Hanso Group

1. General information and principles of data processing

We are pleased that you visit our website.

The protection of your privacy and the protection of your personal data, the so-called personal data, when using our website is an important concern for us.

According to Art. 4 No. 1 GDPR, personal data is all information relating to an identified or identifiable natural person. This includes information such as your first and last name, your address, your telephone number, your e-mail address, but also your IP address.

Data which cannot be linked to your person, such as through anonymisation, is not personal data. Processing (e.g., collection, storage, readout, retrieval, use, transmission, deletion or destruction) in accordance with Art. 4 No. 2 of the GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and there is no longer any legally prescribed obligation to retain data.

Here you will find information on how we handle your personal data when you visit our website. In order to provide the functions and services of our website it is necessary for us to collect personal data about you.

We also explain the type and scope of the respective data processing, the purpose and the corresponding legal basis and the respective storage period.

This privacy policy applies only to this website. It does not apply to other websites to which we merely refer by hyperlink. We cannot assume any responsibility for the confidential handling of your personal data on these third-party websites, as we have no influence on whether these companies comply with the data protection regulations. You can find out more about how these companies handle your personal data directly on these websites.

Below you will find the contact details of the responsible office.

2. Responsible authority

Responsible for the processing of personal data on this website is (see legal notice / imprint):

3. Use of the website / server log files

a) The nature and extent of the data processing

If you use this website without transmitting data to us in any other way (e.g., by registering or using the contact form), we collect technically necessary data via server log files, which are automatically transmitted to our server, including:

• IP address
• Data and time of the request
• Name and URL of the retrieved file
• Website from which the access takes place (Referrer URL)
• Access status/HTTP-status code
• Browser type
• Language and version of the browser software
• Operating system

b) Purpose and legal basis

This processing is technically necessary to display our website. We also use the data to ensure the security and stability of our website.

The legal basis for this processing is Art. 6 (1) (f) GDPR. The processing of the aforementioned data is necessary for the provision of a website and thus serves to protect a legitimate interest of our company.

c) Storage period

As soon as the personal data is no longer required to display the website, it will be deleted. The collection of the data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility for the user to object to this aspect. A further storage can take place in individual cases, if this is legally required.

4. Use of Cookies

a) The nature and extent of the data processing

We use cookies. Cookies are small files that are sent by us to the browser of your terminal device when you visit our website and stored there.

Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, on the other hand, enable us to perform various analyses. For example, some cookies can recognise the browser you are using when you visit our website again and transmit various information to us. We use cookies to facilitate and improve the use of our website. For example, cookies enable us to make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g., country and language settings). If third parties process information via cookies, they collect the information directly via your browser. However, cookies do not cause any damage to your end device. They cannot execute programmes and cannot contain viruses. Various types of cookies are used on our website, the type and function of which are explained below.

Temporary cookies/Session cookies

Our website uses so-called temporary cookies or session cookies, which are automatically deleted when you close your browser. Through this type of cookies, it is possible to record your session ID. This allows various requests from your browser to be assigned to a common session and makes it possible to recognise your terminal device during subsequent visits to the website.

Permanent cookies

So-called permanent cookies are used on our website. Permanent cookies are cookies that are stored in your browser over a longer period of time and can transmit information. The respective storage period varies depending on the cookie. You can delete permanent cookies independently via your browser settings.

Third party cookies

We use analytical cookies to monitor anonymous user behaviour on our website.

We also use advertising cookies. These cookies allow us to track user behaviour for advertising and targeted marketing purposes.

Social media cookies allow us to connect to your social networks and share content from our website within your networks.

Configuration of the browser settings

Most web browsers are preset to automatically accept cookies. However, you can configure your browser so that it only accepts certain cookies or none at all. We would like to point out, however, that you may then no longer be able to use all the functions of our website.

You can also use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set your browser to notify you before cookies are stored. Since the various browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the corresponding configuration options.

Disabling the use of cookies may require a permanent cookie to be stored on your computer. If you delete this cookie afterwards, you will have to deactivate it again.

b) Legal basis

Because of the purposes described, the legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR. Only those cookies that are technically absolutely necessary to enable you to use the website can be based on this.

If you have given us your consent to the use of cookies based on a notice ("cookie banner") provided by us on the website, the legal basis is additionally Art. 6 (1) (a) GDPR. This is necessary for cookies that enable us to analyse your usage behaviour and to place appropriate advertising.

c) Storage period

As soon as the data transmitted to us via cookies is no longer required for the purposes described above, this information is deleted. Further storage may be carried out in individual cases if this is required by law.

7. Data transmission

We only pass on your personal data to third parties if:

• You have given the express consent to do so under Article 6 (1) (a) of the GDPR
• This is permitted by law and, pursuant to Art. 6 (1) (b) GDPR, is necessary for the performance of a contractual relationship with you or the implementation of pre-contractual measures.
• According to Art. 6 (1) (c) GDPR, there is a legal obligation for the disclosure.
• We are legally obliged to transfer data to state authorities, e.g. tax authorities, social security institutions, health insurance companies, supervisory authorities and law enforcement agencies.
• The transfer of data pursuant to Art. 6 (1) (f) GDPR is necessary to safeguard legitimate company interests and to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.

In accordance with Art. 28 GDPR, we use external service providers, so-called data processors, who are obliged to handle your data with care.

We may use such service providers in the following areas:

IT, logistics, telecommunications, newsletter dispatch, invoicing

When transferring data to external parties in third countries, i.e., outside the UK/EU/EEA, we ensure that these parties treat your personal data with the same care as they would within the UK/EU/EEA. Following the implementation of the EU-US Data Privacy Framework (DPF), UK Extension to the EU-US DPF, and Swiss-US Data Privacy Framework (collectively, "the Frameworks") in 2023, we utilise these frameworks when transferring data to certified US companies. We only transfer personal data to third countries where the UK Government or EU Commission has confirmed an adequate level of protection or where we ensure the careful handling of personal data through Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other appropriate safeguards as required by UK and EU data protection law.

In compliance with the Court of Justice of the European Union's requirements regarding international data transfers, we have implemented additional technical and organisational measures to protect data transferred outside the EEA, including encryption, anonymisation where feasible, and data minimisation practices.

8. Tracking, analysis and other tools

Google Analytics:

Analysis tool; Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

With the help of Google Analytics, it is possible for the provider to track the behaviour of users on the website and, based on this, to revise and adapt its own presentation of the offers. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. We have configured our Google Analytics implementation to use IP anonymisation and to respect "Do Not Track" browser settings in compliance with current privacy regulations.

Website: https://analytics.google.com/
Privacy policy: https://policies.google.com/privacy
Opt-Out: https://tools.google.com/dlpage/gaoptout

9. Rights of data subjects

Since we collect and process data from you, you have certain rights as a data subject of a data processing:

• The right to information from us. Should you exercise this right, we will inform you which of your personal data we have processed.
• Right to correction or deletion of your personal data.
• Right to restriction of processing of your personal data.
• Right to object to the processing of your personal data.
• Right to data portability, allowing you to obtain and reuse your personal data across different services.
• Right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right of complaint to a competent supervisory authority.
• Rights related to automated decision making and profiling, ensuring you are not subject to decisions based solely on automated processing that produce legal effects concerning you.

Right to object to the processing

Art. 21 GDPR allows you to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) or (f) GDPR.

Your right of revocation:

You can revoke your consent to process your personal data at any time with effect for the future.

You can declare the revocation by e-mail to info@hanso.group or by sending a message to the contact details listed at the beginning of this document.

Response Time:

We will respond to all legitimate requests within one month as required by Article 12(3) GDPR. In complex cases, this period may be extended by an additional two months, about which you will be informed.