 I lit. b GDPR.
c) Precontractual measures
The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.
d) Legal Obligations
If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR.
e) Vital Interests
In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 I lit. d GDPR.
f) Legitimate interests of our company
Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR). Where the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to carry out our business in favor of the well-being of all our employees and our shareholders.
12. Retention
We will retain your personal data for as long as necessary for the purposes set out in this Privacy Policy or to comply with legal requirements. After this period has expired, we dispose of personal data in a secure manner or take appropriate measures to anonymize it if it needs to be retained.
13. Existence of automated decision making
As a responsible company, we do not use automated decision-making or profiling.
14. Control and information centre
If you are not satisfied with the data protection measures described here or if you have any questions regarding the collection, processing and/or use of your personal data, we would be pleased to hear from you. We will endeavor to answer your questions as quickly as possible and implement your suggestions. You also have the option of contacting the responsbile data protection supervisory authority at any time.
An overview of the national and international data protection authorities is available here.
15. Liability
All information contained on this website has been checked with great care. However, we cannot guarantee that the information is correct, complete and up to date at all times. Should you notice an error, we would be pleased if you would inform us. We can then correct it at short notice.
16. Updating this privacy policy
We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.
[29.05.2024]