Privacy Policy / Overview of data protection

1. SCOPE OF APPLICATION
Hochrainer GmbH ("Hochrainer", "us" or "we") is committed to protecting your Personal Data (as defined below). With this privacy notice we would like to inform data subjects ("you", "customer" or "user") in detail about how we process their Personal Data.
Personal Data is any information that directly or indirectly identifies a natural person or is able to make such person identifiable ("Personal Data"). In particular a person can be identified for instance by reference to an identifier such as a name, an identification number, location data or by reference to factors specific to the physical, physiological, economic or cultural identity of that person.
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data. There is no difference whether the operation is done by automated means or not. Processing can be for instance the collection, recording, organization, structuring, storage, adaption or alteration, consultation, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.
This privacy notice applies to the use of your Personal Data when you visit our website available at hochrainer.com and in case you contact us by mail, e-mail or telephone.

2. Data Controller
We are responsible for the processing of Personal Data described in this privacy notice. This means Hochrainer GmbH determines and is responsible for how your Personal Data is processed. In case of any question related to data protection, you can reach out to:Post:  
Hochrainer GmbH
Pommernstraße 4, 83395 Freilassing
Germany
E-Mail: datenschutz@hochrainer.com

3. Data Protection Officer
We have appointed a data protection officer who can be contacted with respect to data protection under the contact details above or directly under
E-Mail: datenschutz@hochrainer.com

4. How We Collect Your Personal Data
We collect and process various Personal Data from you depending on the specific processing situations.

  • When you use our Website or interact with our emails. When you use our Website or receive, open or otherwise interact with our emails, we may collect log data. Such data includes your internet protocol (IP) address, operating system, browser details such as type, ID, and configuration, unique identifiers, device type and version, the referring URL, date/time of your visit, the time you spent on our Services and any errors that may occur during your visit to our Services.
  • Log Data and Analytics Data. We may also process your internet protocol (IP) address, operating system, browser details such as type, ID, and configuration, unique identifiers, device type and version, the referring URL, date/time of your usage, the time you spent on our website and any errors that may occur during your visit to our website. We may also process the electronic path you take to our website, through our website and when exiting our website, as well as your usage and activity on our website, such as the time zone, activity information (first and last active date and time), usage history ([please specify]).
  • Communications. When you contact us through any method of communications, including for “Support” functions or you request a demo of our services, we may collect your name, email address, mailing address, phone number, account ID, type of inquiry, or any other personal information you choose to provide to us, such as how many contacts you have/your company has, and meeting dates and times.

In most cases, Personal Data is collected from you directly, for example by visiting our website or using the services offered, or the possibility to contact us by e-mail. As is true for most digital platforms, we and our third-party providers collect data automatically when you use our services.
We may also receive Personal Data from business partners, to whom you have given permission to share Personal Data with us.
In some cases, we may also collect data from third parties, for example when a friend sends you an invitation to our website.
You will find detailed information about the processing situations and the respective Personal Data, legal basis, purposes and duration of the processing in Annex 1 below.

5. Purposes and Legal Basis for the Processing of Your Personal Data
The purposes and legal basis for the processing of your Personal Data may vary from case to case. In general, we process your Personal Data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the German Federal Data Protection Act (Bundesdatenschutzgesetz) ("BDSG") for the following purposes and legal basis:

  1. For the Performance of a Contract
    We may process your Personal Data to fulfill contractual or quasi-contractual obligations, to enter into an agreement, for example to provide services, to support current customers, or to answer questions. The legal basis for the processing is Art. 6 (1) lit. b GDPR.
  2. To be in Compliance with Legal Obligations
    To the extent that we are subject to legal obligations, for the compliance of which the processing of your Personal Data is necessary, we process your Personal Data on the basis of these legal obligations (for instance a legal obligation to retain data). The legal basis for the processing is Art. 6 (1) lit. c GDPR.
  3. Based on Our Legitimate Interests
    We also process your Personal Data to pursue our legitimate interests (such as our legal or economic interests), unless your conflicting interests or fundamental rights and freedoms, which require the protection of your Personal Data prevail. The legal basis for the processing is Art. 6 (1) lit. f GDPR.
  4. Based on Your Consent
    In certain limited circumstances, we may process your Personal Data based on your consent. If we need your consent, we will notify you of the Personal Data we intend to use and how we use it. You do not have to give your consent. Where you have granted us your consent to collect, use or disclose your personal data in a certain way, you have the right to withdraw your consent at any time with effect for the future. Please note that neither the refusal nor the withdrawal of your consent will have negative consequences for you, however, we may not be able to render a specific service.
    For example, your consent may relate to the transfer of Personal Date to other companies, the evaluation of your Personal Data for targeted advertising activities or for sending of communication. The legal basis for your consent is Art. 6 (1) lit. a GDPR.

6.How Long Do We Store Your Personal Data?
Personal Data will be retained only for as long as necessary for the fulfillment of the purposes for which it was collected, including the purposes of our legitimate interests, or according to statutory retention and documentation obligations.
Statutory retention and documentation obligations are usually between two and ten years and result, for instance from § 147 the German Fiscal Code (Abgabenordnung) or § 257 German Commercial Code (Handelsgesetzbuch).
Upon request, we may delete the data collected and stored for our websites’ usage. We will do this ourselves and within certain set time periods, unless we have a particular interest in continuing storage for individual cases, for example cyberattacks.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and the applicable legal requirements.
Insofar as a longer retention period is required by statutory retention and documentation obligations or to protect our legitimate interests that override your conflicting interests, for example in the event of possible legal disputes, your Personal Data will be stored and processed for such even longer periods as well.

7. How We Share Your Personal Data
We may share your personal information with the following:

  1. Service Providers and Advisors: We share personal information with third party contractors and service providers, that are subject to reasonable confidentiality terms, and which may include processing payments, providing web hosting and maintenance services, technology support providers, email communications providers, analytics providers, data storage providers, competition management, and web and video hosting providers and developers. Any such service providers will be subject to confidentiality provisions and be bound to only process the data on our behalf and under our instructions, unless such service providers act as their own controllers (e.g., in the case we seek advice from lawyers and tax consultants).
  2. Corporate Transaction: We may transfer any information we collect in the event we sell or transfer all or a portion of our business or assets (including any shares in the company) or any portion or combination of our products, services, businesses and/or assets. Should such a transaction occur (whether a divestiture, merger, acquisition, bankruptcy, dissolution, reorganization, liquidation, change of control or similar transaction or proceeding), we will use reasonable efforts to ensure that any transferred information is treated in a manner consistent with this Privacy Notice.
  3. Law Enforcement, Regulators, Government Bodies and Other Third Parties For Legal Reasons: We may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect investigate and respond to potential civil or criminal violations, such as breaches of agreements or laws, respectively; and/or (iii) otherwise exercise or protect the rights, property, or personal safety of us, our team members or others.
  4.  With Your Consent: We may disclose your Personal Data to certain other third parties or publicly with your consent or direction. For example, with your consent or direction we may post your testimonial on our website or service-related publications.
    You will find detailed information about our engaged service providers in Download-Link below.

8. Transfer to Third Countries
Hochrainer GmbH does not transfer Personal Data to countries outside the European Economic Area ("EEA"), where the level of data protection is less strict than within the EEA.

9. Your Data Subject Rights
In the following, you will find a summary of your rights regarding the processing of your Personal Data if you are subject to the GDPR:

  1. Rights to Access. According to Article 15 GDPR, you have the right to obtain confirmation from us as to whether or not your Personal Data is being processed by us. Where that is the case, you have a right to access the Personal Data and obtain (a) confirmation of whether we are processing your Personal Data, (b) information about the categories of Personal Data we are processing, the purposes for which we process your Personal Data and information as to how we determine applicable retention periods, (c) information about the categories of recipients with whom we may share your Personal Data and if those recipients are located in third countries, and (d) a copy of the Personal Data we hold about you.
  2. Right to rectification. According to Article 16 GDPR, you may have the right to obtain the rectification of inaccurate Personal Data concerning you without undue delay by contacting us as set out in Section 2.
  3. Right to erasure. According to Article 17 GDPR, you have the right to obtain erasure of Personal Data concerning you without undue delay if (i) it is no longer necessary in relation to the purpose for which it is collected, (ii) you have withdrawn your consent on which the processing is based, (iii) you have objected to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you have objected to the processing pursuant to Article 21 (2) GDPR, (iv) your Personal Data has been unlawfully processed, or (v) the Personal Data has to be erased for compliance with a legal obligation to which Hochrainer GmbH is subject.
  4. Right to restriction. According to Article 18 GDPR, you have the right to obtain the restriction of processing. That means that you can require us to limit the purposes for which we process your Personal Data. Such right shall exist if (i) you contested the accuracy of the Personal Data, (ii) the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead, (iii) the Personal Data is no longer needed for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims, or (iv) you have objected to processing pursuant to Article 21(1) GDPR pending the verification of whether our grounds legitimately override yours.
  5. Right of information. According to Article 19 GDPR, you have the right to obtain information about the recipients of data to whom the rectification, erasure, or restriction of processing has been communicated.

    RIGHT TO OBJECT PURSUANT TO ARTICLE 21 GDPR
    OBJECTION ON GROUNDS OF YOUR PARTICULAR SITUATION
    According to article 21 (1) gdpr, you have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you which is based on our legitimate interests, including profiling). We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of you, or for the establishment, exercise, or defense of legal claims.
    CONTACT; YOU CAN SEND YOUR OBJECTION INFORMALLY BY POST OR E-MAIL ADDRESSED TO:
    Hochrainer GmbH
    Pommernstraße 4, 83395 Freilassing
    Germany
    E-mail: datenschutz@hochrainer.com
    Phone: +49 (0) 8654 4986-0
     
  6.  Right to lodge a complaint. You have the right to lodge a complaint against the processing of your Personal Data or any decision of Hochrainer GmbH to a competent supervisory authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in Germany, information about which local data protection authority is competent can be found here.
  7. Contact:
    To exercise your data subject rights, you can contact us without any formality by post, fax or e-mail at the points of contact listed in Secs. 2 and 14.

10. Obligation to Provide Personal Data
There is neither a contractual nor a legal obligation to provide us with your Personal Data for the use of our website. However, if you wish to contact us, or want to purchase products or receive services from us, certain information may be required to enable us to process your request.

11. Automated Decision-Making and Profiling
You have a right not to be subject to a decision based solely on automated processing, including profiling, if the decision is not necessary for the conclusion or performance of a contract, is not required by mandatory law, or is not based on your explicit consent.
Hochrainer GmbH does not use automated decision-making procedures, including profiling, unless we have explicitly informed you of them. Thus we may collect data automatically when you visit the website (see Annex 1 for the data categories, processing purposes and legal basis).

12. Technical Security Measures
We implement technical and organizational measures to protect your Personal data we process. Please note that although we implement and ensure measures to protect your Personal Data, no websites, internet transmissions, computer systems or wireless connections are absolutely secure.
For security reasons and to protect the transmission of confidential information that you send to us as the Website provider, we use SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us usually cannot be read by third parties.

13. Changes to this Notice
We may update this Privacy Notice from time to time. When we change this Privacy Notice in a material way, we will update the "last modified" date at the end it. Changes to this Privacy Notice are effective when they are posted on the website.

14. How to Contact Us
Please contact datenschutz@hochrainer.com if you have any questions, comments, and requests regarding these notices.

Effective: September 2022