Privacy Policy

Change cookie settings

In accordance with the legal requirements of data protection law (in particular the new version of the German Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (GDPR)), we inform you below about the type, scope and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. With regard to the definition of terms such as ‘personal data’ or ‘processing’, we refer to Art. 4 GDPR.

1. controller

The controller within the meaning of the GDPR is:

HK-CON GmbH Maschinenbau
Böcklerstraße 19
36041 Fulda
Tel. 0661 25062-0
Fax: 0661 25062-20
E-Mail-Adresse: info@hk-con.de

Managing Director:
Walter Kraft
Dipl.-Ing. Reinhold Kraft
Waldemar Hildebrandt

Handelsregister/Nr.: HRB 2032
Registergericht: Registergericht: Amtsgericht Fulda

2. Definitions

This Privacy Policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our Privacy Policy aims to be easily readable and understandable for both the public and our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this Privacy Policy, we use, among others, the following terms:

  1. Personal Data
    Personal Data means any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. Data Subject
    Data Subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
  3. Processing
    Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. Restriction of Processing
    Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
  5. Profiling
    Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
  6. Pseudonymization
    Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  7. Processor
    Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
  8. Recipient
    Recipient is a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
  9. Third Party
    Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  10. Consent
    Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Legal Basis for Processing

Article 6(1)(a) GDPR (in conjunction with § 25(1) TDDDG (formerly TTDSG)) serves as the legal basis for our company's processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, such as processing operations required for the supply of goods or to provide any other service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, for example, in the case of inquiries regarding our products or services.

If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor in our company were injured and his name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Article 6(1)(d) GDPR.

Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations that are not covered by any of the above-mentioned legal grounds if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. The legislator considered that a legitimate interest could be assumed if you are a client of our company (Recital 47 Sentence 2 GDPR).

Our offerings are generally directed to adults. Persons under the age of 16 should not transmit personal data to us without the consent of their parents or guardians. We do not request personal data from children and adolescents, do not collect them, and do not pass them on to third parties.

4. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

  1. you have given us your explicit consent according to Art. 6(1)(a) GDPR,
  2. the disclosure is permissible under Art. 6(1)(f) GDPR for the protection of our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
  3. there is a legal obligation for the disclosure according to Art. 6(1)(c) GDPR, and
  4. it is legally permissible and necessary for the execution of contractual relationships with you according to Art. 6(1)(b) GDPR.

To protect your data and to potentially enable the transfer of data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission's Standard Contractual Clauses. If the Standard Contractual Clauses are not sufficient to ensure an adequate level of security, your consent in accordance with Art. 49(1)(a) GDPR may serve as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

  1. you have given us your explicit consent according to Art. 6(1)(a) GDPR,
  2. the disclosure is permissible under Art. 6(1)(f) GDPR for the protection of our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
  3. there is a legal obligation for the disclosure according to Art. 6(1)(c) GDPR, and
  4. it is legally permissible and necessary for the execution of contractual relationships with you according to Art. 6(1)(b) GDPR.

As part of the processing operations described in this Privacy Policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they are certified under the EU-US Data Privacy Framework, thereby falling under the adequacy decision of the EU Commission pursuant to Art. 45 GDPR. We have explicitly mentioned this for the relevant service providers in the Privacy Policy. To protect your data in all other cases, we have concluded data processing agreements based on the European Commission's Standard Contractual Clauses. If the Standard Contractual Clauses are not sufficient to ensure an adequate level of security, your consent in accordance with Art. 49(1)(a) GDPR may serve as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

5. Technology

5.1 SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock icon in your browser line.

We use this technology to protect your transmitted data.

5.2 Data Collection When Visiting the Website

When using our website for informational purposes only, if you do not register or otherwise provide us with information or consent to processing requiring consent, we only collect the data that is technically necessary for the provision of the service. These are typically data transmitted by your browser to our server ("in so-called server log files"). Our website collects a series of general data and information with each visit to the website by you or an automated system. This general data and information are stored in the server log files. The following can be collected:

  1. browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system reaches our website (so-called referrer),
  4. the sub-pages that are accessed via an accessing system on our website,
  5. the date and time of access to the website,
  6. a shortened Internet Protocol address (anonymized IP address), and
  7. the Internet service provider of the accessing system.

When using these general data and information, we do not draw any conclusions about your person. This information is needed to:

  1. deliver the content of our website correctly,
  2. optimize the content of our website as well as the advertising for it,
  3. ensure the permanent functionality of our IT systems and the technology of our website, and
  4. provide law enforcement authorities with the information necessary for prosecution in case of a cyber attack.

We evaluate these data and information statistically and with the aim of increasing data protection and data security in our company to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for the data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.

5.3 Hosting by Host Europe

We host our website with Host Europe GmbH, Hansestrasse 111, 51149 Cologne (hereinafter referred to as Host Europe).

When you visit our website, your personal data (e.g., IP addresses in log files) are processed on Host Europe's servers.

The use of Host Europe is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation and provision as well as securing of our website.

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with Host Europe. This is a legally required contract that ensures that Host Europe processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

For more information on Host Europe's privacy policy, please visit: https://www.hosteurope.de/AGB/Datenschutzerklaerung/

6. Cookies

6.1 General Information about Cookies

Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

The information stored in the cookie is related to the specific device used. However, this does not mean that we can directly identify you through it.

The use of cookies serves to make the use of our offerings more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have been with us before and which entries and settings you have made so that you do not have to enter them again.

We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies allow us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period. The respective storage duration of the cookies can be found in the settings of the consent tool used.

6.2 Legal Basis for the Use of Cookies

The data processed by cookies, which are required for the proper functioning of the website, are necessary to protect our legitimate interests and those of third parties according to Art. 6(1)(f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6(1)(a) GDPR.

6.3 Borlabs Cookie (Consent Management Tool)

We use the Wordpress cookie plugin "Borlabs Cookie" from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service allows us to obtain and manage the consent of website users for data processing.

Borlabs Cookie collects data generated by end users who use our website using cookies. When an end user gives consent, the following data is automatically logged, among other things:

  • Cookie runtime,
  • Cookie version,
  • Domain and path of the Wordpress page,
  • Selection in the cookie banner,
  • UID (a randomly generated ID).

The consent status is also stored in the browser of the end user so that the website can automatically read and follow the end user's consent for all subsequent page requests and future end user sessions for up to 12 months. Consent data (consent and revocation of consent) is stored for three years. The retention period corresponds to the regular limitation period according to § 195 BGB. The data will then be deleted immediately.

The functionality of the website cannot be guaranteed without the described processing. The user has no right to object as long as there is a legal obligation to obtain the user's consent for certain data processing operations, Art. 7(1), 6(1)(1)(c) GDPR.

The collected data will not be forwarded to Borlabs GmbH, nor will it have access to it.

For more information, please visit: https://de.borlabs.io/borlabs-cookie/.

7. Content of Our Website

7.1 Contact / Contact Form

When you contact us (e.g., via contact form or email), personal data is collected. The data collected when using a contact form is evident from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request according to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after the final processing of your inquiry, provided that there are no statutory retention obligations.

8. Our Activities in Social Networks

To communicate with you and inform you about our services, we are present on social networks with our own pages. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the data processing operations triggered in accordance with Art. 26 GDPR.

We are not the original provider of these pages; we only use them within the framework of the possibilities offered by the respective providers. Therefore, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. This may pose risks to the protection of your data, as it may be more difficult to enforce your rights, such as access, deletion, objection, etc. Additionally, the processing of your data in social networks often serves advertising or market research purposes, which is beyond our control. User profiles may be created by the providers using cookies and by linking your usage behavior with your member profile on the respective social networks.

The described processing of personal data is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest and the legitimate interest of the respective provider to communicate with you in a contemporary manner and to inform you about our services. If you are asked by the respective providers for consent to data processing, the legal basis for processing is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.

Since we have no access to the data stocks of the providers, we recommend that you exercise your rights (e.g., access, correction, deletion, etc.) directly with the respective provider. For more information on the processing of your data in social networks, please refer to the privacy policies of the respective providers listed below:

8.1 YouTube

Joint Controller for Data Processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy Policy:
https://policies.google.com/privacy

9. Web Analysis

9.1 Google Analytics 4 (GA4)

We use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), on our websites.

In this context, pseudonymized user profiles are created and cookies (see the section "Cookies") are used. The information generated by the cookie about your use of this website may include:

  • Brief collection of the IP address without permanent storage
  • Location data
  • Browser type/version
  • Operating system used
  • Referrer URL (previously visited page)
  • Time of server request

The pseudonymized data may be transmitted by Google to a server in the USA and stored there.

This information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website and internet usage for market research and the tailored design of these web pages. This information may also be transferred to third parties if required by law or if third parties process this data on behalf.

These processing operations are carried out exclusively with explicit consent in accordance with Art. 6(1)(a) GDPR.

Google's default data retention period is 14 months. Personal data will be retained as long as necessary to fulfill the processing purpose. The data will be deleted as soon as it is no longer required for achieving the purpose.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists, allowing the transfer of personal data without further guarantees or additional measures.

For more information on data protection when using GA4, please visit: https://support.google.com/analytics/answer/12017362?hl=de.

9.2 Leadinfo (Lead Generation Service)

We use the lead generation service of Leadinfo B.V., Rivium Quadrant 141, Capelle aan den IJssel, South Holland 2907, on our website.

This service identifies visits from companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses. IP addresses are neither displayed nor stored.

In addition, Leadinfo uses two first-party cookies to analyze user behavior on our website and processes domains from form entries (e.g., "leadinfo.com") to correlate IP addresses with companies and improve the services.

Typically, the following data is collected and processed:

  • IP address without permanent storage
  • Location based on the IP address
  • Domain from form field entries

These processing operations are carried out exclusively with explicit consent in accordance with Art. 6(1)(a) GDPR. Your data will be stored until the purpose is achieved or until you withdraw your consent.

For more information on Leadinfo's privacy policy, please visit: https://www.leadinfo.com/de/rechtliches/datenschutz/.

10. Plugins and Other Services

10.1 Google Maps

On our website, we use Google Maps (API). The operator of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with its headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps to visually present geographic information. By using this service, for example, our location can be displayed to you, and any directions can be made easier.

When you access subpages on which the Google Maps map is embedded, information about your use of our website (such as your IP address) is transmitted to and stored on Google's servers in the USA, provided you have given consent pursuant to Art. 6 para. 1 lit. a) GDPR. Additionally, Google Maps loads Google Web Fonts and Google Photos as well as Google stats. The service provider is also Google Ireland Limited. When you call up a page that embeds Google Maps, your browser loads the web fonts and photos required to display Google Maps into your browser cache. For this purpose, the browser you are using establishes a connection to Google's servers. This informs Google that our website has been accessed via your IP address. This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data is directly assigned to your account. If you do not want the association with your profile on Google, you must log out of your Google user account. Google stores your data (even for non-logged-in users) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

If you do not agree with the future transmission of your data to Google as part of the use of Google Maps, there is also the possibility to completely deactivate the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus also the map display on this website cannot be used then.

These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can view the Google terms of use at https://www.google.de/intl/en/policies/terms/regional.html, and the additional terms of use for Google Maps at https://www.google.com/intl/en_US/help/terms_maps.html.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision under Art. 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

You can view the Google Maps privacy policy at: ("Google Privacy Policy"): https://www.google.de/intl/en/policies/privacy/.

10.2 Google Tag Manager

We use the Google Tag Manager service on this website. The operator of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with its headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows "website tags" (i.e., keywords embedded in HTML elements) to be implemented and managed through an interface. By using Google Tag Manager, we can automatically track which button, link, or personalized image you have actively clicked on and can then record which content on our website is particularly interesting to you.

The tool also ensures the triggering of other tags that may collect data themselves. Google Tag Manager does not access this data. If you have made a deactivation at the domain or cookie level, it remains effective for all tracking tags implemented with Google Tag Manager.

These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision under Art. 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

For more information about Google Tag Manager and Google's privacy policy, please visit: https://www.google.com/intl/en/policies/privacy/.

11. Your Rights as a Data Subject

11.1 Right to Confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

11.2 Right to Access Art. 15 GDPR

You have the right to obtain from us, at any time and free of charge, information about the personal data stored concerning you, as well as a copy of this data in accordance with the legal provisions.

11.3 Right to Rectification Art. 16 GDPR

You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, considering the purposes of the processing.

11.4 Right to Erasure Art. 17 GDPR

You have the right to demand that we delete personal data concerning you without undue delay, provided that one of the legally stipulated reasons applies and insofar as the processing or storage is not necessary.

11.5 Right to Restriction of Processing Art. 18 GDPR

You have the right to demand the restriction of processing if one of the legal prerequisites applies.

11.6 Right to Data Portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

11.7 Right to Object Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is based on Art. 6 para. 1 lit. e) (data processing in the public interest) or f) (data processing based on a balance of interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is for the establishment, exercise, or defense of legal claims.

In individual cases, we process personal data to carry out direct marketing. You have the right to object at any time to the processing of personal data for such marketing, including profiling to the extent that it is related to such direct marketing. If you object to our processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Additionally, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

It is your free choice to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

11.8 Right to Withdraw Data Protection Consent

You have the right to withdraw consent to the processing of personal data at any time with effect for the future.

11.9 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of personal data.

12. Routine Storage, Deletion, and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the storage purpose or as required by legal regulations to which our company is subject.

If the storage purpose ceases to apply or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

13. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data will be routinely deleted, provided it is no longer required for the fulfillment or initiation of a contract.

14. Current Validity and Changes to this Privacy Policy

This privacy policy is currently valid and has the status: July 2024.