IMPORTANT! PLEASE NOTE: You agree to the German Data Protection Statement which has been translated to English for your convenience only. The German Data Protection Statement is binding.
We take the protection of your personal information very seriously and adhere strictly to the rules of data protection laws. Personal data is collected on this website for technical purposes only. The data will never be sold or transferred to third parties. The following statement gives an overview of how we guarantee this protection and what kind of data is collected for what purpose.
1. Information about the collection of personal data and provider identification
(1) We are glad that you are visiting our website www.hkp.com and that you have shown an interest in our company and its range of services. The protection of personal data is very important to us. All web activity undertaken by hkp Deutschland GmbH is carried out in accordance with the applicable legislation governing the protection of personal data and data security, in particular the GDPR (EU General Data Protection Regulation). This data protection notice tells you about how the information that is collected during your visit to our website is handled. Personal data is any information that relates to you, such as name, postal address, e-mail addresses or user behaviour. For the sake of simplicity, the pronouns “he”, “him” and “his” are used below to refer to both male and female users.
(2) Details of the service provider and controller in the sense of data protection law are listed under the company details and contact details in our legal notice. Our address is also the contact address of the data protection officer appointed by us.
2. The collection of personal data for informational use
(1) Personal data is information that makes a person identifiable, which includes data such as his name and e-mail address but also data about his online behaviour. If you are just using the website for informational purposes, i.e. if you do not register to use the website or provide us with any other information, we do not collect any personal data except the data transmitted by your browser in order to facilitate your viewing of the website (these are often called log files, legal basis is Art. 6 (1) 1 f) GDPR. Log files are technically required by us so that it is possible for the website you have requested be sent to your computer and displayed to you. They are deleted within 7 days after accessing the website. The following are classified as log files:
IP address
Time and date of the request
Time zone difference compared to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Quantity of data transmitted
The website from which the request originates
Type of browser
Operating system and its interface
Language and version of the browser software
(2) The log files are used for statistical analysis and for making improvements to the website (legal basis is Art. 6 (1) 1 f) GDPR. This allows us to recognise any errors such as broken links. In connection with your use of the website, data recorded includes the IP address of the computer you are using. Under some circumstances, it may be possible to identify website users via the IP address. However, we will not undertake analysis of IP addresses collected as described in paragraph (1) for such a purpose. The analysis of IP addresses is undertaken on a purely statistical basis, using anonymised data.
3. Use of our website’s functions
(1) Alongside the purely informational use of our website, we offer a range of services that you may use if you wish. To do so, you will generally need to provide additional personal data that we use in order to supply the relevant service. Any additional fields that are not compulsory are marked accordingly.
(2) Personal data shall only be collected if you provide us with it, by filling out contact forms or sending e-mails, during the course of placing an order for products or services, by submitting a query, or by requesting material. We then collect the information that has resulted from establishing contact. In particular, this information includes names and any contact details provided, the date and the reason for contacting us. We will only use the personal data we collect about you in order to supply you with the products or services you have requested (legal basis is Art. 6 (1) 1 b) GDPR), or for other purposes for which you have given your permission (legal basis is Art. 6 (1) 1 a) GDPR), and which are described in this data protection statement. Your consent, for example for setting cookies by third party providers or for web tracking by these providers, can also be given in the appropriate technical settings of your browser.
(3) When contact is established, your details, which are required for the processing of your query and for the purpose of any potential follow-up questions, will be saved for the duration of the statutory retention period (legal basis is Art. 6 (1) 1 c) GDPR and will then be erased in accordance with Point 4 (1) of this data protection statement.
4. Use of our services that are subject to a charge; Passing on data
(1) When you use our services that are subject to a charge and wish to place an order for something, it is necessary for you to provide your personal data to conclude the contract which are required to process your order. Fields that are compulsory for the execution of contracts are marked accordingly; additional fields are voluntary. The data you provide is used by us to process your order (legal basis is Art. 6 (1) 1 b) GDPR). The address, payment and order data are stored after the processing of the contract for the duration of the statutory retention obligations in particular under tax and commercial law (legal basis is Art. 6 (1) 1 c) GDPR) and are then erased, provided you have not consented to further storage or the further processing of the data is required for asserting, exercising or defending legal claims or promotional contact (see also Point 5 (1) of this data protection statement). We check the latter at the end of each third calendar year beginning with the calendar year following the initial storage.
(2). You have the option of whether you provide your data required for the order only once for this order or whether you would like to create a customer account in which your data will be stored for subsequent orders (legal basis is Art. 6 (1) 1 b) GDPR). When creating an account, the data provided by you will be revocably stored.
(3) In order to process your order, we will provide your data to our main bank and to logistics service providers and payment service providers selected by you (legal basis is Art. 6 (1) 1 b) GDPR). Our service providers are only permitted to process or use your data for the purpose for which it was necessary to transmit it to them. You may access the data at any time. Insofar as data is passed on to external service providers, we have put technical and organisational measures into place to ensure that data protection regulations are observed. We may also pass on your details for debt collection purposes (legal basis is Art. 6 (1) 1 f) GDPR).
(4) In order to prevent third parties from gaining unauthorised access to your personal data, in particular financial data, the ordering process is encrypted using SSL technology.
(5). Where we are rendering services in advance, for instance if a customer is paying in instalments or buying on account, we may use a service provider to verify the identity and creditworthiness of the customer e.g. a credit agency (legal basis is Art. 6 (1) 1 f) GDPR. Furthermore, we do not exclude the possibility of using anonymised usage data for the purposes of market research.
(6) We advise you that, in individual cases and by order of the appropriate authorities, we are entitled to provide information about data, insofar is this is required for public prosecution purposes, to enable the police forces of the German federal states to prevent crimes, to fulfil the statutory tasks of the constitution protection authorities of the German federal government, the German federal states, the Federal Intelligence Services or Military Intelligence, or to enforce intellectual property rights (legal basis is Art. 6 (1) 1 c) GDPR).
5. Advertising to our customers; Newsletter
(1) After the sale of a product or service, we reserve the right to send you advertising material via the e-mail address provided to us about our services in the area of “consulting with a focus on performance management, talent management and remuneration”. The same applies to the use of your address details for sending advertising by post about our own offers as well as recommendations of third-party products and services. The legal basis is Art. 6 (1) 1 f) and Recital 47 GDPR. It is possible to informally object to this advertising at any time (see Point 6 (1) of this statement.
(2) For subscriptions to our Newsletter, we use a double opt-in process, regardless of any order placed as described in paragraph (1). This means that after you have subscribed, we send a confirmation e-mail to that address, requesting confirmation from you that you wish to receive the Newsletter. If you do not confirm within 24 hours, your information will be locked and automatically deleted after one month. If you confirm that you wish to receive the Newsletter, we will save your e-mail address until such a time as you unsubscribe from the Newsletter. The data is only saved to enable us to send you the Newsletter (legal basis is Art. 6 (1) 1 a) GDPR). Furthermore, we save the IP addresses used and the times at which the registration and confirmation took place, in order to prove that you subscribed and, if necessary, to resolve any misuse of your personal data (legal basis is Art. 6 (1) 1 a) and c), Art. 7 (1) GDPR. This data will be erased provided there is no check at the end of the third calendar year, beginning with the calendar year following the initial storage, requiring a longer storage period.
(3) The only field that must be filled out in order to receive the Newsletter is an e-mail address. The provision of additional, accordingly marked information is voluntary and such data is used to personally address you. This data is also deleted in full when the storage duration determined in paragraph (2) has lapsed.
(4) You may revoke your consent to the sending of the Newsletter at any time and unsubscribe from the newsletter. It is possible to do this by clicking on the link that is provided in every Newsletter or by expressing this wish in a message sent to the contact details listed in our site’s legal notice.
6. Right to object
(1) You can, at any time and with effect for the future, lodge an objection to the processing of your personal data for advertising purposes (legal basis is Art. 6 (1) 1 f) and Recital 47 GDPR. The same applies for an evaluation of certain features related thereto such as a data analysis. An objection to advertising can be provided informally, it can be carried out for example via a link in the newsletter or directly with us using the contact details mentioned in the legal notice.
(2) In addition, there is a right to object for reasons arising from your particular situation, to processing for other purposes which takes place based on a balancing of interests (Art. 6 (1) 1 f) GDPR). This may be the case when the processing is not required in particular to fulfil a contract with you. When exercising such an objection, we ask for an explanation of the reasons why we should not process your personal data as carried out by us. In the event your objection is justified, we will investigate the matter and will either adjust or adapt the data processing or point out our overriding protection-worthy reasons based on which we will continue the processing.
7. Data security
(1) We take measures in accordance with the state of the art to protect your data from loss, destruction, falsification, manipulation and unauthorised access. Where we have collected and recorded your data, it is saved on highly secure servers. Technical and organisational measures are in place to ensure that these servers are protected from loss, destruction, access, manipulation and from the unauthorised transmission of your data. Your data can only be accessed by a few authorised people. These people are responsible for the technical, commercial or editorial maintenance of the servers. All our staff are bound to observe confidentiality.
(2) We have contracted the technical operation (hosting) of the website to a service provider. This service provider manages the data processing on our behalf. The collection, processing and use of your data performed by the service provider is entirely subject to our instructions. The statements in this data protection statement also apply to this service provider in the same way.
8. Cookies
(1) When accessing this website, “cookies” are saved onto your computer. Cookies are small text files that are saved on your hard drive in the section associated with the browser you are using. They are used to provide certain information to the site that is using the cookie (i.e. in this case to us). Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make all Internet services more effective and user-friendly. We may, for instance, use cookies to identify you when you visit the site again in the future if you have an Account with us. Otherwise, you would have to log in again every time you visited.
(2) This website uses cookies as follows:
Transient cookies (temporary use)
Persistent cookies (time-limited use)
Third-party cookies (from third parties, see information listed separately).
(3) Transient cookies (legal basis is Art. 6 (1) 1 f) GDPR) are automatically deleted when you close the browser window. In particular, this includes session cookies. Session cookies save what is called a session ID, which is used to identify the various requests that your browser makes during a joint session. This allows your browser to be recognised when you return to the website. Session cookies are deleted when you log out or close the browser window.
(4) Persistent cookies are only used in connection with the web analytics services we use (legal basis is Art. 6 (1) 1 f) GDPR) and they are only used for as long as is required by that purpose; their lifetime is limited to a maximum of two years. You may delete the cookies from your computer’s hard drive at any time by using your browser’s data protection functions. This could result in the functions of the service being limited and it could become less user-friendly.
(5) Any cookies that are not required for the technical provision of our service are only used with your permission and you may revoke this permission at any time (legal basis is Art. 6 (1) 1 a) GDPR). By continuing to use the website with the corresponding browser settings, you agree to the use of cookies in the context of this data protection statement. It is therefore possible to give your permission through your browser settings, by indicating that you wish to be informed about the use of cookies and that you only wish them to be accepted if you have explicitly given confirmation to that effect. In the same way, it is also possible to choose to accept cookies in certain cases, or to generally accept cookies. You may configure your browser settings according to your preference. It is, for example, possible to not accept third party cookies or to not accept any cookies. We advise you, however, that this may mean that you are not able to use all the functions of the website.
9. Further information according to GDPR
(1) This data protection statement only applies to this website www.hkp.com. So that you can receive the best information possible, you will find links to third-party websites on our pages. Insofar as this is not clearly recognisable, we advise you that such links are external. This data protection statement does not apply to these other providers. If you leave this website, you are recommended to carefully read the privacy policy of each external website as a first step.
(2) hkp Deutschland GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany is the controller for processing your personal date. You can find further contact details in our website’s legal notice.
(3) We also transmit data to recipients in Switzerland (Section 1 (6) 1 Federal Data Protection Act [BDSG]) and to recipients in other third-party countries, provided there is an adequacy decision of the EU Commission. Otherwise, there is no intention to transmit your data to a recipient in a third-party country (not a Member State of the EU or EEA) or an international organisation. We refer to Point 9 and 10 of this data protection statement concerning the possibility of your data being accessed by third-party providers in the USA.
(4) You may request access from us to the stored data and you have the right to rectification of inaccurate data, to restriction of the processing and a right to erasure, insofar as there is no retention obligation opposing this. A right to erasure is not given if further processing is required for asserting, exercising or defending legal claims such as complying with an objection to advertising. With respect to the personal data affecting you, which you provided to us, for example in an input mask or a contact form, based on consent or to perform a contract existing between us, you have a right to data portability in a structured, conventional and machine-readable format.
(5) Insofar as the processing of your data is based on consent (legal basis is Art. 6 (1) 1 a) GDPR, you have the right to revoke the consent at any time without the legality of the processing carried out based on the consent up to the time of revocation being affected. Legal permissions remain unaffected by revocation of consent.
(6) We have appointed a data protection officer. The contact address is: Mr. Jörg Müller, hkp Deutschland GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany, datasecurity@hkp.com.
(7) You have a right to lodge a complaint with a data protection supervisory authority, for example with the Hesse Data Protection Officer, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany, who is responsible for us.
10. Changes to the data protection statement
Where necessary, we will update this statement in keeping with the content of the website as well as more generally to reflect legislative changes.
Updated: May 2018