Information on the Processing of Personal Data (Privacy Policy)

Welcome to the data protection section of HETEK Lift- und Hebetechnik GmbH. We are very pleased about your interest in our company. Based on these privacy notices, we would like to inform you in detail about when we collect which data and how it is processed.

Controller

The controller as defined in Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is:

HETEK Lift- und Hebetechnik GmbH
Managing Director: Henning Seffers
Unter den Linden 1, 99830 Treffurt, Germany
Phone: +49/36923/53-0
Email: info(at)hetek.de

Data Protection Officer

You can reach our Data Protection Officer at:

Gesellschaft für Personaldienstleistungen mbH
Pestalozzistraße 27
34119 Kassel, Germany
Phone: +49 561 220774 – 0
Email: datenschutz@gfp24.de
Website: https://www.gfp24.de

General Information on the Collection of Personal Data

With the following information, we inform you transparently about the type and scope of the processing of personal data collected in the context of:

  • your visit to our website,
  • the use of our online services,
  • external online presences on social media platforms,
  • application procedures,
  • our branch business,
  • and business relationships with customers and service providers.

The legal basis for our data protection is formed in particular by the requirements of the General Data Protection Regulation (GDPR) as well as the supplementary regulations of the Federal Data Protection Act (BDSG) and the Telecommunications-Digital-Services-Data Protection Act (TDDDG).

Purpose / Legal Basis of Processing

In cases where we obtain your consent for processing operations of personal data, Art. 6 Para. 1 lit. a GDPR serves as the legal basis.

In the processing of personal data required to fulfill a contract concluded between you and us, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required for the performance of pre-contractual measures.

In the event that processing personal data is required to fulfill a legal obligation to which we are subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 Para. 1 lit. d GDPR is the legal basis.

In the event that the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party, and your interests, fundamental rights, and freedoms do not outweigh the former interest, Art. 6 Para. 1 lit. f GDPR is the legal basis for the processing.

If cookies or similar technologies are set during data processing, the storage thereof or access to information in the user’s terminal device (e.g., device fingerprinting) is carried out according to Section 25 Para. 1 TDDDG in conjunction with Art. 6 Para. 1 lit. a GDPR.

If the use of cookies is strictly necessary, this is done on the basis of Section 25 Para. 2 No. 2 TDDDG.

Disclosure of Personal Data

If we transfer your personal data to other entities or disclose it to them as part of our processing, this is done exclusively on the basis of one of the stated legal grounds. Recipients of this data may include payment service providers within the scope of contract fulfillment. In cases where we are legally or by court order obliged to do so, we must transfer your data to authorized information-seeking bodies.

If external service providers support us in processing your data (e.g., data analysis, newsletter dispatch), this is done within the scope of order processing according to Art. 28 GDPR. We only conclude corresponding contracts with service providers who offer sufficient guarantees that appropriate technical and organizational measures ensure the protection of your data.

Data Transfer to Third Countries

Data transfer to third countries (outside the European Union or the European Economic Area) only takes place if this is in accordance with the legal requirements. Subject to express consent or contractually or legally required transfer, we process or have the data processed only in third countries with a recognized level of data protection (e.g., adequacy decision of the European Commission according to Art. 45 Para. 1 S. 3 GDPR for the “EU-US Data Privacy Framework”) or according to Art. 44 et seq. GDPR on the basis of special guarantees, such as contractual obligations through so-called standard protection clauses of the EU Commission.

Data Storage

As soon as the respective purpose for storage no longer applies, we will delete or block your personal data. Further storage of your personal data will only occur if specific legal retention periods (in particular commercial and tax law retention requirements) at the national or European level prevent deletion.

Definitions

Our privacy policy is based on terms used and defined in the GDPR. To ensure that our data protection provisions are easy to read and understand, we would like to explain the most important terms beforehand.

Personal Data

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Pseudonymization

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.

Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

Third Party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person.

Rights of the Data Subject

Through the processing of personal data, rights arise for you as a natural person, which you can exercise against us at any time. These are:

  • Right to withdraw a data protection consent declaration according to Art. 7 Para. 3 GDPR
  • Right to information about your personal data stored by us according to Art. 15 GDPR
  • Right to rectification of incorrect or completion of incomplete data according to Art. 16 GDPR
  • Right to erasure of your data stored by us according to Art. 17 GDPR
  • Right to restriction of processing of your data according to Art. 18 GDPR
  • Right to data portability according to Art. 20 GDPR
  • Right to object according to Art. 21 GDPR
  • Automated individual decision-making, including profiling according to Art. 22 GDPR

Right to Information

You have the right to know from us whether and – if so – which personal data we process of you, as well as to request copies of your personal data. Please note that your right to information may be restricted under certain circumstances according to legal regulations.

Right to Rectification

If the information concerning you is no longer accurate, you have the right to request the immediate rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data.

Right to Erasure

In accordance with legal requirements, you have the right to request that data concerning you be deleted without delay, e.g., if the data is no longer needed for the purposes pursued and legal retention and archiving regulations do not prevent deletion.

Right to Restriction of Processing

Within the scope of Art. 18 GDPR, you have the right to request a restriction of the processing of data concerning you, e.g., if you have objected to the processing, for the duration of the examination of whether the objection can be granted.

Right to Data Portability

You have the right to have data you provided to us handed over to yourself or to a third party in a standard, machine-readable format. If you request the direct transfer of data to another controller, this will only be done to the extent technically feasible.

Right to Withdraw a Data Protection Consent Declaration

If the processing of your personal data is based on a consent granted to us, you have the right to withdraw this consent at any time. The withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal.

Please address your withdrawal informally to HETEK Lift- und Hebetechnik GmbH, Unter den Linden 1, 99830 Treffurt, info(at)hetek.de.

Right to Object to Processing

Under the conditions of Art. 21 Para. 1 GDPR, a data processing based on Art. 6 Para. 1 lit. e or f GDPR can be objected to for reasons arising from your particular situation. This also applies to profiling based on these provisions. If you exercise your right to object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

Right to Lodge a Complaint with the Data Protection Authority

According to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful. The address of the supervisory authority responsible for our company is:

Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit
Street address: Häßlerstr. 8, 99096 Erfurt, Germany
Email: poststelle@datenschutz.thueringen.de
Website: https://www.tlfdi.de/

Use of Online Services

Collection of Personal Data when Visiting our Website

For purely informational use of the website, we only collect the personal data that your browser transmits to our server. This is technically necessary to display our website to you and to ensure stability and security (legal basis: Art. 6 Para. 1 lit. f GDPR and Section 25 Para. 2 No. 2 TDDDG):

  • IP address
  • Date and time of the request
  • Time zone difference to GMT
  • Content of the requirement (specific page)
  • Access status / HTTP status code
  • Data volume transferred
  • Website from which the request comes
  • Browser and operating system

This data is stored temporarily in log files for a maximum of seven days.

Use of Cookies

In addition to the aforementioned data, cookies are stored on your end device when you use our website. Cookies are small text files assigned to the browser you are using. We use strictly necessary cookies (Section 25 Para. 2 No. 2 TDDDG / Art. 6 Para. 1 lit. f GDPR). If we use cookies from other providers, this occurs based on your consent (Art. 6 Para. 1 lit. a GDPR / Section 25 Para. 1 TDDDG).

External Hosting

We host our website externally with:
1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.
Legal basis: Art. 6 Para. 1 lit. f GDPR (legitimate interest in stable provision). We have concluded an order processing contract (AVV).

Consent Management Platforms

We use a CMP to manage your consent settings in a legally compliant manner (legal basis: Art. 6 Para. 1 lit. c GDPR).

Our CMP: Borlabs Cookie (Borlabs GmbH, Hamburg).

Contacting Us

Contact Form

Data is processed based on your consent (Art. 6 Para. 1 lit. a GDPR) or for contract performance (Art. 6 Para. 1 lit. b GDPR).

Email, Phone, Fax

Data is processed to handle your request (Art. 6 Para. 1 lit. b or f GDPR).

Analysis and Marketing Tools

Google Analytics 4

Analysis of user behavior. Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR). Data is anonymized. Google Ireland Limited is the recipient.

Google reCAPTCHA

Protection against bots. Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).

Leadinfo

B2B visitor identification. Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).

Google Tag Manager

Management of website tags. Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).

Integrated Third-Party Content

Google Maps

Display of interactive maps. Legal basis: Consent (Art. 6 Para. 1 lit. a GDPR).

Cloudfront (CDN)

Fast delivery of content. Legal basis: Legitimate interest (Art. 6 Para. 1 lit. f GDPR).

Video Conferencing and Collaboration

Microsoft Teams / Microsoft 365

Communication and digital collaboration. Legal basis: Contract performance (Art. 6 Para. 1 lit. b GDPR) or legitimate interest (Art. 6 Para. 1 lit. f GDPR).

Social Media

We operate profiles on Facebook, Instagram, LinkedIn, and YouTube. Legal basis: Legitimate interest (Art. 6 Para. 1 lit. f GDPR).

Data Protection for Job Applications

Processing for the decision on establishing an employment relationship (Art. 88 GDPR / Section 26 BDSG). Retention period: Max 6 months if not hired.

On-site Business Premises

Guest WLAN

Provision of internet access. Legal basis: Contract performance (Art. 6 Para. 1 lit. b GDPR).

Business Relationships

Processing for contract execution (Art. 6 Para. 1 lit. b GDPR). Retention: Based on commercial and tax law requirements (typically 10 years).

Status: 20.04.2026

Whatever you are planning -

we support you and your project.

+49 (0) 36923/53 - 0
info@hetek.de
Directions

Unter den Linden 1
D-99830 Treffurt

We put your mobile world on a secure footing.