Login

Data protection information according to the GDPR for www.hochland.io

Hochland Deutschland GmbH takes the protection of your data seriously and we want you to feel safe and comfortable when using our services at hochland.io. Safeguarding your privacy when processing personal data is an important concern for us, and one that we take into account in the course of our business. We process personal data that is collected when you use our hochland.io services in accordance with the provisions of the General Data Protection Regulation (GDPR) and other relevant data protection regulations. Our data protection policy is also based on the Hochland Group's Code of Conduct. This site may contain links to sites of other providers which are not covered by this data protection declaration. Hochland Deutschland GmbH accepts no responsibility for the compliance of these other websites with data protection regulations, or their content.

Below you will find the information according to Art. 13, 14 of the GDPR, § 25 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) pertaining to your visit to this website. The table of contents will help you to get a better overview of the individual points and to find the answers relevant to you more quickly.

 

1. Name and address of the controller

The controller within the meaning of the GDPR and other data protection regulations is:

Hochland Deutschland GmbH
Kemptener Str. 17
88178 Heimenkirch, Germany
Phone (0049) (0)8381-502-0

Further information can be found in the imprint.

 

2. Contact data of the data protection officer

You can contact our data protection officer as follows;

By post: Hochland Deutschland GmbH (see above for address), data protection officer

or via e-mail: datenschutz@hochland.com.

 

3. General points about data processing

3.1. Scope of personal data processing

We only process our users' personal data to the extent that it is necessary to do so in order to provide a functional website and to present our content and services, or if we are permitted to do so on other legal grounds.

 

3.2. Legal basis for the processing of personal data

Insofar as we obtain the data subject's consent for the processing of personal data, Art. 6 para. 1, clause 1 (a) of the GDPR serves as the legal basis.

When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1, clause 1 (b) of the GDPR serves as the legal basis. This also applies to processing steps that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1, clause 1 (c) of the GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 para. 1, clause 1 (d) of the GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1, clause 1 (f) of the GDPR serves as the legal basis for the processing.

 

3.3. Data deletion and storage duration 

The data subject's personal data will be deleted as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, national laws or other regulations to which the controller is subject. The data will be deleted when the storage period specified by the aforementioned standards expires.

 

4. Provision of the website and creation of log files

4.1. Description and scope of the data processing

As with any website, information is automatically sent to us by your browser when you visit our site. This data is temporarily recorded in our log files. This data is not stored together with your other personal data.

The following data is collected:

  • Information about the browser type and version used

  • Your operating system

  • Your internet service provider

  • Your IP address

  • Date and time of access

 

4.2. Legal basis for the data processing

The collection and processing of this data involves absolutely essential information within the meaning of § 25 para. 2 no. 2 of the German Telecommunications and Telemedia Data Protection Act (TTDSG). The legal basis for data processing under data protection law is Art. 6 para. 1, clause 1 (f) of the GDPR.

 

4.3. Purpose of the data processing 

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Data storage in log files is to ensure the website's functionality and to ward off attacks. We also use the data to ensure the security of our IT systems. The data is not analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1, clause 1 (f) of the GDPR.

 

4.4  Storage duration 

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. When the data is collected for the provision of the website, this happens when the respective session has ended. If the data is stored in log files, this happens after 30 days at the latest.

 

4.5. Option to object

Data collection for the provision of the website and data storage in log files are absolutely essential for website operation. If you wish to object to this data processing, it is not possible to use the website and we ask you to leave it.

 

5. E-mail contact

5.1. Description and scope of the data processing

Contact can be made via the e-mail address provided. In this case, the personal data sent along with the e-mail and the e-mail address itself will be stored.

In this context, your data will be used for the sole purpose of processing the conversation. As a rule, the data is not passed on to third parties. The data will only be forwarded to another Hochland company if your details indicate that your contact enquiry concerns another Hochland company.

 

5.2. Legal basis for the data processing

The legal basis for processing the data is Art. 6 para. 1, clause 1 (f) of the GDPR. If making contact is aimed at the conclusion of a contract, the legal basis for the data processing is Art. 6 para. 1, clause 1 (b) of the GDPR.

 

5.3. Purpose of the data processing 

Processing of the personal data associated with the e-mail is for the sole purpose of processing the contact. This also constitutes the necessary legitimate interest in the processing of the data.

 

5.4. Storage duration 

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is usually the case after the enquiry has been answered, provided that there are no statutory retention periods.

 

5.5. Option to object

You have the option to object to the storage of your personal data at any time, with effect for the future. You can do this either by post (see above for address) or via e-mail (see above). If you do this, your data will be deleted and the conversation cannot be continued. Insofar as statutory retention periods exist, these remain unaffected by this.


6. User access for customer portal functions

6.1. Description and scope of the data processing

Hochland customers and their employees have the option of using the customer portal functions of hochland.io. This requires them to provide the following data to us:

  • Title

  • Name

  • Company

  • Position/role in the company

  • Business phone number

  • Business e-mail address

We will then create a personal user account for you and send you a registration link by e-mail, which you can use to choose your password and verify your e-mail address. Your data will be stored in Storyblok (see Point 7) for as long as the user account exists.

 

6.2. Legal basis for the data processing

The legal basis for processing personal data in order to create a user account is Art. 6 para.  1 clause 1 (f) of the GDPR.

The legal basis for processing the personal data of registered users is your voluntary consent in accordance with Art. 6 para. 1, clause 1 (a) of the GDPR.

By registering, you also consent to us documenting and analysing your user behaviour as part of your use of customer portal functions (login to hochland.io, reading e-mail notifications). Your consent granted in this context also extends to the other services used (see Points 7, 8 and 9).

 

6.3. Purpose of the data processing 

Data processing is done for the purpose of simplifying business processes.  The customer portal gives the customer the option to access all relevant data relating to the business relationship (e.g. orders, products, invoices, etc.) in a bundled form.

 

6.4  Storage duration 

The data is generally stored for as long as the user account exists. The data will be deleted immediately after the user account has been deleted. You can have us delete your user account by sending us an e-mail message to that effect.

 

6.5. Revocation option

Registered persons are free at any time to revoke their consent to data processing in the customer portal. To do this, please use the "Revoke consent" button in the "My data" section. Your user account will then be deleted immediately.

 

7. Storyblok

7.1. Description and scope of the data processing

We use Storyblok as a content management system for hochland.io to store and manage both your user data sent to us (see Point 6.) and other non-personal content such as order data, invoice data and item data. Once the data described in Point 6 has been saved, it will be processed as part of the use of the customer portal functions of hochland.io in order to create a personalised registration link for you. The data is also used to display customised content and to check authorisations for the display of customer-specific information.

 

7.2. Legal basis for the data processing

The legal basis for processing the personal data is our legitimate interest in accordance with Art. 6 para. 1, clause 1 (f) of the DSGVO, as this is essential for provision of the access option (see Point 6) and the provision of content relevant to you (orders, product data, etc.) and at the same time we can protect customer-specific content from unauthorised access.


7.3. Purpose of the data processing 

Data storage serves to provide a personalised registration option and to control the display of website content in accordance with the user's individual authorisations. Our legitimate interest also lies in the aforementioned points.

 

7.4  Storage duration 

The data is generally stored for as long as the user account exists. The data will be deleted immediately after the user account has been deleted. Possible statutory retention periods remain unaffected by this.

 

7.5. Option to object

The collection of data for the provision of the registration option is mandatory for access to customer portal functionalities. It is not possible to use the customer portal if you wish to object to this data processing.

 

8. Amazon Web Services (AWS)

8.1. Description and scope of the data processing

We use Amazon Web Services (AWS) to provide the website and all customer portal functionalities. Various services of the provider are used for this purpose, which process personal data to varying degrees:

  •  AWS Cognito: Processing & storage of the e-mail address and a user ID for user authentication (registration/login) for customer portal functions

  • AWS Lambda: Processing of all user information (see point 6.) as part of the authorisation check for displaying customer portal content; no permanent storage.

  • AWS S3: Cloud storage for the provision of business-relevant documents that may contain personal data.

  • Cloudfront: Processing of the IP address as part of the fast, globally-decentralised provision of website content and protection against DDoS attacks and other attacks on our infrastructure; no permanent storage.

  • DynamoDB: Processing & storage of personal login events and opening events for e-mail notifications sent for analysis purposes and storage of the e-mail address for enquiries within the scope of the customer portal functionalities, such as the sending of orders or complaints.

  • Amazon SES: Processing of the e-mail address to send e-mail notifications for certain customer-specific events, such as an order confirmation or notification of new, retrievable documents in the customer portal; no permanent storage.

  • Amazon SNS: Processing of the e-mail address and opening data in the context of sending e-mail notifications to registered users. We use what are known as tracking pixels within the e-mail notifications sent to measure whether/when a user has opened a notification.

  • Cloudwatch: Processing of the user's IP address as part of real-time monitoring of the functionality and stability of all customer portal functions.

 

8.2. Legal basis for the data processing

When the aforementioned tools (AWS Cognito, DynamoDB, Amazon SES, Amazon SNS) are used to analyse user behaviour data, the legal basis for the processing of your personal data is your voluntary consent in accordance with Art. 6 para. 1, clause 1 (a) of the GDPR, and § 25 para. 1, clause 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in the context of registration for the customer portal functions.

In the case of the use of the aforementioned tools to provide you with the fastest and most stable user experience possible when using hochland.io and to protect both our and your data from unauthorised persons (Cloudfront, Cloudwatch, AWS Cognito), the legal basis for the processing of your personal data is our legitimate interest in accordance with Art. 6 para. 1, clause 1 (f) of the GDPR.

If the aforementioned tools are used to process personal data required for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1, clause 1 (b) of the GDPR serves as the legal basis. This also applies to processing steps that are necessary for the implementation of pre-contractual measures. This particularly applies to user data that must be (temporarily) stored as part of the use of customer portal functionalities such as orders or complaints (DynamoDB).

 

8.3. Purpose of the data processing 

The data processed by Amazon Web Services is used for various purposes, essentially:

  •  The provision of a website that can be operated quickly and a user experience that is as stable as possible without interruptions (Cloudfront, Cloudwatch)

  • Authentication of users to control access to customer portal functions (AWS Cognito)

  • The provision of customer portal functions in the context of business activities with the respective user's company, e.g. for sending orders or complaints (DynamoDB, Amazon SES, Amazon SNS, AWS Lambda)

  • The further development of customer portal functionalities through specific user behaviour data within hochland.io (DynamoDB) and in the context of e-mail notifications (AmazonSNS, DynamoDB)

 

8.4  Storage duration 

Data in Cloudwatch is stored for a period of 30 days and is then deleted. All other data, insofar as the respective services keep it at all (for a description, see 8.1 in each case), is generally stored for as long as the user account exists. Data relating to business transactions (orders, complaints, etc.) may be stored for longer if there are statutory retention periods.

 

8.5. Option to object

Data collection for the provision of the website (Cloudfront) and data storage in log files (Cloudwatch) are absolutely essential for website operation. If you wish to object to this data processing, it is not possible to use the website and we ask you to exit it.

 

8.6. Revocation option

Registered persons are free at any time to withdraw their consent to data processing in the context of customer portal functions (AWS Cognito, DynamoDB, Amazon SES, Amazon SNS and AWS Lambda). To do this, please use the "Revoke consent" button in the "My data" section. Your user account will then be deleted immediately and with it any data remaining within Amazon Web Services. Please note that personal data might not be deleted if statutory retention periods apply.

  

9. etracker – cookieless version

9.1. Description and scope of the data processing

If you have registered to use the customer portal functions, we use the cookieless version of etracker to analyse user behaviour. The software uses the website data from web servers, which is sent by default every time a page is accessed, and enriches it on the part of Hochland with existing information about the user. The following data is processed when the site is accessed:

  •  The abbreviated IP address

  • Information about the terminal device, operating system and browser used

  • Geo-information up to city level

  • The accessed URL with the corresponding page title and optional information on the page content

  • The website from which the accessed individual page was opened (referrer site)

  • The subsequent pages that were opened from the accessed website within a single website

  • Time spent on the website

  • Other interactions (clicks) on the website, such as search terms entered or videos viewed 

  • User ID number (UUID) for hochland.io

  • Company

  • Customer segment

  • Role/function

 

9.2. Legal basis for the data processing

The legal basis for processing your personal data is your legitimate interest in accordance with Art. 6 para. 1, clause 1 (a) of the GDPR, and § 25 para. 1, clause 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG) in the context of registration for the customer portal functions.

 

9.3. Purpose of the data processing 

The use of etracker and the corresponding enrichment of your personal data with further information enables us to get to know the surfing behaviour of our users better in order to constantly improve our website and its ease of use.

 

9.4  Storage duration 

The IP address is directly anonymised. Pseudonymised recognition of the user by means of an assigned hash value is possible for as long as the user account exists (see Point 6).

 

9.5. Revocation option

Consent to data collection and storage can be revoked at any time with effect for the future. Please use the revocation option in the customer account under "My data". This does not affect the legality of the processing done on the basis of the consent up until the time of revocation.

 

10. Usercentrics Consent Management platform

10.1. Description and scope of the data processing

We use the Usercentrics Consent Management Tool from Usercentrics GmbH (Sendlinger Straße 7, 80331 Munich, Germany) on our website. This is a service for managing your voluntary consents that you can grant as part of the services we use, which we use independently of your consent for registration in the customer portal. When you access our website for the first time and each time thereafter, our consent banner will be displayed if there has been any change to the data processing operations that require consent. In the consent banner, you have the option of voluntarily agreeing that we may place certain cookies and subsequently process your data for the purpose of further developing and improving our website. Our cookie consent tool also provides you with information about exactly which cookies we use.

The following data of yours will be processed in this context:

  • Opt-in and opt-out data

  • Consent ID

  • Time of consent

  • Consent type

  • Referrer URL

  • User settings

  • Template version

  • Banner language

 

10.2. Legal basis for the data processing

The legal basis for the processing of your personal data is the fulfilment of our legal obligation regarding the obtaining of consent and its verifiability in accordance with Art. 6 para. 1, clause 1 (c) of the GDPR.

 

10.3. Purpose of the data processing 

The purpose of using Usercentrics is to manage your consents and to be able to prove our compliance with legal requirements.

 

10.4  Storage duration 

The consent data is stored for three years and is then deleted immediately.

 

11. Hotjar

11.1. Description and scope of the data processing

On our website we use the cookie analysis version of Hotjar (Hotjar Limited, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta). A cookie will be placed on your computer if you give your consent to this. Cookies are small text files that are stored by the internet browser on the user's terminal device. The following data of yours is then processed:

  • The abbreviated IP address

  • Information about the terminal device, operating system and browser used

  • The accessed URL and domain

  • The size of the terminal device screen used

  • Geo-information pertaining to the country of origin

  • Language settings used

  • Date and time of access

  • Responses to surveys

  • E-mail address (if desired by the user)

 

11.2. Legal basis for the data processing

The legal basis for processing your personal data is your legitimate interest in accordance with Art. 6 para.  1 clause 1 (a) of the GDPR, and § 25 para. 1, clause 1 of the German Telecommunications and Telemedia Data Protection Act (TTDSG).

 

11.3. Purpose of the data processing 

We use Hotjar to offer our users the opportunity to give us feedback on the user experience on our website.

 

11.4  Storage duration 

The IP address is directly anonymised. The cookies placed are deleted after a maximum storage duration of 12 months. The statistics produced from the analyses are merely aggregated reports that cannot be assigned to any individual.

 

11.5. Revocation option

You can revoke your consent at any time with effect for the future. Your revocation has no negative consequences for you. To do this, go to the cookie consent tool and move the slider in the "Hotjar" section to the left. We will then no longer use Hotjar for you.

 

12. Place of data processing / transfer to third countries

Data is normally stored within the EU.

 

13. Automated decision-making / profiling

There is no automated decision-making, including profiling in accordance with Art. 22 of the GDPR, when you visit this website.

 

14. Recipients or categories of recipients

We use the agency diva-e NEXT GmbH (Mälzerstraße 3, 07745 Jena, Germany) to host our website, to provide the customer portal and for technical support. In this context, a contract exists for order processing (Art. 28 para. 3, 4 of the GDPR).

Amazon Web Services, Inc. with server location in Frankfurt am Main is used as subcontractor. For the use of AWS, a contract exists for order processing (Art. 28 para. 3, 4 of the GDPR)

We use the service provider Usercentrics GmbH (Sendlinger Str. 7, 80331 Munich, Germany) for our consent management tool. With this company, we have concluded a contract for order processing (Art. 28 para. 3, 4 of the GDPR).

A product of Storyblok GmbH (Peter-Behrens-Platz 2, 4020 Linz, Austria) is used as the content management system for maintaining the content of the website and customer portal.. In this context, a contract exists for order processing (Art. 28 para.  3, 4 of the GDPR).

In addition, etracker GmbH (Erste Brunnenstraße 1, 20459 Hamburg, Germany) and, if applicable, Hotjar Ltd (Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta) receive access to data to the extent described above.

Another Hochland company may have access to your e-mail enquiry if it relates to another company.

In addition, your personal data may be forwarded to law enforcement authorities if this is necessary to clarify any unlawful use of our services or for legal proceedings. However, this only occurs if there are concrete indications of unlawful or improper behaviour. There may also be disclosure for law enforcement purposes. We also have a legal obligation to provide information to certain public bodies on request. These are law enforcement authorities, authorities that prosecute administrative offences subject to fines and the tax authorities.

 

15. Your rights as a data subject

15.1. Right to be informed

You have the right to request information from us about your personal data processed by us within the scope of Art. 15 of the GDPR. To do this, you can submit an application by post or e-mail to the addresses given above.

 

15.2. Right to rectification of incorrect data

You have the right to demand that we immediately rectify inaccurate personal data that relates to you (Art. 16 of the GDPR). To do this, please use the contact addresses given above.

 

15.3. Right to deletion

You have the right to the immediate erasure of personal data that relates to you insofar as the legal grounds in accordance with Art. 17 of the GDPR apply. This is the case, for example, if the personal data is no longer necessary for the purposes for which it was originally processed or if you have withdrawn your consent and there is no other legal basis for the processing. To assert your aforementioned right, please contact us at the addresses given above.

 

15.4. Right to the limitation of processing

You have the right to the limitation of processing if the conditions are met and in accordance with Art. 18 of the GDPR. Accordingly, the limitation of processing may in particular be necessary if the processing is unlawful and you decline deletion of your personal data and instead request that the use of your personal data be limited. To assert your aforementioned right, please contact us at the addresses given above.

 

15.5. Right to data portability

You have the right to data portability in accordance with Art. 20 of the GDPR. You have the right to receive the data concerning you and that you have provided to us in a commonly-used, structured and machine-readable format, and to send that data to another controller such as another service provider. The prerequisite for this is that the processing is based on consent or on a contract and is carried out using automated procedures. To assert your aforementioned right, please contact us at the addresses given above.

 

15.6. Right of objection

According to Art. 21 of the GDPR and on grounds relating to your particular situation, you have the right to object at any time to the processing of personal data that relates to you and which is based, inter alia, on Article 6 para. 1, clause 1 (e) or (f) of the GDPR. You can also object to profiling. We will then cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending against legal claims. To assert your aforementioned right, please contact us at the addresses given above.

 

15.7. Right to complain to a supervisory authority

If you believe that processing by us of personal data relating to you is unauthorised, you have the right to lodge a complaint with the supervisory authority responsible for us, and which you can contact as follows:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany. Phone: +49 (0) 981 180093-0, e-mail: poststelle@lda.bayern.de

 

16. Changes to the data protection information

We will revise this data protection information if changes are made to this website or if there are other reasons that make it necessary to do so. The current version can always be found on this website.

 

Current as of 02/2024

adjustmentsannotationarchivearrow-circle-downarrow-circle-leftarrow-circle-rightarrow-circle-uparrow-downarrow-leftarrow-narrow-downarrow-narrow-leftarrow-narrow-rightarrow-narrow-uparrow-rightarrow-upat-symbolbadge-checkbanbellbook-openbookmark-altbookmarkbriefcasecalendarcameracashchart-barchart-piechart-square-barchat-alt-2chat-altchatcheck-circlecheckcheveron-downcheveron-leftcheveron-rightcheveron-upclipboard-checkclipboard-copyclipboard-listclipboardclockcloud-downloadcloud-uploadcodecogcollectioncolor-swatchcredit-cardcurrency-dollarcurrency-eurocurrency-poundcurrency-rupeecurrency-yencursor-clickdesktop-computerdocument-adddocument-downloaddocument-duplicatedocument-removedocument-reportdocumentdots-circle-horizontaldots-horizontaldots-verticaldownloadduplicateemoji-happyemoji-sadexclamation-circleexclamationexternal-linkeye-offeyefilterflagfolderglobe-altglobehashtaghearthomeinbox-ininboxinformation-circlekeylibrarylight-bulblightning-boltlinklocation-markerlock-closedlock-openlogoutmail-openmailmenu-alt-1menu-alt-2menu-alt-3menu-alt-4menumicrophoneminus-circlemoonnewspaperoffice-buildingpaper-clippausepencil-altpencilphone-incomingphone-outgoingphonephotographplayplus-circleplusprinterqrcodequestion-mark-circlereceipt-refundrefreshreplyscalesearchselectorshareshield-checkshield-exclamationshopping-cartsort-ascendingsort-descendingsparklesspeakerphonestarstopsunsupportswitch-horizontalswitch-verticaltagtemplateterminaltickettranslatetrashtrending-downtrending-upuploaduser-adduser-circleuser-groupuser-removeuserusersview-boardsview-grid-addview-listvolume-offvolume-upx-circlexzoom-inzoom-out