Privacy Policy

21 July 2023

Introduction

This privacy policy explains how we collect and use personal data and describes your rights in relation to your personal data.

In accordance with Art. 4 no. 1. of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to only as "GDPR"), "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following data protection declaration, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or jointly with others on the purposes and means of the processing. In addition, we inform you below about the third-party components used by us for optimisation purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.

Click on "Purposes for which we process personal data" to learn more about the different purposes for which we process personal data:

  • Visitors to our website headmade-materials.de
  • Customers
  • Contact details in our Customer Relationship System (hereinafter CRM systems).
  • Participants in meetings, conferences, events and training sessions
  • Individuals who visit or use our social media websites, plugins and tools
  • Individuals who correspond with us via email
  • Job applicants
  • Suppliers
  • Visitors to our offices

If you have any questions regarding the processing of your personal data, please contact the responsible provider of this website in terms of data protection law:

Headmade Materials GmbH

Langhausstrasse 9

97294 Unterpleichfeld, Germany

E-mail: info@headmade-materials.de

What rights are covered by the privacy statement?

In this privacy statement, "personal data" means any information relating to an individual who is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier. Personal data also refers to one or more characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of a person.

It also includes special categories of personal data (special category data) that enable us to determine or infer an individual's identity:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic data
  • biometric data
  • physical or mental health or condition
  • sexual life or sexual orientation

and personal data relating to criminal convictions and offences.

Your rights in relation to personal data?

You have the following rights in relation to your personal data:

  • You have the right to access your personal data that we hold about you.
  • You can request the correction of your personal data, e.g. if it is incomplete or incorrect.
  • You can object to the sending of advertising communications at any time.
  • You may request that the processing of your personal data be restricted or stopped or that your personal data be deleted (in certain circumstances and in accordance with applicable law).
  • You have the right (in certain circumstances and in accordance with applicable law) to obtain a copy of the personal data you have provided to us in a structured, commonly used and machine-readable format (so-called data portability).
  • Where you have voluntarily provided personal data or otherwise consented to its use, you have the right to withdraw your consent.
  • You have the right to submit a complaint with a data protection authority (see section "Complaints").

If you have any questions or wish to exercise your rights, please contact us using the contact details provided in the introduction.

Complaints

If you suspect that we may have breached data protection or other laws, please contact us using the details provided in the introduction. We will investigate your complaint and inform you about the further procedure.

In addition, you have the right to lodge a complaint with the data protection authority in your country.

Purposes for which we process personal data

Visitors to our website headmade-materials.de

Personal data that we collect about you when you visit our website is allocated to different categories.

 

Information that you voluntarily provide

We collect personal data that you have voluntarily provided to us via our website or via other registration pages. This is the case, for example, when you fill in online forms to contact us or when you make downloads. Information collected in this way includes the following:

  • Name
  • Contact details including email address and telephone numbers
  • Demographic information, such as postcode
  • Information relevant to you in connection with the provision of our services to you
  • Other personal data that you voluntarily provide to us.

We do not specifically collect sensitive data unless you provide us with such data.

 

Information we collect automatically

When you visit our website, we automatically collect certain personal information from your device. In particular, the information we automatically collect includes information such as geographical location, browser type, navigation information, referral URL, performance data, information about how often the app is used, mobile apps data, domain names, pages viewed, aggregate usage, operating system version, internet service provider, IP address, device identifier, length of visit, access times, clickstream data, device model and version. By collecting this information, we can better understand which visitors come to our website, where they come from and what content on our website is of interest to them.

We use this information for our internal analysis purposes and to improve the quality and relevance of our website for our visitors. The information is collected using cookies and similar tracking technologies. Note that marketing/targeting cookies are disabled by default if the "Do Not Track" setting or the "Global Privacy Control" signal is enabled in your browser.

Our website uses Matomo (formerly PIWIK) to provide reporting, visualisation and analysis of data. Matomo processes the following types of personal data: Your IP address, the website(s) of our website that you visit, the website from which you linked to our website (referrer URL), the time you spend on our website and the frequency with which you visit one of our websites. We use Matomo with the anonymisation function "Automatically Anonymize Visitor IPs". This anonymisation function shortens your IP address by two bytes so that it is impossible to assign it to you or to the internet connection you used.

Our website also uses various social media plugins.

 

The purposes for which we process your personal data when you visit our website or use our marketing services include:

  • to manage our website, including confirming and authenticating your identity,
  • to analyse the data of visitors to our website and website traffic information.
  • to analyse newsletter campaigns using cookie-like analytics technologies (web beacons, also tracking pixels) that help us better target our marketing service, e.g. newsletters, to your personal and individual interests (contact profile) by individually measuring, storing and analysing open and click-through rates as well as reading time in combination with the personal contact details (e.g. name, company, etc.) and preferences you provide.
  • to collect web metrics about the user journey within our website.
  • to perform benchmarking and data analysis (e.g. in relation to the use of our website and demographic analysis of visitors to our website)
  • analyse the use of offers and features of our website
  • to monitor and ensure compliance with applicable terms of use
  • to enable the download of content and lead generation
  • to enable services and information to be delivered to you effectively
  • any other purposes for which you have provided information to us

The processing of personal data of visitors to our website and marketing service subscribers is based on the following legal grounds:

  • our legitimate interest in providing you with information and services effectively and in carrying out our business effectively and lawfully
  • our legitimate interest in further developing and optimising our website and your user experience
  • explicit consent of the visitor to marketing/service subscriptions.

 

Customers

When you engage us to sell products to you or provide services to you, we collect and use personal data where we have a legitimate business reason in connection with those services.

Most of the personal data we collect and use to provide our services is voluntarily provided to us by our customers. Therefore, if you are our customer, you will take it for granted that we will collect and use your personal information. This information may include:

  • basic information such as your name, the company you work for and your position.
  • contact details such as your postal address, email address and telephone numbers
  • any other personal information about you or third parties that you provide to us for the purposes of providing our services

We use this information for the following purposes:

  • selling products or providing services to you
  • managing our relationship with you and maintaining contractual relationships
  • accounting and tax purposes
  • Marketing and business development
  • Compliance with our legal and regulatory obligations
  • assertion, exercise or defence of legal claims
  • historical and statistical purposes.

We also process identification and background information as part of our customer acceptance, financial, administrative and marketing processes including anti-money laundering, sanctions checks, reputational and financial audits and to comply with any other legal or regulatory requirements to which we are subject.

Verifications may include the following:

  • Identity verification: proof of name and address.
  • Ultimate beneficial owner of companies and other legal persons.
  • Anti-money laundering, proceeds of crime and terrorist financing checks
  • Verification of Politically Exposed Persons (PEP): Persons with important functions in government, the judiciary, the court system, central banks, embassies, the military and state-owned enterprises, including their family members and close associates
  • Screening for undesirable media coverage
  • Review of government sanctions lists

These checks are carried out due to legal, regulatory or business requirements and must be repeated as part of our mandate. As part of these checks, we will need to process special category data (e.g. to determine whether you are a politically exposed person or to collect information about criminal convictions where required under anti-money laundering laws). It is important that you provide us with all necessary information and documents as this will impact on our performance in providing services to you.

The processing of personal data of our clients is based on the following legal bases:

  • Fulfilment of a contract
  • compliance with legal or regulatory obligation
  • our legitimate interest in providing integrated, consistent and high quality services to you and in ensuring prompt payment of any charges, costs and liabilities relating to our services
  • our legitimate interest in preventing us from becoming inadvertently involved in money laundering activities or other illegal or fraudulent activities (e.g. terrorism)

 

Contact Data in our Customer Relationship System (hereinafter CRM Systems)

We process personal data about business contacts (former, existing and potential customers and people employed by or otherwise associated with those customers s in our CRM systems. Contacts stored in our CRM systems receive newsletters, marketing materials, training offers, surveys and invitations to events.

We process the following categories of personal data in our CRM systems:

  • Name, job title, address, email address, telephone numbers.
  • Name of employer or company with which the individual is associated
  • Marketing preferences
  • Responses to invitations and confirmations of attendance at events.

We do not specifically collect sensitive data unless you provide us with such data.

If you have opted out of receiving future information, publications or invitations, your data will be deleted from our CRM system. In the CRM systems, your basic contact data is transferred to the opt-out list to avoid automatic re-creation (e.g. due to an existing mandate relationship).

The processing of personal data of (business) contacts is based on the following legal grounds:

  • explicit consent of the contact
  • our legitimate interest (provision of service) to maintain the relationship with our business contacts and to provide information about us, our products and services and the events we run

 

Participants in meetings, conferences, events and trainings

We process personal data of participants in meetings, conferences, events and trainings organised by us.

As part of our event management, we process the following personal data (but only to the extent necessary for the event in question):

  • name, age or date of birth
  • Client employee details (home address, office address and business information)
  • Credit or debit card number
  • Client information (residence, office address and business information)
  • E-mail address
  • Gender
  • Place of residence or other location
  • Job title
  • telephone numbers
  • event-related data such as dietary restrictions or special requirements, registration status, participant status/type, participation in media interviews, previous experience with the event, arrival time/departure time, check-in/check-out time at the hotel, flight information (airline, arrival and departure dates)

We do not specifically collect sensitive data unless you provide us with such data (e.g. special dietary needs that reveal your religious affiliation or any food intolerances or other health-related data that may be required to assist you, e.g. provision of a wheelchair).

We have the right to take photographs and audio and video recordings in the public areas of our events. We use these media in our marketing materials. The image and audio recordings of event participants will be stored. They are edited, copied, exhibited, published or distributed.

The processing of personal data of event participants is based on the following legal grounds:

  • explicit consent of the participant
  • our legitimate interest in running events and managing the registration process for such events
  • our legitimate interest in providing information about us, our services and the events we organise

 

People who visit or use our social media websites, plugins and tools

We use various social media platforms, e.g. for recruitment or marketing purposes. We use social media to inform about job vacancies and events, to present our products and services and to increase awareness of our brand.

We are responsible for the content we publish via social media platforms, but not for the administration of the social media platforms (e.g. for the creation of user statistics or the placement of cookies). By using the social media platforms, you agree to comply with the legal and data protection provisions of the providers of these platforms. These providers collect personal data about you, including data about your use of the social media platforms, which is used to compile statistics and analyses. This includes, for example, a list of the pages you have accessed, your "likes", recent visits and posts you have published or posts you found interesting. If you want to access this data or exercise any of your other rights (e.g. the right to object to the processing of your data), you should contact the social media platform provider. Some social media platform providers provide us with aggregated data relevant to our websites, such as the number of "likes" clicked in relation to our content or the number of posts, visitors to our websites, photos downloaded or links clicked.

We implement so-called plugins on our website. When you access a website that displays one or more such buttons, your browser establishes a direct connection to the corresponding social network server and loads the buttons from there. At the same time, the social media operator is informed that the relevant page of the website has been accessed. We have no influence on what data is collected by the social media operators with the help of the buttons. To avoid this, please log out of your social media accounts before visiting our website. Social media operators also use cookies, unless you have deactivated the acceptance and storage of cookies in your browser settings.

 

Facebook plugins

Our website contains plugins for the social network Facebook. The Facebook plugins are recognisable by the Facebook logo.

When you visit our website, a direct connection is established between your server and the Facebook server via the plugin. This tells Facebook that you have accessed our website from your IP address. In this way, Facebook can assign accesses to our website to your user account. If you are not yet logged into your Facebook account, clicking on a Facebook button will take you to the Facebook login page where you can enter your login details. We would like to point out that we are not aware of the content of the data transmitted to Facebook or how Facebook uses this data. For further information, please refer to Facebook's privacy policy (https://www.facebook.com/policy.php).

 

Instagram-Plugin

Functions of the Instagram service are integrated into our website.

If you are logged into your Instagram account, you can click the Instagram button to link the content of our website to your Instagram profile. In this way, Instagram can assign access to our website to your user account. If you are not already logged into your Instagram account, you can click on an Instagram button to display the Instagram login screen and enter your access data. We expressly point out that we do not receive any information about the content of the transmitted data or its use by Instagram. For more information, see Instagram´s private policy

(https://help.instagram.com/519522125107875)

 

YouTube plugins

Our website uses plugins of the video portal YouTube operated by Google.

When you call up one of our web pages that contains a YouTube plugin, a connection is established to the YouTube servers. The YouTube server receives information about which web pages you have accessed.

If you are logged into your YouTube account, you have the option of linking your browsing behaviour directly to your personal profile. You can avoid this by logging out of your YouTube account. If you are not already logged in to your YouTube account, you can click on a YouTube button to display the YouTube login screen and enter your login details. For more information, see Google's privacy policy (https://policies.google.com/privacy).

 

LinkedIn plugins

Our website contains plugins for the social network LinkedIn. The LinkedIn plugins are recognisable by the LinkedIn logo.

When you visit our website, a direct connection is established between your server and the LinkedIn server via the plugin. This tells LinkedIn that you have accessed our website from your IP address. In this way, LinkedIn can assign accesses to our website to your user account. If you are not yet logged into your LinkedIn account, clicking on a LinkedIn button will display the LinkedIn login page for you to enter your login data. We would like to point out that we are not aware of the content of the data transmitted to LinkedIn or how LinkedIn uses this data. For more information, please see LinkedIn's privacy policy (https://www.linkedin.com/legal/privacy-policy).

 

People who correspond with us by email

We use various tools to ensure the security of our IT infrastructure, including our email systems. Examples of these tools include:

  • systems that scan incoming emails addressed to our recipients for suspicious attachments and URLs to prevent malware attacks
  • tools that provide endpoint threat detection to detect malicious attacks
  • Tools that block specific content or websites

When you correspond by email with one of our recipients, your emails are scanned by the tools we use to ensure the security of our IT infrastructure. This could result in content being read by staff authorised by us who are not the same as the intended recipient.

The processing of personal data of individuals who correspond with us by email is based on the following legal grounds:

  • our legitimate interest in protecting our IT infrastructure against unauthorised access or data loss
  • our legitimate interest in analysing email traffic

 

Job applicants

In connection with job postings, we collect information from and about applicants. In general, the information we collect about our job applicants includes CVs, identity documents, academic records, employment history, employment details and references.

We use your personal data to match your skills, experience and education with the respective positions we offer. This information will be shared with the relevant HR department and those involved in the recruitment process to determine whether you should be invited for an interview. If you are invited for an interview (or similar presentation), we will collect additional information. This information includes records from the interview, assessment results, feedback and offer details.

In connection with our recruitment activities, including applications and induction, we also collect special category data from candidates that we are required to collect under employment law. For example, where permitted by law, we will collect information about an individual's health limitations in order to analyse the diversity of our workforce.

However, where a candidate does not voluntarily provide us with such information, we may be required by law to verify these criteria ourselves.

We collect personal data about candidates ("you", "you" or "your") from the following sources:

  • directly from you - for example, information you provide to us when you apply for a job directly through our job portal
  • from recruitment agencies - e.g. when a recruitment agency contacts us to suggest you as a potential candidate
  • via publicly available online sources - e.g. if you have published your professional profile online (e.g. on your current employer's website or on a professional networking website like LinkedIn)
  • through recommendation - e.g. through a recommendation from a former employee or employer, or from a reference you have nominated
  • Background check results

 

The processing of personal data of job applicants is based on the following legal bases:

  • express consent of the applicant
  • our legitimate interest in seeking, identifying and attracting talent
  • Our legitimate interest to process and administer applications for positions - including the screening and selection of applicants
  • Our legitimate interests in hiring and retaining applicants by making a job offer to successful candidates and conducting pre-interview checks
  • our legitimate interest in administering our job portals (including performing statistical analysis)
  • To comply with legal or regulatory obligations (when conducting background checks to ensure an applicant’s ability to work)

 

Suppliers

We process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and contractors) in order to manage our relationship and contracts and to receive services from our suppliers.

The personal data that we process is generally limited to contact information (name, employer name, phone numbers, email address and other contact information) and financial information (payment-related information).

Before we engage a new supplier, we also conduct background checks (e.g. checks for negative reporting, bribery and corruption and other white-collar crime) required by law or government agencies.

The processing of personal data from suppliers is based on the following legal bases:

  • Performance of a contract
  • Compliance with legal or regulatory obligations
  • our legitimate interest in administering payments
  • our legitimate interest in preventing us from being inadvertently involved in money laundering activities or other illegal or fraudulent activities (e.g. terrorism).

 

Visitors to our branches

When you visit one of our offices, we process your personal data in order to provide you with certain functions (e.g. access to our buildings and conference rooms or Wi-Fi), to control access to our buildings and to monitor our business premises, employees, belongings and protect confidential information (e.g. by using video surveillance).

The personal data we collect about you is usually limited to your name, contact details, location and the time you entered and left our premises.

 

WiFi

We monitor and log traffic on our Wi-Fi networks. This allows us to collect limited information about a user's network behavior, but also includes the ability to see at least the source and destination addresses to which the user is connecting.

 

Video surveillance

We use video surveillance systems where permitted by law. For more information about the processing of personal data in the context of video surveillance, refer to the local relevant information.

The processing of personal data of our visitors is based on the following legal bases:

  • Our legitimate interest in protecting our business premises, employees, property and confidential information
  • Our legitimate interest in preventing and detecting criminal acts and asserting, exercising and defending legal claims
Service Provider

We transmit or transfer the personal data we collect to third party providers (and their subsidiaries and affiliates) when they are engaged by us to support our internal processes. For example, we commission service providers to provide, operate and support our IT infrastructure (e.g. identity management, hosting, back-ups, security and cloud storage services).

As a matter of policy, we only work with third-party service providers who ensure an adequate level of data protection, security and confidentiality and who comply with all applicable legal requirements for the transfer of personal data outside of the country in which it was originally collected.

Other Information

We disclose your personal data in the following cases:

  • where appropriate, for the purposes described in the “Purposes for which we process personal data” section
  • where required by applicable law
  • in connection with a reorganization or merger of our organization with another organization
  • when we believe that such disclosure is appropriate to enforce or apply terms of engagement and other agreements or otherwise protect and defend our rights, property or safety
  • to comply with a judicial proceeding, court order, or other legal obligation, or governmental or governmental inquiry; or
  • with your consent

In particular, we would like to point out that in certain jurisdictions we are required by law to report suspicious transactions and other activities in the context of anti-money laundering or export restrictions to the relevant supervisory authorities.

Recipients of personal data from third parties include:

  • professional advisers, such as law firms, accountants or accountants
  • Insurance companies
  • Tax, customs and excise authorities
  • Regulatory bodies and other professional bodies
  • Stock exchange and listing authorities
  • public registers of managing and holding companies
  • Providers of identity verification services
  • Credit reporting agencies
  • Courts, police and law enforcement agencies
  • Ministries and authorities
  • Service Provider
Updating of your personal information

We ensure that the personal data we store is always complete and correct. It is important that you inform us of any changes to your contact details or other personal information so that we always have the most up-to-date information about you. Please get in touch with your contact person, who is normally responsible for you at our company, or with our data protection contact mentioned at the beginning.

Data Storage

In principle, we only store personal data for as long as is necessary for the purposes described in the “Purposes for which we process personal data” section. Please note that retention periods vary from country to country and are determined according to local legal retention requirements.

In order to comply with our legal requirements, to establish, exercise or defend our legal rights, and for archiving and tracking purposes, we need to retain information for a longer period of time. The duration of the statutory retention periods can result, for example, from the following laws HGB, AO or GwG. The retention periods vary in length and usually cover a period of six to ten years; in justified individual cases (e.g. receipt of evidence), the retention period can also be longer (e.g. in the case of limitation periods of up to 30 years; the regular limitation period being three years). If the data concerned is subject to different retention periods, the longest retention period applies.

Minors

Our website is not intended for use by minors under the age of 16. We do not knowingly collect, disclose or sell the personal information of minors under the age of 16. If you are under the age of 16, please do not provide any personal information, even if asked to do so. If you think that you have inadvertently provided personal information, ask your parent or guardian to let us know and we will delete your personal information.

Modification of this privacy policy

We will update this privacy statement from time to time to reflect changes in our practices and services. When changes are made to this privacy statement, the date at the top of this statement, which indicates the last update, will also be changed. We encourage you to visit this website from time to time to learn about changes to this privacy policy.