Privacy policy

We are very glad that you are interested in our online portal. It is extremely important to us to make sure that your privacy is protected, and below you will find detailed information about how your personal data is processed in accordance with Article 13 of the General Data Protection Regulation (GDPR). If you have any questions or comments about this data protection information, you are very welcome to contact our data protection officer at datenschutz@c-hafner.de or the party responsible for our data processing, 

C.Hafner GmbH + Co. KG
Maybachstrasse 4
71299 Wimsheim
Germany   

Tel.: +49 (0)7044 90333-0
Fax: +49 (0)7044 90334-0
E-mail: info@c-hafner.de

Your personal data is processed in two categories:

1. For contract implementation and advertising purposes, e.g. for sending out newsletters and advertising mail, we process all necessary data. Your data is supplied to external service providers who play a part in implementing your contract (e.g. delivery firms, payment processors) to the extent necessary in each individual case.

2. When you visit our website, a range of information is automatically exchanged between your device and our server. This may include personal data. We use the information gathered in this way to optimise our website or to show advertising in your device's browser.

In this section you can learn more about the purposes for which personal data is processed, the legal basis for this processing, the legitimate interests that we and some third parties have in processing it and the different categories of recipient it may be supplied to.

Data collection and use for the purpose of implementing your contract and opening a customer account

We process personal data for the purpose of implementing your contract and opening a customer account if you supply it to us voluntarily when placing your order, when contacting us (e.g. by e-mail or using our contact form) or when opening a customer account. You can see from the different input forms used what data is being collected.

The data concerned is principally the following:

  • first name, last name
  • invoice address, delivery address
  • e-mail address
  • invoicing and payment data
  • date of birth, if necessary    
  • telephone number, if necessary.

The legal basis for the processing of personal data for the purpose of contract implementation is Article 6 (1) (b) GDPR. If you subscribe to our newsletter using your e-mail address, we will send you a confirmation e-mail in accordance with Article 6 (1) (c) GDPR. Once you have made a purchase, we reserve the right, in accordance with Article 6 (1) (f), to send you a newsletter containing offers for similar goods, unless you have asked us not to do so. If we do not use your contact details for advertising purposes, we are permitted to store the data collected for contract implementation purposes until the end of the statutory or any contractual warranty/guarantee period. On the expiry of this period, we will continue to store the information about your contract that is required by commercial and tax law for the relevant statutory periods. During this period (generally 10 years from conclusion of the contract), your data will only be processed again if the tax authorities conduct an audit.

You are free to choose whether to open a customer account or not. The legal basis for opening such an account is your consent within the meaning of Article 6 (1) (a) GDPR. We will be happy to tell you what data is stored in your customer account on request.

In order to fulfil the contract concluded when you make a purchase, the following data processing is also necessary:

Disclosure of data for contract fulfilment and identity and credit checks

We supply your e-mail address and possibly your telephone number to the delivery firm we employ if this is necessary for delivery of the goods you have ordered, and as long as you have given consent either when or after placing your order, so that this firm can contact you itself in order to arrange delivery or let you know when your order will arrive.

You are free to withdraw your consent to this at any time by contacting us or the delivery firm. To do this through us, please write to the e-mail or postal address included in our Company Details. If you prefer to contact our delivery firm, please write to logistik@c-hafner.de so that we can let you have its contact details.

For payment processing purposes, we supply the necessary data to the relevant bank and the payment service provider we employ or the payment service provider you selected when placing your order.

We use a payment service provider based outside of the European Union. Personal data is only supplied to this company to the extent necessary for the fulfilment of your contract.

If necessary, we will check your identity, on the legal basis of Article 6 (1) (b) and (f) GDPR, by obtaining information from service providers. The reason for this is to protect your identity and prevent attempts to commit fraud at our expense. Our enquiry and the results will be stored together with your customer account/guest account for the duration of our contractual relationship.

Credit checks and scores
If we supply goods before receiving payment, e.g. if you purchase on invoice, we reserve the right to protect our legitimate interests by obtaining identity and credit rating information from providers specialising in this area (commercial credit agencies). For this purpose we supply your personal data as required for a credit check to the following company/companies:

Creditreform Pforzheim Müller & Schott KG
Maximilianstrasse 46 
75172 Pforzheim, Germany.

The credit report obtained may include probability figures (credit scores) calculated using scientifically recognised mathematical/statistical methods and based, for example, on address data. We use the information obtained about the statistical likelihood of a payment default in order to make a balanced decision about whether or not to accept your order. Your legitimate interests will be protected as required by law.

The legal basis for these information transfers is Art. 6 (1) (b) and Art. 6 (1) (f) GDPR. Data may only be transferred in accordance with these regulations if this is necessary in order to protect legitimate interests of our company or a third party and provided these interests are not overridden by the basic rights and freedoms of those affected to have their personal data protected.

You are free to state your case to the aforementioned credit agency and contest the decision made.  

Data processing for advertising

In accordance with Art. 6 (1) (f) GDPR, the party responsible for processing data for advertising purposes has a legitimate interest in doing so. On this legal basis we reserve the right to make use of your first name, last name, date of birth, street name, postcode and town for the purpose of personalised customer contact. The length of time for which personal data is stored for advertising purposes is determined by whether the storage is necessary for the purpose of targeted advertising. Our general policy is to delete data when no use has been made of it for advertising purposes for two years at the latest.

Own and third-party advertising

If you conclude a contract with us or ask us to send you advertising materials, we will file your details as an existing or potential customer. In such cases we will process your name and address in order to send you information about new products and services. In pursuit of our legitimate interests, we reserve the right to forward your postal address to other companies belonging to our group and possibly to selected contract partners so that they can inform you about their products as well.

Making advertising relevant

To ensure that we only send you advertising likely to be of interest to you, we categorise and add additional information to your customer profile. This includes both statistical information and information about you as an individual (e.g. basic data from your customer profile). As stated, our aim is to only send you advertising which is relevant to your needs as far as we can tell. We don't want to bother you with advertising that is of no interest to you!

Processing to send out advertising

We have a service provider who sends out advertising for us, and we supply this provider with your data for that purpose.

Right to object

You are entitled to object to future data processing for the above-mentioned purposes free of charge at any time, separately for each communication channel. To do this, it is sufficient to e-mail or write to the contact address supplied above. 

If you object, your relevant contact address will be blocked for any further data processing for advertising purposes. In exceptional cases, advertising may continue to be sent to you for a short period after we receive your objection. This is because some advertising will already be in the system on its way to you. It does not mean that we are not acting on your objection.

Data use when you subscribe to the e-mail newsletter

If you subscribe to our newsletter using the double opt-in procedure, we will use the data necessary or supplied separately by you in order to send you the newsletter regularly. In this double opt-in procedure, you enter your e-mail address on the form and we then send you a confirmation link. When you click on the confirmation link, your e-mail address is entered in our e-mail distribution list. Your e-mail address data will then be processed on the basis of your consent as per Art. 6 (1) (a) GDPR. You can withdraw your consent to any further such processing at any time. You can also cancel your newsletter registration at any time by contacting us using the contact information supplied in our Company Details or by clicking on the link provided for this purpose at the end of each newsletter.

Data use for e-mail advertising without any newsletter subscription, and your right to object

If you give us your e-mail address when you purchase our goods or services, and if you do not refuse permission, we reserve the right to pursue our legitimate interests by sending you regular offers by e-mail which relate to products from our range similar to those already purchased. Your e-mail address will then be processed in accordance with Art. 6 (1) (f) GDPR. You can object to this use of your e-mail address at any time by sending us a message using the contact information supplied in our Company Details or by clicking on the link provided for this purpose at the end of each newsletter.

Newsletter processing

We have a service provider who sends our newsletter out for us, and whom we supply with your e-mail address for that purpose.

Tracking in newsletters

In our newsletters, anonymised tracking is carried out by a special tool, purely to determine whether the newsletter has been opened and, if so, how often a link in the newsletter has been clicked on. No other data, especially personal data, is collected.

Internet technologies

Use of cookies

In order to give you a good experience when you visit our website and to enable you to make use of certain functions, we use so-called "cookies" on some pages. The legal basis for any processing of personal data with these cookies is Art. 6 (1) (f) GDPR. Our interest in optimising our website by this means is legitimate within the meaning of that statutory provision. Cookies are small text files which are installed on your device. Some of the cookies we use are deleted at the end of your browser session, i.e. when you close your browser (so-called session cookies). Others remain on your device and enable us to recognise your browser when you visit our website again (persistent cookies). You can set your browser to let you know when cookies are going to be stored on your device, leaving you free to decide whether to accept them on a case-by-case basis, or to exclude cookie installation in specific cases or in general. If you decide not to accept cookies, some website functions may be restricted.

Google Analytics

In accordance with Art. 6 (1) (f) GDPR, we use Google Analytics – a web analysis service provided by Google Inc. ("Google") – to help us design and constantly optimise our web pages so as to best meet your needs. For this purpose, pseudonymised usage profiles are created and cookies are used. The information produced by the cookie about your use of this website, e.g.

  • browser type/version,
  • operating system in use,
  • referrer URL (last page/site visited),
  • IP address of computer used for access,
  • time of server request,

is sent to a Google server in the USA and stored there. The information is used to analyse the use of the website, to produce reports on website activity and to provide other services relating to website and Internet use in order to carry out market research and make sure that our web pages meet our customers' needs. The data may also be supplied to third parties if this is required by law or if the third parties concerned process the data on our behalf. Your IP address will under no circumstances be linked to other Google data. The IP addresses collected are anonymised so that it is impossible to link them to individual users (IP masking).

You can prevent the installation of cookies at any time by changing the settings on your browser software. However, in that case it may not be possible for you to fully utilise all of this website's functions. In addition, by downloading and installing this browser add-on, you can prevent the data produced by the cookie about your website use (including your IP address) from being collected and processed by Google. As an alternative to the browser add-on, in particular for browsers on mobile devices, you can also prevent data collection by Google Analytics by clicking on this link. This will install an opt-out cookie which will prevent any future collection of your data when you visit this website. The opt-out cookie, which is installed on your device, will only work on this browser and for our website. If you delete cookies on this browser, you will need to install the opt-out cookie again. You can find further information about Google Analytics and data protection on the Google Analytics website. 

Targeting

We use the targeting measures listed below in accordance with Art. 6 (1) (f) GDPR. Our purpose in doing this is to ensure that only advertising relevant to what we know or believe you are interested in appears on your devices. It is in our interest as well as yours to avoid bothering you with advertising which is not relevant to you. 

On-site targeting

Use of web analysis technologies
For the purpose of website analysis, data from this website is collected and stored automatically and then used to create pseudonymised usage profiles. This is done in pursuit of our, on balance, overriding legitimate interest in optimising the presentation of our offering, and cookies may be installed for the purpose. The pseudonymised usage profiles created will never be linked to personal data about the bearer of the pseudonym without the relevant party's separate, express consent. You can object to future data collection and storage at any time by clicking on this link.
Following an objection from you, an opt-out cookie will be stored on your device. If you delete your cookies, you will need to click on the link again.
The cookie will be deleted automatically after 30 days. 

Re-targeting

We also use Google AdWords re-targeting technologies, and this enables us to tailor our online offering to make it more interesting for you. For this purpose a cookie will be installed to collect pseudonymised interest data. Using this information, adverts for products/services from our range which are relevant to your interests will be displayed on our partners' websites. No direct personal data will be stored, and no usage profiles will be linked to your personal data. The relevant cookie will be stored for 30 days and then deleted automatically.

Objections/opt-out

In addition to the aforementioned deactivation methods, you can prevent the use of the described targeting technologies in general by changing your browser's cookie setting. You can also deactivate preference-based advertising using the preference manager, which you can access here. 

Social media plug-ins

In accordance with Art. 6 (1) (f) GDPR, we use social plug-ins from the social media providers Facebook, Google+, Xing and YouTube in order to raise our company's profile. This is a form of advertising which qualifies as a legitimate interest within the meaning of the GDPR. Each individual provider is responsible for ensuring that operation of the plug-ins complies with data protection regulations. We use the so-called two-click method for these plug-ins to ensure the best-possible protection for visitors to our website.

Facebook

Our website uses Facebook plug-ins supplied by Facebook Inc. They are marked with a Facebook logo or have "Like" and/or "Share" buttons. You will find a list of Facebook plug-ins, showing what they look like, if you click on the following link. If you activate such a plug-in (first click), your browser will establish a direct connection with Facebook's servers. The content of the plug-in will be sent directly to your browser by Facebook and integrated into the relevant page. By means of this integration, Facebook will learn that your browser has accessed the relevant page on our website, even if you have no Facebook profile or are not logged into Facebook at the moment. This information (including your IP address) will be sent by your browser directly to a Facebook server in the USA and stored there. If you are logged into Facebook, Facebook will be able to link your visit to our website directly with your Facebook profile. If you interact with the plug-ins, for example by pressing the "Like" button, this information will likewise be sent directly to a Facebook server and stored there. The information will also be published as part of your Facebook profile and shown to your Facebook friends.

For information about the scope and purpose of this data collection, processing and use by Facebook and your related rights and setting options to protect your privacy, please see Facebook's data protection information. If you do not want Facebook to link the information collected about your visit to our website directly to your Facebook profile, you need to log out of Facebook before accessing the website.

      Google+

The Google Plus plug-ins used on our website are supplied by Google Inc. These plug-ins can be identified by buttons marked "+1" on a white or coloured background, for example. You will find a list of Google plug-ins, showing what they look like, here. If you activate such a plug-in (first click), your browser will establish a direct connection with Google's servers. The content of the plug-in will be sent directly to your browser by Google and integrated into the relevant page. By means of this integration, Google will learn that your browser has accessed the relevant page on our website, even if you have no Google Plus profile or are not logged into Google Plus at the moment. This information (including your IP address) will be sent by your browser directly to a Google server in the USA and stored there. If you are logged into Google Plus, Google can link your visit to our website directly with your Google Plus profile. If you interact with the plug-ins, for example by pressing the "+1" button, this information will likewise be sent directly to a Google server and stored there. The information will also be published on Google Plus and shown to your contacts.

For information about the scope and purpose of this data collection, processing and use by Google and your related rights and setting options to protect your privacy, please see the Google data protection information, which you can access here.
If you do not want Google to link the information collected about your visit to our website directly to your Google Plus profile, you need to log out of Google Plus before accessing our website. You can also prevent Google plug-ins from loading altogether by using add-ons for your browser, e.g. the script-blocker "NoScript".

      YouTube video plug-ins

Content from third-party providers is integrated into this website. This content is made available by Google Inc. ("providers").
YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

When YouTube videos are integrated into our website, the data protection setting is higher. This means that no website visitor data can be collected or stored in YouTube unless visitors play the video. 

For information about the scope and purpose of this data collection, processing and use by providers and your related rights and setting options to protect your privacy, please see

Google's data protection information.

Recipients outside of the EU

With the exception of the processing described under the headings of Internet technologies and Social media plug-ins, we do not supply your data to recipients registered outside of the European Union or the European Economic Area. The aforementioned processing entails the transmission of data to servers operated by the tracking/targeting technology providers used by us. These servers are located in the USA. Transmission takes place in accordance with the principles of the "privacy shield" and standard contract clauses formulated by the EU Commission.

Your rights

In addition to your entitlement to revoke the consents that you give to us, you can exercise the following additional rights if the relevant statutory conditions are fulfilled:

  • right to receive information about your personal data stored by us in accordance with Art. 15 GDPR; in particular, you are entitled to obtain information about the purposes of the data processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period and the source of your data if it was not collected directly from you,
  • right to amend incorrect data or to complete accurate, but incomplete data in accordance with Art. 16 GDPR,
  • right to have the data we hold about you deleted in accordance with Art. 17 GDPR, as long as this is not contrary to any statutory or contractual retention periods or other legal obligations/rights requiring continued storage,
  • right to restrict the processing of your data in accordance with Art. 18 GDPR, if you dispute the accuracy of the data, if the processing is illegitimate but you do not want the data to be deleted, if the party responsible no longer needs the data but you need it in order to enforce, exercise or defend legal rights/claims, or if you have objected to the processing in accordance with Art. 21 GDPR,
  • right to data portability in accordance with Art. 20 GDPR, i.e. the right to have selected data which we hold about you sent to you in a commonly used, machine-readable format, or to demand its transmission to another responsible party,
  • right to complain to a regulatory authority; you can in general approach the regulatory authorities responsible for your customary place of residence or place of work, or our registered place of business.

Right to object

Subject to the conditions of Art. 21 (1) GDPR, the processing of data may be objected to on grounds arising out of the particular circumstances of the person affected.

The aforementioned general right to object applies to all of the purposes of processing in accordance with Art. 6 (1) (f) GDPR described in this data protection information. In contrast to the special right to object which applies in the case of data processing for advertising purposes, we are only obliged to implement such a general objection if you supply us with overriding reasons (e.g. possible danger to life or health). Another option for you is to contact the regulatory authority responsible for us or our data protection officer. 

Data security

All data personally supplied by you, including your payment details, are transmitted by means of the generally used, safe SSL (Secure Socket Layer) standard. SSL is a secure, tried-and-tested standard which is also used, for example, in online banking. One method by which you can check for the safe SSL connection is to look for the "s" added to the "http" (thus "https://...") or a padlock symbol in your browser's address bar.

We also implement appropriate technical and organisational security measures to protect your personal data stored by us against manipulation, partial or complete loss and unauthorised third-party access. These security measures are constantly improved in line with technological developments.

Phone +49 7044 90333-0
E-mail