Data protection


Data protection

Data protection is important to us. As of 25.05.2018, the General Data Protection Regulation (DSGVO) is valid in all EU member states. With the information below, we would like to provide an overview of how we process your personal data.

Important: You do not have to take any action. This information solely serves to explain your rights as the affected party in the protection of your personal information.

HHAC Labor Dr. Heusler GmbH represented by the management board
Hindenburgstr. 33
76297 Stutensee

Tel: +49 7249 91302 0

HHAC Labor Dr. Heusler GmbH

3.1. General

  1. Contract initiation, accompaniment, fulfillment (Art. 6 para. 1 b DSGVO).
    In order to prepare and perform a contract (e.g. employment contract, service contract) with you, we need personal data from you. These are, for example, your name, your address/e-mail address and other data (e.g. to pay salary, to issue invoices, to settle invoices). We are allowed to process this data according to DSGVO. In addition, there are legal retention periods that we must adhere to.
  2. Data processing for legitimate interest (Art. 6 para. 1 f DSGVO).
    The legislator explicitly allows us to process further data for our legitimate interests. We do this for the following purposes, among others:

    • Assertion of legal claims
    • Defense in the event of legal disputes
  3. Data processing due to legal requirements (Art. 6 para. 1 c DSGVO).
    As a company, we are subject to various legal and official obligations (e.g., tax laws, commercial code) that require the processing of your data for legal compliance.

3.2. Visiting our website

Technical data is collected automatically as soon as you enter our website. The hosting services underlying this site are provided by Raidboxes® GmbH (Hafenstr. 32, 48153 Münster, Germany). Raidboxes® GmbH offers Software as a Service (SaaS) in the context of cloud hosting. Raidboxes® GmbH automatically collects and stores server log files with information that your browser transmits to Raidboxes® GmbH. These are: Browser type, operating system, referrer_URL, host name (IP address). Raidboxes® GmbH cannot assign this data to specific persons. A combination of this data with other data sources is not made. After a statistical evaluation, the data is deleted after 7 days at the latest. The access possibilities are limited only to necessary accesses, which are required for the fulfillment of the hosting services. Further information can be found in the privacy policy of Raidboxes® GmbH.

Essential cookies

You can only use our website if you have agreed to the essential cookies. The essential cookies ensure a smooth connection of the website.

Cookies from external media

Cookies from external media are blocked by default.

With your consent, we use the open source software Matomo to analyze and statistically evaluate the use of the website. Cookies are used for this purpose. The information about website usage obtained in this way is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data to evaluate the use of the website.

The processing of the data is based on Art. 6 para. 1 p. 1 lit. a DSGVO. 1 S. 1 lit. a DSGVO. We thereby pursue our legitimate interest in optimizing our website for our external presentation. You can revoke your consent at any time by deleting the cookies in your browser.

Contact form

When using the contact form, you provide us with your data yourself. We point out that data transmission on the Internet can have security gaps. A complete protection of data against access by third parties is not possible.

We protect our systems and website by technical and organizational measures against loss, destruction, access, modification or distribution by unauthorized persons.

Within our company, we disclose the data to any person who requires it to fulfill the contractual and legal obligations. We will only disclose your data to third parties if: we have an unambiguous legal basis for doing so; we are required to do so by law; you have given your consent; or if we are entitled to do so.

Weighing of interests

Transmissions on the basis of Article 6, paragraph 1 letter f DSGVO may only occur if they are required for the protection of our legitimate interests or those of third parties. In addition, our data protection officer verifies whether your interests or fundamental rights and freedoms prevail. If this is the case, the data will not be transmitted but remain with us.

Order processing
The lexoffice software is used to process accounting and document offers. For this purpose, the following personal data of interested parties, suppliers, customers and subcontractors are transmitted to the processor Haufe Service Center GmbH (Munzinger Straße 9, 79111 Freiburg): Name, (email) address, telephone number, function. The data processing agreement between HHAC and Haufe Service Center GmbH applies.

Your data will be initially processed from the time of collection, provided they are disclosed to us by you or a third party. We will delete your personal data when the contractual relationship with you has ended, all mutual claims have been settled, and there are no other statutory obligations or legal justifications for the storage.

Consenting to the processing of your data by us for a specific purpose (e.g., photos for marketing purposes) thereby makes the processing legal. You can revoke your consent at any time with effect for the future.

A transfer to third countries or international organizations does not currently take place.

No profiling takes place.

You have the following rights with regard to your personal data:

  • Right of access to your stored personal data in copy or in a common electronic format (Art. 15 DSGVO).
  • Right to rectification if the data stored concerning you is incorrect, outdated or otherwise inaccurate (Art. 16 DSGVO)
  • Right to erasure if the storage is inadmissible, the purpose of the processing is fulfilled and the storage is therefore no longer necessary or you have revoked a given consent to process certain personal data (Art. 17 DSGVO)
  • Right to restriction of processing if one of the conditions set out in Art. 18 (1)(a) to (d) DSGVO applies (Art. 18 DSGVO)
  • Right to transfer the personal data you have provided that concerns you (Art. 20 DSGVO)
  • Right to withdraw consent given, whereby the withdrawal does not affect the lawfulness of the processing carried out up to that point on the basis of the consent (Art. 7(3) DSGVO)
  • Right to lodge a complaint with a supervisory authority (Art. 77 DSGVO)

Where we process data to protect our legitimate interests, you have the right to object to such processing at any time on grounds relating to your particular situation. This also includes the right to object to processing for advertising purposes. To do so, please contact us directly at the above address of the responsible person for data processing.

We use Microsoft 365 and Microsoft Teams, to conduct our usual office communications as well as for conference calls, online meetings and/or video conferences. Online meetings are not recorded. If necessary for the purposes of logging the results of an online meeting, we will log chat content.

Microsoft 365 and Microsoft Teams are a service of Microsoft Ireland Operations, Ltd. and the Microsoft Customer Agreement applies to this. When using “Microsoft Teams”, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.

The following personal data are subject to processing:

User details: display name, e-mail address, profile picture (optional), preferred language.

Meeting metadata: e.g. date, time, meeting ID, phone number, location

Text, audio and video data: You have the option of using the chat function in an online meeting. In this case, the text entries you make are processed in order to display them in the online meeting. To enable the display of video and the playback of audio, data from the microphone of your terminal device and from a video camera of the terminal device are processed during the meeting. You can turn off or mute the camera or microphone yourself at any time through the “Microsoft Teams” applications.

We reserve the right to change the contents of this Privacy Policy at any time if this becomes necessary due to identified regulatory gaps, with regard to changes in the legal situation or due to practical necessities. The current data protection provision can always be viewed in the company or on the homepage.