Internet address: www.hamm-footwear.com
General information on data protection
We are very pleased that you are interested in our website - and therefore also in our company. The protection of your rights to privacy and your freedom is very important to us; we only use your data for the intended purposes. Since it is important to us that you are aware at all times of the extent to which we record and use your data and possibly forward it to third parties, we inform you fully below of the processing of your personal data (recorded through our website).
You may as a matter of principle use our website without providing any data; should there be exceptions to this with respect to certain services, we will inform you accordingly in the following chapters. We do not process data without a legal basis without having obtained your informed consent beforehand.
In processing personal data, we comply strictly with the requirements of the EU General Data Protection Provision (GDPR) and any additional rules relevant to data protection that might apply.
Definition of terms used (in accordance with GDPR)
In order to ensure that the Data Protection Declaration meets the requirements of easy to understand and legible, we use the generally accepted standard concepts in the GDPR, which we reproduce below with the exact text used in the GDPR:
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consentof the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Name and address of the controllers of the processing
Hamm Market Solutions GmbH & Co KG
Moritz Hamm, Claus Gese
Am Huxmühlenbach 4
Tel.: +49 (0)541 200 25-01
Name and address of the data protection officer
Cortina Consult GmbH
Tel.: (02 51) 29 79 47 40
Please refer directly to our data protection officer should you have any questions concerning the processing of your personal data, should you wish to assert your rights as a data subject (such as, for example, the right to information, to correction, to have data blocked or deleted) or should you wish to revoke your consent.
These cookies contain under certain circumstances a so-called cookie ID – a clear identification consisting of a succession of characters that enables websites and servers to be allocated to the browser carrying out the storage.
Simultaneously, we receive through these cookies information that helps us to optimise our websites to the requirements of our visitors. We use some cookies only for the duration of your stay on the website. All cookies on our website contain purely technical and no personal data.
It is not possible to use the services we provide without cookies (or under certain circumstances not to the full extent of their functionality). Most browsers are set in such a way that they automatically accept cookies. You can however deactivate the storage of cookies or set your browser in such a way that you are notified as soon as cookies are sent.
Recording of general data and information
As soon as you visit our website, our web server records certain data of a general nature and technical information – as is shown in the following table:
These data are recorded and stored anonymously; we neither intend nor do we carry out any tracing back to the data subject.
We have provided an appropriate form for your use in order to ensure that contact can be made quickly and without any complications; alternatively, you can contact us through the e-mail addresses on our website. Personal data will only be recorded if you provide us with this information voluntarily in your e-mail or when using the form to make contact. Without your separate consent We only use the data you provide in order to fulfil and deal with your enquiry. The data will not be forwarded to third parties or only on the basis of your enquiry.
Deletion and blocking of personal data
We only store your personal data for the period of time required to fulfil the specified purpose. Once this purpose no longer applies and once any retention periods have expired, your data is immediately deleted. The data will be blocked instead should deletion not be possible.
Rights of data subjects
In chapter III, the EU General Data Protection Regulation (GDPR) provides for extensive rights of data subjects, that we would like to explain as follows with respect to data processing on our website:
1) Right to information
Should we record or have recorded and process personal data from you, you are entitled, at any time and at no expense, to receive information on the personal data about you that we have stored. This requirement applies particularly to information on the following details of data processing:
Should you wish to exercise your right to information, please contact our data protection officer using the contact data provided.
2) Right to correction
Should we record or have recorded and process personal data from you, you are entitled to demand the immediate correction or completion of incorrect or incomplete data relating to you.
Should you wish to exercise your right to have data corrected, please contact our data protection officer using the contact data provided.
3) Right to deletion (right to be forgotten)
Should we record or have recorded and process personal data from you, you are entitled to demand the deletion of your data should processing no longer be required and one of the following conditions is fulfilled:
In response to your request that the data be deleted, we will forward the request to any third parties to which your data was previously forwarded.
Should you wish to exercise your right to have data deleted, please contact our data protection officer using the contact data provided.
4) Right to the restriction of processing
Should we record or have recorded and process personal data from you, you are entitled to demand that processing be restricted, provided one of the following conditions is fulfilled:
Should you wish to exercise your right to restrict processing, please contact our data protection officer using the contact data provided.
5) Right to have data transferred
Should we record or have recorded and process personal data from you, you are entitled to demand that you receive personal data relating to you from us in a structured, standard, machine-readable format. Provided that this is technically feasible and does not impinge the rights and liberties of others, we will transmit the data – at your request – to some other (responsible) recipient.
Should you wish to exercise your right to the transferability of data, please contact our data protection officer using the contact data provided.
6) Right to object
Should we record or have recorded and process personal data from you, (on the basis of article 6 para. 1 e or f GDPR) you are entitled at any time to submit an objection to processing, including profiling. In exceptional cases, the objection may be invalid, for example should we be able to prove compelling reasons worthy of protection that outweigh your interest or should processing serve to assert, exercise or to defend legal rights. Should we process your personal data in order to carry on direct advertising, you are entitled to submit an objection to this processing at any time. This also applies to profiling, should it be linked to such direct advertising. You also have the right to object to the processing of your data we carry out for scientific or historical research purposes or for statistical purposes in accordance with article 89 para. 1 GDPR, unless such processing is required in order to fulfil a function in the public interest. Should you wish to exercise your right to object, please contact our data protection officer using the contact data provided.
7) Automated decision-making in individual cases, including profiling
Should we record or have recorded and process personal data from you, you are entitled not to be subjected to any decision based solely on automated processing, including profiling, with legal implications for you or that will affect you considerably in a similar way. Exceptions to this requirement apply should the decision be necessary in order to conclude or fulfil a contract between you and us or should you have expressly consented to the processing. In any event, we take appropriate measures to safeguard your rights and liberties and your legitimate interests, whereby this includes at least the right to have someone intervene in our company to present our own point of view and to contest the decision.
Should you wish to exercise your rights with regard to automated decision-making, please contact our data protection officer using the contact data provided.
8) Right to revoke consent granted in accordance with data protection law
Should we record or have recorded and process personal data from you, you are entitled to revoke your consent to the processing of personal data at any time.
Should you wish to exercise your rights with revoke your consent, please contact our data protection officer using the contact data provided.
Data protection in the case of applications and application procedures
Should you submit an application to us, we use personal data transmitted to us solely for the purpose of processing the application procedure. Should we appoint you as an employee after the application process has been completed, the purpose of processing the data in question will change: in this case, the data will be used to implement and maintain the employment relationship. The personal data of applicants not appointed will be retained for possible legal claims (for example, in accordance with the General Law on Equal Treatment) for the period of time stipulated for this purpose (maximum 6 months) and then immediately destroyed or deleted.
Information on data security
We use technical and organisational methods to secure our website and other systems against loss, destruction, access, change or the distribution of your data by unauthorised persons. We have also implemented an SSL encryption (SSH256) on our website to protect your data. In spite of regular checks, complete protection against all risks is however impossible.
Legal basis for processing
Depending on the nature and purpose of processing, we process personal data in accordance with the provisions of GDPR as follows:
Our legitimate interest
Our legitimate interest defined in article 6 para. 1 f GDPR is based on carrying out our business activity in maintaining our ability to operate a business and in securing the jobs of our employees.
Length of time data stored
The length of time personal data is stored is governed by the time at which the purpose of processing no longer applies in accordance with the relevant retention deadline stipulated in law. After this deadline has expired, we delete the relevant data unless it is need in order to fulfil or prepare the contract.
Obligation to provide personal data
Under certain conditions (e.g. due to legal or contractual requirements), you are required to provide us with your personal data. The following are examples of such processing:
The consequences for you of an infringement (that is the failure to provide the required data) would be that the relevant data processing and therefore the contract with you could not be completed. In individual cases, we will, at your request, explain the recording of your data beforehand, whether the data has to be provided by law or by the contract or is necessary in order to conclude the contract, and the implications that a refusal on your part would entail for you.
Existence of automated decision-making
We do not use automated decision-making nor do we use any techniques to carry out profiling measures.
Google Web Fonts
In order to ensure that you have a uniform presentation of our script types, we use the Web Fonts provided by Google; this relate to script types stored by Google that are downloaded by Google when our website is visited and deposited in your browser cache. In the course of this process, an appropriate link is established between your browser and Google’s servers, through which Google also obtains an insight into the fact that our website was retrieved with your IP address. Should your browser not support Google Web Fonts, the standard scripts on your PC will be used to display our page instead.
Google Fonts’ controller within the meaning of the GDPR is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
You will receive a detailed explanation of how Google Web Fonts functions under https://developers.google.com/fonts/faq; you will find information on how your personal data is dealt with in Google’s data protection declaration under under: https://www.google.com/policies/privacy/.
We have integrated the map service Google Maps into our website; the interactive map blended onto the website offers you a graphical overview of our location and possibly a plan of your journey to us.
Google Maps’ controller within the meaning of the GDPR is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Google sets a so-called cookie (see also the chapter “Cookies”) on your PC to display the interactive contents of your routes through which the processing of the relevant data for planning the route and possibly the transmission of data to Google are coordinated. Personal data might be recorded by the cookie, transmitted to Google in the USA and stored there, such as for example your IP address, the time of access, the location from which the access was made as well as the frequency of visits. We have no influence on this data processing by Google; You can however prevent the setting of cookies by Google in just the same way as we have already described in the chapter “Cookies”. You will find additional information and Google’s current data protection rules under https://www.google.de/intl/de/policies/privacy, moreover, the conditions of use of Google Maps apply, which you can retrieve under the following link: https://www.google.com/intl/de/help/terms_maps.html.