Data protection declaration according to GDPR

I. Name and address of the person responsible

In accordance with the GDPR and other national data protection laws of the member states as well as other data protection regulations, the person responsible is:

a. hartrodt (GmbH & Co) KG
Recha-Luebke-Damm 31
20097 Hamburg
Germany
Phone: +49 40 23 900
E-mail: ah_ham@hartrodt.com
Website: www.hartrodt.com

II. Name and address of the data protection officer

The data protection officer is:

Dr. Gerald Esins
Recha-Luebke-Damm 31
20097 Hamburg
Germany
Phone: +49 40 23 90 320
E-mail: gerald.esins@hartrodt.com

III. General remarks on data processing

The a. hartrodt (GmbH & Co) KG respects your privacy. We are aware that you rely on us to handle responsibly the personal information you confided to us. Our policy aims for a comprehensive protection of your personal data. Please continue reading should you wish to learn more about our data protection policy.

This data protection declaration regulates the collection, processing, and usage (all referred to in the following only as "processing") of your personal data that may have become available to us when using our website and/or our application or if you contact us regarding the initiation or conduct of a contract or simply for information. We handle your data in strict compliance with the relevant data protection laws and the following principles.

We comply with these principles in accordance with Art. 5 GDPR. Your data may only be processed with the appropriate security for set purposes, with the necessary minimum and to keep it up to date, and is only saved for the set purpose of collection.

1. Extent of processing of personal data
Your data may only be processed with the appropriate security for their set purposes, reduced to a necessary minimum, kept up to date, and only saved for the set purpose of collection. In principle, we only collect and process the personal data of users if it is necessary to handle them in our contracts. After executing our contracts, we only process your data after you have given your consent. There are exceptions, e.g. if obtaining consent was not possible due to factual reasons or the processing of the data is permitted by legal provisions.

2. Legal basis for the processing of personal data
Art. 6(1)(a) GDPR is the legal basis if we obtain consent for the processing operations of personal data.

Art. 6(1)(b) GDPR is the legal basis when processing personal data that is needed to handle or fulfil contracts, and when the contracting party is the affected person.

This also applies to processing operations needed for pre-contractual measures.

Art. 6(1)(c) GDPR is the legal basis when processing personal data that is necessary to fulfil legal duties, to which our company is subjected.

If the processing is necessary to ensure a rightful interest of our company or a third party and if the freedoms, rights and interests of the affected person do not override this rightful interest, Art. 6(1) GDPR is the legal basis for the processing.

3. Right to erasure ('right to be forgotten') and storage periods
As soon as the storage purpose lapses, all personal data will be deleted or locked. The storage may be extended if a European or national legislator, in accordance with European Union regulations, laws or other provisions to which the affected person is subjected, intended this. The data may be deleted or locked if the storage period lapses. If the data is needed for the conclusion or performance of contract, it may be stored longer.

4. Processing data in accordance with performing transport and logistical services
For performing transport and logistical services, the a. hartrodt group may need to process personal data. The processing of personal data may be necessary before concluding a contract (e.g. to create an offer) and while performing the contract.

The processing of personal and business contact data (e.g. surname, first name, company, physical address, e-mail address, phone number and/or fax number) that are indispensable to performing our services may include the following data categories. In individual cases, the processing of further data categories may be needed, for example:

  • Post-departure and transport information, for example
    • Post-departure contact data of carriers and recipients, their physical address, e-mail address, and phone number
    • Signature of acknowledgement of receipt
    • Account information
    • Further information which helps us perform our services and information given to us with regard to the transported goods, though only if it is personal data.
  • Information that makes it possible to identify a person.
  • Name, e-mail address and phone number of a third party if we are asked to pass on information regarding a promotion or other services.
  • Payment information and financial data (e.g. account information).
  • Tax information, if you need services that require the processing of tax information.
  • Further personal data that you or a third party provided to us while performing our services.

If you transfer personal data to a. hartrodt, please ensure their accuracy and relevance, and that it is needed for the initiation and provision of the business relation. Especially if you transfer data concerning a third person, you are legally bound to consider the general data protection principles.

If we pick up freight, deliver goods or perform other services, we may process address information. Such use of information to localise an address may include GPS data, geocodes, longitude/latitude, and images in individual cases.

Certain transport information will be transmitted to the authorities in transit or destination countries to conduct a security check or for tax or customs reasons. These transmissions rely on the legal provisions of the transit or destination country.

As a general rule, these data sets contain the following specifications, whereby it may differ due to legal reasons in individual cases: name and address of the shipper, name and address of the recipient, description of the transported goods, quantity of goods where appropriate, weight and value of the cargo.

In individual cases, we transmit personal data to another state, and then the one where the data was collected. The data is primarily transferred for the sake of performing our services. It may be transferred to other companies of the a. hartrodt group, agents who operate on behalf of the a. hartrodt (GmbH & Co) KG, or other companies that are associated with us. Please note that the a. hartrodt (GmbH & Co) KG collaborates with a number of different companies to ensure that we provide the best possible services (e.g. subcontractors like transport or logistic companies, ports, warehouses, etc.). This may require the transmission of personal data in keeping with the law.

Please note that due to technical and legal reasons, the a. hartrodt (GmbH & Co) KG is not able to provide their services if you object to this data processing and transmission, either partially or completely.

The data protection regulations of the states where we transfer data may follow different standards of legal order than the ones where you transmitted the data to us. If we transfer your data to other states, we protect your data according to these regulations and in accordance with the applicable legal requirements.

If we transmit personal data between legal orders that offer different levels of protection, we guide ourselves by the stricter legal requirements. We use specific contracts to protect personal data (e.g. the model contracts of the EU Commission for transmitting personal data to third parties), and we regularly collaborate with our partners and contractors to ensure compliance with all applicable legal requirements.

You can find further information regarding the processed data when using our website or installing our apps in the respective chapters on data protection declaration.

IV. Providing the website and creating log files

1. Description and extent of data processing
Our system automatically collects data and information about computers accessing our website. The following data is collected:

  1. Information about the browser and the used version
  2. The operating system of the user
  3. The internet service provider of the user
  4. The IP-address of the user
  5. Date and Time of access
  6. Websites that the user's system enters through our website

This data is also stored in the log files of our system. We do not store this data together with the personal data of the user.

2. Legal basis for the data processing
Art. 6(1)(f) GDPR is the legal basis for the temporary storage of data in the log files.

3. Purpose of data processing
It is necessary for our system to temporarily save the IP address so as to deliver our website to the user's computer. Therefore, the IP address of the user has to be stored for the entire time of access. It is stored in the log files to ensure the functionality of the website.

In addition, this data helps optimise our website and ensures the safety of our information technology systems. An evaluation of the data due to marketing purposes does not take place in this context. Our rightful interest in data processing in accordance with Art. 6(2)(f) GDPR lies in the purpose for which we use them.

4. Duration of storage
The data is deleted as soon as it does not anymore serve the purpose for which it was collected. When collecting data to display on the website, the purpose is no

longer served when the session is terminated. Storing data in log files happens after seven days. The data can no longer be stored. In this case, the IP addresses of the users are deleted or distorted, such that you cannot associate it to the accessing client anymore.

5. The possibility to oppose and remove

The collection and storage of data in the log files are mandatory for the smooth operation of the website. Therefore, the user cannot oppose it.

V. Usage of cookies

1. Description and extent of data processing
Our website uses cookies. Cookies are text files that are stored in the computer system of the user by the internet browser. If a user accesses a website, a cookie may be stored in the computer system of the user. This cookie contains a characteristic string of characters, which allows the website to clearly identify the browser when it accesses the website again.

The cookies we use enable basic functions and are absolutely necessary for proper functioning. These cookies are deleted at the end of your browser session (session cookies). A use for other purposes does not take place, so that a consent on your part is not necessary.

When accessing our website, the user is informed on the usage of cookies for analytical purposes by an information banner. The user is also informed about the data protection declaration in this context.

2. Legal basis for data processing
Art. 6(1)(f) GDPR is the legal basis for processing personal data by using technically necessary cookies. Art. 6(1)(a) GDPR is the legal basis for processing personal data by using cookies for analytical purposes after having received consent from the user.

3. Purpose of data processing

The purpose of analysing cookies is to improve the quality of our website and its contents. By using these cookies, we learn how our website is used and are able to optimise our range. Our rightful interest in processing personal data in accordance with Art.6 (1)(f) GDPR lies in the purpose for which we use them.

4. Storage duration, possibility to refuse and remove
Cookies are stored on the computer of the user and are transmitted from it to our website. This is why you as a user are in full control of the usage of cookies. By changing the preferences in your internet browser, you can restrict or deactivate the usage of cookies. Stored cookies can be deleted at any time. This may also happen automatically. But when you deactivate the usage of cookies for our website or any other for that matter, it is possible that you cannot use all its functions to their full extent.

VI. Matomo
We use Matomo on our website. Matomo is an open-source software application that enables us to analyse how our website is used. This application processes your IP address, the page(s) on our website that you visit, the website from which you were sent to our website (the referrer URL), the duration of your visit to our website, and the frequency with which any of our web pages is retrieved.

To collect these data, Matomo sends a cookie through your Internet browser and stores it on your terminal device. This cookie remains active for one week.

The legal basis for this activity is provided in Art. 6(1) lit. (f) GDPR (EU General Data Protection Regulation). Our legitimate interest lies in analysis and optimisation of our online presence.

We use Matomo, however, with the “Automatically Anonymize Visitor IPs” function. This anonymisation function shortens your IP address by two bytes so that it is no longer possible to attribute that address to you or to the Internet connection you used.

If you do not agree to such processing, you have the option of preventing the cookie from being stored by disabling them in your browser’s settings.

In addition, you may follow the “opt-out” method to put an end to analysis of your behaviour as a user by clicking the confirmation link.

VII. Newsletter
1. Description and extent of data processing

It is possible to subscribe to a free newsletter on our website. When subscribing to our newsletter, the data you enter in the input mask (e-mail address and company name) are transmitted to us.

In addition, the following data is collected whenever anyone subscribes:

  1. IP address of the accessing computer
  2. Date and time of registration

When subscribing, you have to give consent to the data processing and you are also referred to the data protection declaration.

The data is not transmitted to third parties in connection with the data processing for sending the newsletter. It is only used to send the newsletter.

2. Legal basis for data processing
Art. 6(1)(a) GDPR is the legal basis for the data processing after subscribing to the newsletter and giving one’s consent.

3. Purpose of data processing
The collection of the user’s e-mail address is used for delivering the newsletter. The collection of other personal data when someone subscribes to the newsletter serves only to prevent any misuse of our services or the user’s e-mail address.

4. Storage time
The data will be deleted as soon as it does not serve its purpose anymore. Therefore, the e-mail address of the user will be stored as long as the user is subscribed to the newsletter.

The remaining personal data that are collected during the registration is usually deleted after a period of seven days.

5. Possibility for refusal and removal
The user may cancel the subscription to the newsletter at any time. Therefore, every newsletter contains a link for cancelling the subscription, along with the revocation of consent to the storage of personal data collected during the registration process.

VIII. Registration

1. Description and extent of data processing
We offer users the possibility to register on our website by entering their personal data. This data is entered into the input mask, transmitted to us and stored. The data is not transmitted to third parties.

The following data is collected during the registration process:

  • Newsletter (e-mail address, company name)
  • Track & Trace (as consignment tracking)
  • Online application (please note the annotations of our provider)

When registering, the following data is stored:

  1. The IP address of the user
  2. Date and time of registration

During the registration process, the user has to consent to the collection of data.

2. Legal basis for data processing
Art. 6(1)(a) GDPR is the legal basis for data processing after the user has given his/her consent.

Art. 6(1)(b) GDPR is the additional legal basis if the registration concerns the completion of a contract and the user is a contracting partner, or if the registration is about the conduct of pre-contractual measures.

3. Purpose of data processing
The registration of a user is mandatory for having access to certain contents and services on our website.

The user’s registration is necessary for completing a contract (Track & Trace) with the user or to conduct pre-contractual measures.

4. Storage time
The data will be deleted as soon as it does not serve its purpose anymore.

This is the case for the data collected during the registration process if the registration on our website is cancelled or changed.

This is the case for data collected during the registration process in order to complete a contract or to conduct pre-contractual measures, if the data is no longer needed to conduct the contract.

Even after completing the contract, it may be necessary to store personal data of the contracting partner to fulfil contractual or legal requirements.

5. Possibility to refuse and remove
You as a user always have the possibility to cancel your registration. You can always change your stored data.

For example, there are two possibilities for cancelling the newsletter. You can either cancel the subscription on our website or when you receive the newsletter. Regarding the other tools, please contact the respective person responsible.

If the data is necessary to complete a contract or to conduct pre-contractual measures, it may only be deleted prematurely if such deletion is not opposed to any contractual or legal obligations.

IX. Rights of the data subject
If your personal data is processed, you are the affected person in accordance with the GDPR, and you have the following rights:

1. Right to information
You can request a confirmation from the person responsible on whether personal data concerning you are processed. If your personal data are processed, you can request information about the following topics:

  1. For what purpose is your personal data processed;
  2. The categories of personal data that is processed;
  3. The recipients or the categories of recipients your personal data are disclosed to or will be disclosed to;
  4. The planned duration of storage of your personal data or if this is not possible, the criteria for the duration of storage;
  5. The existence of the right to correct or delete your personal data, the right to restrict processing by the person responsible or the right to object to the processing;
  6. The existence of the right to appeal to a supervisory authority;
  7. All available information about the origin of the personal data if it is not collected from the affected person;
  8. The existence of an automated decision-making process including profiling in accordance with Art. 22(1) and (4) GDPR and - at least in these cases – significant information about the logic involved as well as the consequence and desired effects of this processing for the affected person.

You have the right to request information on whether your personal information is transmitted to a third party or an international organisation. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR regarding the transmission.

2. Right to rectification
You have the right to rectification and/or completion with respect to the person responsible if your processed personal data is incomplete or incorrect. The person responsible has to rectify and/or complete the personal data immediately.

3. Right to restrict the processing
You can request to restrict the processing of your personal data under the following conditions:

  1. If you deny the correctness of your personal data for a period of time that allows the person responsible to review the data;
  2. If the processing is unlawful and you object to the deletion of your personal data, and you want to restrict the usage of your personal data;
  3. If the person responsible no longer requires your personal data for the purpose of processing, but only for the assertion, exertion and defence of legal claims or;
  4. If you oppose the processing in accordance with Art 21(1) GDPR, and it is to be decided whether the justifications by the person responsible outweigh yours.

If the processing of your personal data is restricted, the data may only be processed with your consent. Exceptions concern its storage, if it is used for asserting, exerting, or defending legal claims, to protect the rights of another natural or legal person or for reasons of public interest to the European Union or a member state.

If the processing is restricted by the above mentioned conditions, you will be informed by the person responsible before the restriction is lifted.

4. Right to erasure (‘right to be forgotten’)
a. Obligation to delete

You can request the person responsible to delete your personal data immediately. The person responsible is obliged to immediately delete your personal data if one of the following conditions is met:

  1. Your personal data is not necessary anymore for the purpose it was collected or processed.
  2. You revoke your consent to the processing in accordance with Art 6 (1(a)) or Art 9(2)(a) GDPR, and there is no other legal basis for the processing.
  3. You file an objection in accordance with Art. 21(1) GDPR against the processing and there are no overriding, justifiable reasons; or, you file an objection in accordance with Art. 21(2) GDPR against the processing.
  4. Your personal data were processed illegally.
  5. The deletion of your personal data is needed to fulfil a legal obligation in accordance with the rights of the European Union or a member state, to which the person responsible is subjected.
  6. Your personal data was collected in relation to the offered services of the information company in accordance with Art. 8(1) GDRP.

b. Information transfer to third parties
If the person responsible has published your personal data and is obligated to delete them in accordance with Art 17(1) GDPR, he/she has to take measures, includingtechnical ones, to inform the one in charge of processing the personal data that you as the affected person request the deletion of all links to this personal data or any copies or replications thereof.

c. Exceptions
The right to deletion is considered null and void if the processing is necessary:

  1. to exercise the right to free speech and information;
  2. to fulfil a legal obligation that requires data processing in accordance with the law of the European Union or member state(s) to which the person responsible is subjected, or to perform a task of public interest; or the exercise of official authority that has been transferred to the person responsible;
  3. for reasons of public interest or public health in accordance with Art 9(2)(h) & (i), as well as Art 9(3) GDPR;
  4. for archiving purposes of public interest, scientific or historical research purposes or for state purposes in accordance with Art. 89(1) GDPR, as long as the right stated in a) makes the completion of the goals prospectively impossible or seriously affects these goals; or
  5. to assert, exert and defend against legal claims.

5. Right of access by the data subject
If you assert your right to rectification, deletion or restriction of processing towards the person responsible, he/she is obligated to inform all recipients of your personal data about the need for rectification, deletion or restriction. Exceptions are made where it is not possible to contact the recipient or if it requires a disproportionate expense. You have the right to be informed about those recipients.

6. Right to data portability'
You have the right to receive the personal data that you provided to the person responsible in a structured, common, and machine-readable format.

In addition, you have the right to transmit your personal data to another responsible person without hindrance by the person responsible to whom you first provided the data, if

  1. The processing is based on consent in accordance with Art 6(1)(a) GDPR or Art. 9(2)(a), or is based on a contract in accordance with Art. 6(1)(b) GDPR, and
  2. The data is processed by means of automated methods.

When exerting this right, you also have the right for your personal data to be sent directly from one responsible person to another, if that is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not affect personal data that is necessary to perform a task of public interest or to exercise official authorities transferred to the person responsible.

7. Right to object
You have the right to file an objection against the processing of your personal data in accordance with Art. 6(1)(e) or (f) GDPR due to your special situation. This is also valid for profiling in accordance with these regulations.

The person responsible cannot process your personal data anymore, unless he/she can find compelling and legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is necessary to assert, exert or defend legal claims.

If your personal data is processed for direct advertising, you have the right to object to the processing of your personal data. This is also valid for profiling that is connected to direct marketing.

If you object to processing done for the purpose of direct marketing, your personal data will not be processed for this purpose.

You have the possibility to exercise your right to objection associated with the usage of services provided by the information company – notwithstanding regulation 2002/58/EU – with the help of automated processes using technical specifications.

8. Right to withdrawal of data protection declaration of consent
You have the right to withdraw your data protection declaration of consent. By withdrawing your consent, the legitimacy of processing before such withdrawal is not affected.

9. Automated decision in individual cases including profiling
You have the right not to be subject to an automated decision – including profiling – that becomes legally effective towards you or seriously affects you in any other way. This is not valid, if the decision:

  1. Is necessary for the completion of a contract between you and the person responsible;
  2. Is allowed by legal regulations of the European Union or member states, to which the person responsible is subjected, and if these legal regulations include appropriate measures to preserve your rights and freedoms as well as your rightful interests.
  3. is based on your explicit consent.

However, these decisions may not be based on special categories of personal data according to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR is applied and appropriate measures taken to protect your rights, freedoms and rightful interests.

Regarding the cases (1) and (3), the responsible person has to take appropriate measures, to protect the rights and freedoms, and your rightful interests. This includes at least the right to request an intervention by someone on the part of the responsible person, to explain your own position, and to contest the decision.

10. Notification of a personal data breach to the supervisory authority
Untouched by any administrative or legal remedy, you have the right to complain to a supervisory authority, especially in the member state where you reside, work, or where the alleged breach has taken place. You may complain if you are of the opinion that the processing of personal data affecting you violates the GDPR. The supervisory authority informs the complainant about the state and results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.

X. Social media

You can find external links to social media on our website, the so called “Social Plugins”. Their function is to transfer information and user data. This function is only triggered by clicking on the link, not by merely visiting our website. After clicking these links, the plugins of the respective media are activated and your browser establishes a direct connection to their servers.

If you click a link while visiting our website, there may be a transfer of your user data to the respective network and your user data might be processed by that network. If you click these links during your visit to our website and are also logged on to your personal user account at the social network, the social network may receive the information that you have visited our website and store or associate it with your user account. To prevent this association with your account, you have to log out of the social network before clicking the link.

You can find further information regarding the purpose and extent of data collection by the social media (networks), the further processing and usage of your data, as well as your rights and configuration options to protect your privacy in the data protection information of the respective network. The social network is solely responsible for any data processing triggered by clicking its link on our website.

Regarding details, we like to refer to the information given by the social media currently used on our website. You can find social plugins for social media (networks) such as Facebook, LinkedIn, and Instagram on our website.

The services are provided by the companies Facebook Inc., LinkedIn Inc, and Instagram Inc. (“Provider”). Social plugins are cookies, as was explained in section 5.

Facebook is run by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You can find an overview of the plugins used by Facebook and their appearance here: https://developers.facebook.com/docs/plugins

LinkedIn is run by LinkedIn Inc., 2019 Stierlin Court, Mountain View, CA 94304, USA. You can find an overview of the plugins used by LinkedIn and their appearance here:
https://www.linkedin.com/legal/cookie-policy

Instagram is run by Instagram LLC., 1601 Willow Rd, Menlo Park, CA 94025, USA. You can find an overview of the Instagram buttons and their appearance here:
http://www.addthis.com/social-buttons/instagram-follow-button

By integrating these plugins and their activation, the provider receives the information that your browser accessed the page of our website, even if you do not have a user profile or you are not logged in. This information (including your IP address) may be sent by your browser directly to a server of the respective provider and is then processed. According to their own information, the providers (Facebook, LinkedIn, and Instagram) process the personal data of users from member states of the EU or EEA. The data of users residing outside of the EU or EEA are processed in the USA or a third country if necessary. If the data is transferred from servers within the EU/EEA to servers outside the EU/EEA within the provider’s network, the a. hartrodt (GmbH & Co) KG has no legal or technical influence.

You can find the information regarding the purpose and extent of the data collection, its further processing and usage by the provider, your rights regarding this, and your configuration possibilities to protect your privacy in the data protection information of the provider.

If you do not want Facebook, LinkedIn or Instagram to immediately assign the data collected on our website to your social media profile, you have to log out of their respective service before visiting our website.

XI. Marketing

Facebook
We do not use Facebook Lookalike Customs Audience and we do not transfer personal data to Facebook from our central IT-systems (CRM, SAP, etc.). When using our website, you agree to this usage of the “Customs Audiences” function.

Over the course of the day of your visit to our website, a direct connection to the Facebook servers is established, through which information over the pages of our website you visited are transferred. Facebook associates this information with your personal Facebook user account. You can find further information regarding the collection and usage of the data by Facebook, your rights regarding this, and the possibilities you have to protect your privacy in the data protection information of Facebook: https://www.facebook.com/about/privacy/.

If you do not want Facebook to immediately associate the collected data with your Facebook user account, you can deactivate the remarketing-function “Custom Audiences”. You have to log on to Facebook to be able to do so. https://www.facebook.com/settings/

LinkedIn Website
The a. hartrodt (GmbH & Co) KG does not provide any personally identifiable information from our central operative IT systems (e.g. CRM- or CSV-files) to LinkedIn.

For further information, please consult the specific conditions on the LinkedIn-website: www.linkedin.com/legal/conversion-tracking

The general data protection regulations of LinkedIn may be found here: https://www.linkedin.com/legal/privacy-policy

Further information regarding the opt-out regulations of LinkedIn may be found on the LinkedIn website:
https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences?lang=de

Furthermore, you can block cookies by changing your browser add-on preferences or by contacting us for help; further information via the contact details given in section 16.

XII. Third-party access to your personal data
The collection, processing and usage of personal data are performed by us and – where they are not explicitly excluded – by other companies of the a. hartrodt group or by commissioned external service providers that are contractually and legally bound to data protection. In the two last-mentioned cases, we will ensure that the group companies and external service providers follow the relevant legal data protection regulations and comply with this data protection declaration. We orient ourselves under the legal requirements of the EU GDPR, if there are no overriding, stricter legal requirements applicable.

Furthermore, no third parties have access to your personal data. We will neither sell this data nor utilise it in any other way. We will only transfer your data to the competent authorities on behalf of administrative or legal orders or to fulfil or report any obligation. This is also valid for the case of a juridical order. In the case of a legal, administrative, or juridical reporting obligation, we will review whether the transfer is lawful according to the principles of the EU GDPR and/or the applicable national laws, and if necessary take legal action.

XIII. Security
We have taken technical and organisational measures to protect your personal data against loss, change, theft or unauthorised access by third parties. Our IT systems are set up so that the a. hartrodt (GmbH & Co) KG complies with the requirements of Art 32ff. of the EU GDPR.

XIV. Children and minors
Knowingly, we do not process the personal data of minors under 16 years of age as long as we are not legally bound to do so. Should we be notified that we have received such information without any legal obligation or the consent of their parents or guardians, we will delete the data immediately.

XV. Deleting and blocking
We will delete your personal data if and when their business purpose ceases to exist or if we are bound to do so by relevant legal data protection regulations. In the case of consent, we will delete your personal data after having received your objection or after the purpose of your consent (Digit 2) ceases to exist.

If you wish, we will block your personal data either partially or completely unless this harms an overriding legal interest in the processing of data at the a. hartrodt (GmbH & Co) KG. To do so, please let us know the extent to which and for which time span you wish to block your data. If technically feasible, you can exclude your personal data from being processed in certain fields.

XVI. Payment information
In our e-business-systems (subject to registration), you might have to enter your payment data or use payment services like credit card- or online payment providers such as PayPal Inc.

If the a. hartrodt (GmbH & Co) KG uses the payment process of a third-party provider, we do not store any credit card data, but transfer the execution of the payment process wholly to the third-party provider. Your personal data will be processed by the third-party provider to the extent that they can provide such services.

Please contact the third-party provider for information about their data protection regulations and compliance with existing legislation. If you have any questions regarding our usage of third-party payment service providers, please contact us. You can find our contact details in section 16.

XVII. Hyperlinks
The website of the a. hartrodt (GmbH & Co) KG may contain hyperlinks and electronic cross references to third-party websites. Since the a. hartrodt (GmbH & Co) KG is not responsible for the contents and conformity of these third-party websites to relevant regulations, we recommend taking a closer look at the data protection declaration of these websites.