1. Home
  3. Privacy policy

Privacy policy

Protecting your pivacy is important to us!

There is no doubt that we always handle all your personal data, whether from our website or our electronic communication, responsibly and with the utmost care. We take all necessary and appropriate measures to protect the data you have provided us with and comply with current national and European data protection regulations.

With this data protection disclaimer we would like to inform you of how we treat and process your personal data. Please note the responsible for your personal data in connection with a website is stated in the company information and legal details on the respective website.

Contact data protection official:

Via E-Mail: Datenschutz@hengstenberg.de 

Via Post:
Datenschutzbeauftragter,
Hengstenberg GmbH & Co. KG
Mettinger Straße 109
73728 Esslingen
Germany

What kind of data do we collect when you visit this website and how?

We only collect personal information that you choose to provide to us or that is necessary for us to provide our service to you. When you visit our website, our web servers store by default, among other things, information about the browser and operating system you use, the website from which you visit us, the websites you visit on our site, the date of the visit, and for security reasons, e.g. to detect attacks on our websites, and for a period of seven days, the Internet Protocol address (IP address) assigned to you by your Internet service provider. Other personal data is stored if you provide it to us of your own accord. For example, you provide us with your e-mail address, name, mailing address, telephone number, and other data, if any, to receive information about our products, to participate in contests or polls, to purchase products, or simply to be kept up to date on products of interest to you.

When you visit our website and you enter something in free text fields and comment, for example, our systems store the Internet Protocol address (IP address). We need this information for security reasons, to prevent misuse and for other security purposes.

What do we use your personal data for?

We use your personal data for purposes of technical administration of the website, for customer administration, to answer your questions in the context of consumer service, for product inquiries and surveys, and for marketing only to the extent necessary in each case. We use your personal data only for the purposes for which you have made them available to us. If you have given us your consent to process your personal data, this data will also be used for the purposes stated in the relevant consent, e.g. sending newsletters and sending products. You can revoke your consent to this at any time for the future.

In the context of individual use, we would like to make our advertising materials, such as our newsletter and your visit to our websites as user-friendly and individual as possible. In doing so, information generated automatically and transmitted by you helps us to provide you with individualized and tailored information. This information is, among other things, "technical data" (e.g. IP address, the operating system, browser), date and time of your visit to our website and "data on your (purchase) behavior" (service history, order history, recipes and products you have viewed).

If you have subscribed to our newsletter, we are automatically provided with "technical information" that enables us to evaluate, for example, how often the newsletter was opened and which content was clicked on and how often (e.g. opening rate and click rate). The analysis of this information also enables us to optimize our digital offers, e.g. our newsletter, and to communicate with you as individually as possible. In this way, we want to ensure that you only receive content that really interests you.

Legal basis 

Personal data is processed on the basis of different legal provisions. In the following, we explain the different legal bases:

  • Consent: If we obtain your consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
  • Performance of a contract: If the processing of personal data is necessary for the performance of a contract to which you are a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
  • Legitimate interests: If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override this, Article 6(1)(f) DSGVO serves as the legal basis for the processing.

How long do we store your data?

We store your personal data, which you transmit to us via our websites, in our databases. The data is stored for as long as is necessary for the purpose for which you have provided us with your data or for compliance with statutory regulations (e.g. statutory retention obligations). For example, this means that data is stored until we have answered a question from you or a competition has ended. If you have given us your consent to store your personal data for marketing purposes, this means that your data will be stored for the period over which we take marketing measures or until you revoke your consent. You can revoke any consent you may have given to receive advertising at any time with effect for the future.

What technical and organizational measures do we take to ensure the security of your data?

We use technical and organizational security measures to protect the data we have under our control against manipulation, loss, destruction and against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

Only authorized employees have access to your personal data. These may also be authorized employees of our service providers who process the data on our behalf or have access to this data. In this case, we have concluded a so-called "commissioned data processing agreement" ("Auftragsdatenverarbeitungsvertrag") with the service provider.

Transmission of data to third parties and to other countries

We do not provide your personal information to other companies that may wish to use it for direct marketing purposes unless you have given us permission to do so. Furthermore, we provide your personal data to the following other entities on a very limited basis:

  • We work with various service providers who assist us with various tasks, such as sending packages or managing our website and newsletter. These service providers are contractually obligated to take the same security measures as we do to protect your personal data. Your data will be kept confidential and may only be processed in accordance with our explicit instructions.

In some cases, our service providers are based abroad, which may result in a transfer of your personal data to other countries. To ensure that the same data protection and data security standard as in Germany is guaranteed, we conclude a "commissioned data processing contract" with the service provider in such cases. This contract ensures that the service provider is obliged to act exclusively in accordance with our instructions and to continuously take all necessary technical measures to protect your personal data to the same extent as we do here. In this way, we ensure that your data is adequately protected.

  • Other business units within our group of companies, insofar as you have consented to this or they work as our service providers on our behalf and we have contractually obligated them in the same way as our external service providers.
  • Personal data will only be transferred to state institutions and authorities within the framework of mandatory applicable legal provisions.

Please note that when using our website, personal data may be transferred to third countries, in particular to the USA. Due to the discontinuation of the Privacy Shield agreement as a mechanism for data transfers between the European Union and the USA, we must rely on other mechanisms in accordance with the provisions of the GDPR.

The transfer of data to third countries outside the European Union may pose risks to your personal data, as these countries may not have an equivalent level of protection for personal data as the European Union.

We therefore recommend that you read the privacy statements of third-party providers, especially social media, for information about their data processing practices and the safeguards they implement to ensure compliance with data protection standards.

 

What rights do you have in relation to the processing of your data?

If personal data of yours is processed, you are a data subject under the General Data Protection Regulation (GDPR) and you have the following rights against the controller:

  1. Pursuant to Article 15 of the GDPR, you have the right to request information about your personal data processed by us. In particular, you may request information about the processing purposes, the categories of personal data, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data (if not collected by us), as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
  2. Pursuant to Article 16 DSGVO, you have the right to request the correction of inaccurate or incomplete personal data stored by us without delay. 
  3. Pursuant to Article 17 DSGVO, you have the right to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
  4. According to Article 18 DSGVO, you have the right to request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims, or you have objected to the processing pursuant to Article 21 DSGVO.
  5. Pursuant to Article 20 DSGVO, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
  6. Pursuant to Article 7(3) DSGVO, you have the right to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.
  7. In accordance with Article 77 DSGVO You have the right to complain to a supervisory authority.

If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Article 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation.

Cookies use

Cookies are small text files that are stored on your terminal device. We use cookies, for example, to collect information such as browser type and operating system, relevant page, path to the website, etc. and to understand the use of this website. Cookies help us to adapt our website to the needs of our consumers and to offer certain services and functions, such as information tailored to you.

Personal data can then be stored in cookies if you have consented or if this is technically absolutely necessary, e.g. to enable a protected login.

1. Technically necessary cookies

Technical cookies are scripts, cookies and other elements that are necessary for the smooth operation of our website or where the operator has a legitimate interest pursuant to Article 6(1)(f) of the GDPR. These cookies are used to provide basic functions and services that are essential for the correct display of the website and the use of its interactive elements.

1.1 Google Tag Manager

Google Tag Manager is a solution that allows providers to manage website tags through one interface. The Tag Manager tool itself (implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.

Further information: https://www.google.de/analytics/tag-manager/use-policy/

1.2 Cookie Consent Manager (CCM19)

The CCM19 provides functionality to implement a cookie banner or cookie consent bar on the website that allows visitors to select their cookie preferences. This can include, for example, consent to different cookie categories or individual selection of specific cookies.

Further information: https://www.ccm19.de/datenschutzerklaerung.html

 
Cookie Lifetime Purpose
ccm_consent 1 year Used to store the cookie consent agreement that specifies which cookies can be set.
lastSessInit 1 year Stores the start time of the last session.
sessid 3 hours Unique identifier for a visitor's session. It is used to recognize the same user throughout the visit.

2. Non-technically necessary cookies

Non-technically necessary cookies, also known as functional cookies or preference cookies, are cookies that are not strictly necessary to operate a website but provide additional functionality and personalized services.
The processing of personal data in this case is based on consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given such consent.

 

​2.1 Analysis / Statistical Purposes

Cookies used for analysis or statistical purposes are used to collect information about user behavior on a website. They allow operators to collect data such as the number of visitors, pages visited, time spent on the website and other statistical information.

The data collected through analytics cookies are anonymized or pseudonymized to gain insights into user behavior. As a result, they enable us to continuously improve your experience on our website by better understanding how you use our website and what content is relevant to you. In addition, the information from the analytics cookies is used to technically optimize our website and adapt our marketing strategies to provide you with personalized content and offers.

The collected data is often combined and statistically analyzed to identify general trends and patterns. In this way, we can analyze user behavior at a better level without disclosing personal information.
 

2.1.1 Web analytics through Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Google Analytics uses cookies to collect and analyze information about the use of the website. The information generated by the cookies about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google Analytics collects various data, including page views, time spent on the website, device information, browser type, geographic location information and demographic information (if available). This data is used to generate reports on website activity, analyze user behavior, and improve the website.

For more information about how Google uses your data, see: http://www.google.com/analytics/terms/de.html and http://www.google.com/intl/de/analytics/privacyoverview.html.


2.1.2 Google Data Studio

This website uses Google Data Studio, a web-based data visualization and reporting service provided by Google. Google Data Studio may use cookies to collect and report information about website usage. The information generated by cookies about your use of this website is usually transferred to a Google server and stored there.

We use Google Data Studio to analyze our website visitor statistics and create user-defined reports. Google Data Studio cookies are also used for this purpose. The information generated by these cookies may be transferred to Google and processed by Google in accordance with its privacy policy.

You can find more information about how Google uses your data at:
https://support.google.com/looker-studio/answer/7657915?hl=de 


2.1.3 Web analytics Hotjar

This website uses Hotjar, a web analytics service provided by Hotjar Ltd. Hotjar uses cookies and other technologies to collect and analyze information about user behavior on the website. This information includes mouse and keyboard inputs (anonymized), pages visited, scrolling activity and interactions with certain elements of the website. Hotjar also collects device information such as browser type, operating system and screen resolution.

The data collected is used to understand user behavior, improve website usability and customize the user experience. The data helps to analyze the effectiveness of the website, identify errors and optimize the performance of the website.

You can find more information on how Hotjar uses your data at:
https://help.hotjar.com/hc/de/articles/360046544833-H%C3%A4ufig-gestellte-Fragen-zur-Einhaltung-von-Vorschriften

 

 

 
Cookie Lifetime Purpose
_ga 24 months Collection of statistics about the use of the website (reach measurement)
_ga_* 2 years Used to get session status.
_gat_* Session  
_gid 24 hours ID to identify the user within 24 hours of last activity
_hjAbsoluteSessionInProgress 30 minutes Hotjar uses cookies and other technologies to collect information about the behavior of our users and their devices (in particular the IP address of the device (is only recorded and stored in anonymized form), the size of the screen, the device type (unique device identifier), Information about the browser used for browsing, location (country only), preferred language for viewing our website). Hotjar stores this information in pseudonymous usage profiles. Hotjar or we do not use this information to identify individual users or combine it with other data about individual users.
_hjFirstSeen 30 minutes This is set to identify a new user's first session. It stores a True/False value indicating whether Hotjar is seeing the user for the first time. This is used by registration filters to identify new user sessions.
_hjIncludedInSessionSample 30 minutes This cookie is set to inform Hotjar if the user is included in the data sample defined by your website's daily session limit.
_hjSession{site_id} 1800 This cookie contains current session data. This ensures that subsequent requests in the session window are associated with the same Hotjar session.
_hjSessionUser {site_id} 31557600 This cookie is set when the user first accesses a page that contains a Hotjar script. This will save the unique Hotjar user ID for that website in the browser. This ensures that subsequent visits to the same website are attributed to the same user ID.

2.2 Non-technically necessary cookies - Social Media

Social media cookies allow platforms to track user behavior and collect information about user's interactions with social media features. This allows personalized content and advertising to be displayed that is tailored to users' interests. 

We maintain fan pages within various social networks and platforms with the aim of communicating with customers, interested parties and users active there and informing them about our services. User data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users.

Please note that we have no control over the data collected. 

2.2.1 Facebook

Our website uses cookies and plugins from Facebook, a social network operated by Meta Platforms Ireland Limited, 6 Serpentine Ave, Dublin, D04 H0C9, Ireland. These cookies are used to collect information about the use of our website and to display personalized advertising.

The data collected by Facebook may include various information, such as your IP address, browser type, operating system, device type, pages visited, length of stay, click behavior and demographic characteristics. This data is used to analyze user behavior and to deliver targeted advertising.

For more information about how Facebook uses your data, see: https://de-de.facebook.com/privacy/policies/cookies/


2.2.2 YouTube 

Our website uses cookies and embedded videos from YouTube, a video platform operated by Google. These cookies are used to collect information about the use of the embedded YouTube videos on our website.

The data collected by YouTube may include various information such as your IP address, browser type, operating system, device type, pages visited, dwell time, click behavior and demographic characteristics. This data is used to analyse user behaviour, improve video quality, provide personalized content and display targeted advertising.

For more information about how YouTube uses your data, see: https://policies.google.com/privacy?hl=de

 
Cookie Lifetime Purpose
_fbp 3 Monate Facebook-Cookies are used for website analytics, targeting and ad measurement

Other fan pages on social media

Our website contains links (e.g. Facebook or Instagram) to social media. These services are operated exclusively by third-party providers. If you follow the links or play videos, information may be transmitted to these providers.

Furthermore, we maintain fan pages within various social networks and platforms with the aim of communicating with the customers, interested parties and users active there and informing them about our services. As a rule, user data is processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the users. These user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users.

 Please note that we have no control over the data collected.

Further information on the use of your data can be found under the respective link:

Contact forms

We use contact forms on our website to give you the opportunity to get in touch with us and make inquiries. If you fill out and submit one of our contact forms, the information you enter will be transmitted to us and stored. This information may include personal data such as name, e-mail address, telephone number and other contact details. We use this data exclusively to respond to your request and to communicate with you. Your data will be processed on the basis of your consent in accordance with Article 6(1)(a) GDPR by submitting the contact form. Your data will be treated confidentially and will not be passed on to third parties unless this is necessary to answer your request or required by law. We will only store your data for as long as is necessary to process your request or until you object to the further storage of your data.

Links to other websites 

Our websites include links to other websites. We have no influence on other operator’s content and design. Our data protection disclaimer does not apply there.

Change to our privacy policy 

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

Status: October 2023