Data protection statement

HENNECKE-OMS, in its capacity as data controller, within the meaning of the GDPR, is aware of the importance of Your rights, within the scope of the processing of Your personal data, including while visiting our own web site. For that reason, we wish to inform you of the modalities of processing Your personal data, in accordance with the following privacy policy, in compliance with the General Data Protection Regulation (GDPR).

Data controller

The data controller, within the meaning of Art. 4, paragraph 1, no. 7), of the GDPR, is
HENNECKE-OMS S.p.A. sole shareholder
with Registered Offices: Via Sabbionetta 4 - 20843 Verano Brianza (MB), Italy
Telephone: +39 0362 983-1

E-mail:info@hennecke-oms.com
Web: www.hennecke-oms.com

The Data Protection Officer

The personal data protection officers as designated by HENNECKE-OMS S.p.A. are Mssrs. Luciano Fasolo and Alessandro Redaelli It is possible to contact the data protection officers by sending a communication to the address indicated above or by sending an e-mail to the e-mail address: privacy@hennecke-oms.com

Purpose of processing personal data

The personal data provided by You ("Concerned Party"), will be collected and used only for such purposes as are necessary, useful and legitimate. While you are visiting the website, the data will be collected to ensure the proper operation of the site and of the services offered. The information concerning the data collection and processing is provided below.

The data will be deleted at the end of the timeframe required for the purposes of processing. The data might be retained beyond the timeframe necessary for the purposes of the processing if European or Italian law requires the retention for a longer period. Access to the data will be blocked or the data erased when the timeframe foreseen for the retention has passed, except if necessary for the fulfillment and performance of contractual obligations. The most important relevant details are provided below.

The host of the Content Management System is GoDaddy Deutschland GmbH, Hansestr. 111, 51149, Cologne, Germany (E-mail: hq@godaddy.com, Tel: +49 8921094807); they have all of the information concerning the Storage of data on the Content Management System of the data controller.

Collection and processing of the data

Functioning of the website, log file

While visiting the website www.hennecke-oms.com or on other web pages accessible via the site of the data controller (www.hennecke-oms.com), the following personal data will be collected and stored in a log file:

information on the type of browser and the version used;
the operating system being used by the Concerned Party;
the Internet service provider of the Concerned Party;
the IP address of the Concerned Party;
date and time of accessing the website;
websites that the Concerned Party used to make his/her way to our website;
websites accessed by the Concerned Party via our website.

The processing of the data, including the retention in a log file, will be done to ensure the operation of the site and an optimal experience of the site. The data will be retained to ensure the security of our technical and information systems and for administrative purposes. The following data will be processed solely for the purposes of statistics, since the data related to the users visiting the site is anonymous.

The processing is lawful within the meaning of Art. 6, section 1, letter f) of the GDPR. Our legitimate interest is based on the purposes stated above with respect to collecting data and ensuring the operation of our website. The data collected will not be used to profile users.

Once the purposes for which data was collected have been achieved, the data will be deleted. Where the data was collected to grant access to the site, it will be deleted, in any event, after seven days. In such a situation, the IP addresses of the users will be deleted to ensure that the client can no longer be identified or recognized.

There is no legal or contractual obligation to communicate the following data. Failure to communicate the data could compromise the operation of the website.

Modes of contact, communication by e-mail; subscription

Description and units of data processing

Within our website, there is a section by which it is possible to contact us. The data entered into the modules provided in the contact section will be stored along with the IP address, the date and time that the information is sent. The data will be used to contact the company that made the request. The data content will depend either on the information sent, from the person who compiled the request module, or on the minimum content necessary to send the communication, as determined within the site.

Furthermore, we offer the possibility of contacting, via various e-mail addresses, the heads of department of the Data Controllers or the company. In this situation, the IP address, the e-mail address, the date and time will be sent, along with the contents of the message (information provided spontaneously).

The data will be collected and processed to develop the request of the Concerned Party.

In the event that a contact form is used or a communication sent by e-mail , the data related to your request and the personal data will be stored in the Content Management System.

The processing is lawful within the meaning of Art. 6, paragraph 1, letter b), of the GDPR, in the situation in which the processing is necessary to implement a contract of which the Concerned Party is a party, or within the meaning of Art. 6, paragraph 1, letter b) of the GDPR, with the scope of the execution of the pre-contractual measures at the request of the Concerned Party. The processing may also be carried out in accordance with Art. 6, paragraph 1, letter f) of the GDPR, when there is a legitimate interest of the Data Controller, for example within the scope of loyalty in the strict sense of the word, of the client. Within the scope of the Data Controller's own economic activities, the Data Controller may contact the client and/or be contacted by clients/interested parties.

The retention of data within the Content Management System is lawful within the sense of Art. 6, paragraph 1, letter f) of the GDPR. That processing is, in fact, necessary in order to ensure the functionality of the website and to guarantee the security of the functionality against any violations of the personal data.

Where the data processing is related to a contract to which the Concerned Party is a party, the data will be retained for the life of the contract. Alternatively, the data will be deleted once the objectives of the processing have been fulfilled, e.g. where it would no longer be necessary to process the personal data of the Concerned Party. In any event, the data will be stored within the limits prescribed by law.

Subject to exceptions, there is no legal or contractual obligation to communicate the following data. Failure to communicate the data could make it impossible to satisfy the request of the Concerned Party.

Applicant for a professional position

When applying for a professional position, it is necessary to communicate the following personal data via the application form.

qualification, title
given name and surname
street address, house number
postal code, municipality
e-mail address
telephone/mobile phone number
upload of attachments related to the application, curriculum vitae, similar documents

Furthermore, at the time of submission of the application, the IP address, the date and time of the submission of the documentation will also be stored.

Special categories of personal data: the application and, especially, the curricula vitae, the certificates and other data that you send, may contain special categories of personal data that could reveal racial or ethnic origin, political opinion, religious or ideological conviction, membership in a trade union or determine the processing of genetic or biometric data, health data or with respect to sexual life or orientation. It is not necessary to send the following information when submitting an application. Nevertheless, if it is necessary to send this type of information at the time of Your application, it will be necessary to obtain your specific consent so that HENNECKE-OMS would be able to collect, process and use such Data within the scope of the selection process. The processing of those Data will be carried out in accordance with this privacy policy and the provisions of the applicable law.

The processing of this personal Data is necessary to be able to evaluate and administer Your application. There is no legal or contractual obligation to communicate the following Data. Failure to communicate the Data could make it impossible to consider the application within the context of the selection process.

Your data will be processed by a Processor, in particular Talent Soft GmbH, Spichernstr. 6, 50672 Cologne, Tel. 0221 1688030, e-mail contact.de@talentsoft.com and/or in the Content Management System. For the Content Management System, they have all of the information concerning data Storage on the Content Management System of the data controller. The Controller uses management systems and hosting servers provided by third parties, based on the company structure. The Controllers will appoint the Processors as stipulated by the GDPR. The processing of personal data, on behalf of the Controller, will only be carried out by a company designated as processor.

The processing is lawful within the sense of Art. 6, paragraph 1, letter b), and Art. 88 of the GDPR, along with Articles 2-octies, 111 and 111-bis of the Legislative Decree 196/2003, as amended by Legislative Decree 101/2018. Furthermore, the processing is lawful within the sense of Art. 9 paragraph 2, letter a), jointly with Art. 6, paragraph 1, letter a), Art. 7 and Art. 88 of the GDPR, along with the Articles 2-octies, 111 and 111-bis of the Legislative Decree 196/2003 ss.mm.ii.

In accordance with Art. 7, paragraph 3 of the GDPR, consent may be withdrawn at any time. Such a withdrawal does not invalidate the lawfulness of the processing carried out until the time of withdrawal. The withdrawal can be communicated to the address shown above or by e-mail to the address privacy@hennecke-oms.com.

The data will be retained for the duration of the selection process. In the event that the application process is successful, the data will be retained for the establishment of the employment relationship. Upon termination of the employment relationship, the data will be retained in accordance with the limits of the law. In the event that the application is not successful, the data will be deleted after a period of 5 months from the moment of communication of the result of the selection process. The period of retention of the data is lawful within the meaning of Art. 6, paragraph 1, letter f) of the GDPR; it is necessary to ensure the protection of the rights of the Controller in the event of a legal dispute.

Contact with the Tech Center

In order to be able to contact the Tech Center, by means of the appropriate form, the following information is required:

company
surname
country
e-mail
telephone no.

It is also possible to send:

given name
address
message

That personal data will be collected and retained in order to be able to respond to requests from Concerned Parties. Furthermore, the IP address and the date and time of the communication will also be retained.

Contact submitted via 360° help

Within the scope of 360° help, it is necessary to provide the following information:

company
surname
country
e-mail
telephone no.

It is also possible to send:

given name
address
message

The processing is lawful within the meaning of Art. 6, paragraph 1, letter b), of the GDPR, in the situation in which the processing is necessary to implement a contract of which the Concerned Party is a party, or within the meaning of Art. 6, paragraph 1, letter b) of the GDPR, with the scope of the execution of the pre-contractual measures at the request of the Concerned Party. The processing may also be done in accordance with Art. 6, paragraph 1, letter f) of the GDPR, when there is a legitimate interest of the Data Controller, for example within the scope of loyalty in the strict sense of the word, of the client or for purposes of providing assistance.

Registration/use of the 360° help portal

It is possible to access the 360° help portal and to obtain a series of benefits and information. In order to access the portal, it is necessary to use credentials, such as user name and password chosen by the Concerned Party.

The data will be retained in order to allow the Concerned Party to access the help portal at any time. Other information related to the Concerned Party may also be entered.

When a user accesses the platform, the IP address, the time and the date of the log-in and log-out will be stored in the log file.

The data will be deleted as soon as the Concerned Party stops using the portal. In some cases, retention periods set by law may apply.

Registration for events

It will be possible to register for various events. In order to register, it will be necessary to provide some personal information. That information is necessary for the registration at an event by the Concerned Party. If the information requested is not provided, the organizer of the event is authorized to refuse participation. At the moment of the request of participation in the event, the IP address and the date and time of the registration will be retained.

The Data will be sent by the Data Controller, or the company that receives the data from the Concerned Party, to the organizer of the event. For reasons related to the organization of the event, the data may also be sent to other countries, which may or may not be Member States of the European Union. Even if the level of security provided for the data were inadequate in the State that receives the data, the processing would be legitimate within the meaning of Art. 49, paragraph 1, letter c), of the GDPR.

Furthermore, the processing and the retention of the data is lawful within the meaning of Art. 6, paragraph 1, letter a), and Art. 7 of the GDPR.

The data is retained for the duration of the event.

Retention in the Content Management System of the Data Controller

The Data Controller uses a Content Management System that is provided and administered by a data processor (see definitions). In other words, that Content Management System is a program for the management of the company website, contact forms, help, etc. All of the processing activities related to personal data described above, will be transferred and retained in that management system referred to as the Content Management System. Those data retention and processing activities, via the Content Management System, will be carried out to be able to ensure the security of the personal data and to back the data up. Those services are provided within the contract with the data processor in addition to identifying adequate technical and organizational measures.

Furthermore, the retention of personal data on the Content Management System is necessary for technical reasons and for the management of the online content and the services provided.

The processing carried out via the Content Management System is lawful within the meaning of Art. 6, paragraph 1, letter f) of the GDPR in order to be able to guarantee the functionality of the services offered to the Concerned Party. The processing of personal data, carried out by the Data Processor, is governed by a contract within the meaning of Art. 28, paragraph 3, of the GDPR.

The personal data will be retained in the Content Management System for 5 weeks. A secure back-up of encrypted data will be provided. That back-up will be retained for no more than 5 weeks, until a new back-up of the Content Management System is made. The creation of the back-up is lawful within the meaning of Art. 6, paragraph 1, letter f) of the GDPR for the reasons stated above.

There is no legal obligation to communicate the following data. In specific cases, failure to communicate data could constitute a violation of contractual obligations and result in economic and/or legal damages to the Concerned Party. Such an eventuality must be evaluated on a case by case basis. Failure to provide the personal data to the Content Management System will make it impossible to deal with your requests and/or to offer the correct functioning of the website.

Analysis tools

Google Analytics

This site uses Google Analytics, a web analysis service from Google Inc. ("Google"), Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By means of so-called 'cookies', which are text files written by the site onto the user's computer via the browser, Google Analytics makes it possible to analyze your preferences with respect to the use of the website. The information generated by the cookie, with respect to the use of the site, is sent to a Google server in the United States, where it is stored.

The anonymous IP ("anonymizeIp") is activated, so your IP address is transmitted in abbreviated form (unintelligible) to the Member States of the European Union, or other States that are signatories of the European Economic Area. In exceptional cases, the IP address will be sent in full to the Google server in the United States, and then abbreviated. Google will use the information collected on behalf of the manager of this website to analyze your preferences on the website, to compile reports on the activities of the site and to provide other services to the website manager related to the use of the site and the Internet. The IP address sent by your browser within the context of Google Analytics will not be matched (cross-referenced) with other data (information) that Google has.

It is possible to disable the cookies by means of the browser's settings; disabling the cookies could result in a compromise of the website functionality. It is possible to block the processing and the collection of the information related to the use of the website by the user via cookies (including IP address), by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

It is possible to block the collection of the information by Google Analytics, by clicking on the following link. That setting will activate an opt-out cookie, which will block the collection, even later, of your information while navigating on this site. Deactivation of Google Analytics.

Other information with respect to the terms and conditions of use and the protection of data are available on page http://www.google.com/analytics/terms/de.html or page https://www.google.de/intl/de/policies/.

We use Google Analytics to extract data, provided by AdWords and by the Double-Click cookie for purposes of statistics. It is possible to deactivate that functionality through the management of the functionality related to personalized ads (http://www.google.com/settings/ads/onweb/?hl=de).

This site uses the "demographic data" functionality of Google Analytics. That makes it possible to create reports related to age, gender and the interests of the visitors to the site. That information is collected through Google ads, based on the interests of the users and data provided by other providers. Such data does not make it possible to identify a specific person. It is possible to deactivate that functionality at any time, by means of the settings related to ads for your Google account or to block the collection of data by Google Analytics as described in general in the section "Opt-out from the collection of data".

The contract with Google, as a Data Processor, complies with the requirements of the Italian Data Protection Authority as relevant for the use of Google Analytics.

The processing of data by Google Analytics is carried out to ensure the efficiency of our Internet site.

The processing is lawful within the sense of Art. 6, paragraph 1, letter f) of the GDPR. The rights and the freedom of the users are protected by means of the anonymous IP functionality, which does not interfere with the functionality of the website.

There is no legal or contractual obligation to communicate the following personal data. Failure to communicate the information could compromise the functioning of the site and/or limit the provision of services.

Google AdWords and monitoring the conversions by Google

This site uses Google AdWords AdWords is a program of online advertisements operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America (“Google”).

We use the conversion tracking functionality of Google AdWords. When you click on an ad published by Google, a cookie is generated for monitoring purposes. Cookies are small text files written by the site onto the user's computer via the browser, Google Analytics makes it possible to analyze your preferences with respect to the use of the website. These cookies expire after 30 days and do not make it possible to identify users personally. If the user visits a certain page on the site and the cookie has not yet expired, it makes it possible for Google and us to personalize the ad that guided the user to this site.

Every client of Google AdWords receives a different cookie. It is not possible to track cookies via the websites of clients of AdWords. The information collected makes it possible to generate statistics for the clients of AdWords who have elected the conversion tracking functionality. The clients know the total number of users who clicked on the ad and who were then directed to a page containing tags for monitoring. They do not receive any information that would make it possible for them to identify users individually, however. It is possible to deactivate Google's conversion tracking functionality via the settings in your browser. That will mean that you will not be included in the statistics of the monitoring activity.

The processing by means of "Conversion cookies" is lawful within the sense of Art. 6, paragraph 1, letter f) of the GDPR. The manager of the website has a legitimate interest in analyzing the behavior of the users for the purpose of optimizing its own web offerings and for its own advertising.

Additional information with respect to Google AdWords and Google's Conversion Tracking can be found in the Google Privacy Policy: https://www.google.de/policies/privacy/.

It is possible to configure the browser to receive notifications of cookies generated and to choose which ones to deactivate, automatically exclude certain cookies or to automatically deactivate all the cookies when the browser is closed. Deactivating the cookies could compromise the website functionality.

Google reCAPTCHA

This site uses “Google reCAPTCHA” (hereinafter “reCAPTCHA”). Provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

reCAPTCHA monitors the data entered on the website (e.g. in a contact form) to determine whether it was carried out by a person or by an automated program. To do that, reCAPTCHA analyzes the behavior of the visitors based on various characteristics. The analysis starts automatically as soon as the visitor accesses the website. reCAPTCHA takes a number of factors into consideration (e.g. IP address, length of stay by the visitor on the website, or mouse movement activated by the user). The data collected in the analysis is communicated to Google.

The analysis of reCAPTCHA is carried out completely in the background. The analysis is not communicated to the website visitors as it is being done.

reCAPTCHA is used to protect our web offerings from automated illicit activities related to espionage or SPAM.

The protection against automated spying or spam is not only important for us, but also for you as a user (Concerned Party), since that makes it possible to provide you with content from our website.

The processing is lawful within the sense of Art. 6, paragraph 1, letter f) of the GDPR.

Other information with respect to Google reCAPTCHA can be found in the Google privacy policy at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

There is no legal or contractual obligation to communicate the following personal data. Failure to communicate the information could lead to disadvantages for the Concerned Party or compromise the functioning of the site and/or limit the provision of services.

Plug-ins, tools and links

YouTube

This site uses the plug-in for the YouTube site, owned by Google. The site is managed by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages containing a YouTube plug-in, a connection will automatically be created to the YouTube server in addition to the communication to the same server of the page visited.

If you are logged in to your YouTube account, you grant permission to YouTube to link your behavior directly to your personal profile. It is possible to block this simultaneous linking by logging out of your own YouTube account.

We use YouTube to present our offerings online and to illustrate and present our products. That constitutes a legitimate interest within the sense of Art. 6, paragraph 1, letter f) of the GDPR.

Other information with respect to user data is available in the privacy policy of YouTube at: https://www.google.de/intl/de/policies/privacy

Google Web Fonts

To ensure a uniform presentation of written characters, this site uses so-called web fonts provided by Google. When you call up a site, your browser loads into its own cache the web font needed to present the text and the characters correctly.

To be able to do so, the browser that you are using sends a stream of information to the Google server. In doing so, Google associates the IP address with the web page visited. Google Web Fonts are used to present our online offerings in a way that is pleasant and uniform. The processing is lawful within the sense of Art. 6, paragraph 1, letter f) of the GDPR.

If your browser does not support the web font, your computer will use a standard font.

Other information with respect to Google Web Fonts are available at: https://developers.google.com/fonts/faq and in privacy protection statements with respect to personal information issued by Google: https://www.google.com/policies/privacy/.

Google Maps

This site uses an API of the Google Maps cartography service. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functionality of Google Maps, it is necessary to store your IP address. The information is normally sent to a Google server in the United States, where it is stored. The manager of that site does not have any control over that transfer of data.

Google Maps are used to present our online offerings in a pleasant way and to facilitate the localization of our locations indicated on the site. The processing is lawful within the sense of Art. 6, paragraph 1, letter f) of the GDPR. It is possible to deactivate the localization function by Google Maps from within your own browser. More detailed information is available within the settings of your browser.

Other information with respect to user data is available in the privacy policy of Google at: https://www.google.de/intl/de/policies/privacy/.

Link to Facebook, Twitter, Expo21xx, Pressebox

On this site (www.hennecke-oms.com) there are also links to Facebook, Twitter, Expo21xx and Pressebox. The links are intended to connect the presence on social media of the Data Controller and the company on the website, for the purpose of presenting the company in its entirety and to provide content to users that is not available on the website.

When a Concerned Party clicks on one of those links, the browser will make a direct connection to the server of the respective web page. Your IP address will be communicated to the server. If the user has logged into an account on one of the social media indicated, the social media will receive the corresponding information that can be linked to the user's profile on that social media. The Data Controller has no control over this mechanism.

Those servers are used for the purpose of presenting the company's own activity on the social media in a simple fashion. The processing is lawful within the sense of Art. 6, paragraph 1, letter f) of the GDPR:

For additional information, please contact:

Cookies

This site uses so-called cookies, which make it possible to offer you personalized services. Cookies are small text files written by the website onto your computer which stores it via the browser, and makes it possible to analyze your preferences with respect to the use of the website. In particular, cookies are used to identify the language of your browser; when the matching browser tab is closed, the cookie will be deleted. Most browsers are configured to accept cookies automatically. You can deactivate the storage of cookies or configure your browser to inform you if any cookies are authorized.

The processing is lawful within the sense of Art. 6, paragraph 1, letter f) of the GDPR, because they guarantee the optimal functioning and the security of our web offerings.

Edit cookie settings

The Rights of the Concerned Parties

As stipulated by the GDPR, Concerned Parties can exercise the following rights:

within the meaning of Art. 15 of the GDPR, you can request information related to your personal data processed by us. In particular, you can request information about:

the purposes of the processing,
the categories of personal data,
the categories of addressees to whom your personal data have been or will be communicated,
the expected period of retention,
the existence of rights of choosing rectification, deletion, limitation of processing of the data or to oppose the processing.
the existence of rights of submitting complaints to the Personal Data Protection Authority,
the origin of the data, when the data was not collected by us,
and also the existence of an automated decision-making process, including profiling and, at least in such cases, significant information with respect to the algorithm used in detail;

within the meaning of Art. 16 of the GDPR, request the rectification of incorrect personal data or to add information to that which we have stored;
within the meaning of Art. 17 of the GDPR, to request the deletion of personal data stored by us, as long as the processing is not necessary for the exercise of rights of freedom of expression and of information, the fulfillment of a legal obligation, for reasons of public interest, or for the establishment, the exercise or the defense of a legal right.
within the meaning of Art. 18 of the GDPR, request the limitation of the processing of your personal data if you are disputing the accuracy of the data, if the processing was illegal but the Concerned Party is opposed to the deletion of the data, if we no longer need the data but it is required by the Concerned Party for the establishment, exercise or defense of a legal right, or if the Concerned Party is opposed to the processing within the meaning of Art. 21 of the GDPR.
within the meaning of Art. 20 of the GDPR, to receive the personal data that you submitted to us in a structured format, for a normal use and readable by automated system or the request the transmission of such data to another Data Controllers, if technically feasible;
within the sense of Art. 7, paragraph 3, of the GDPR, to withdraw at any time the consent granted previously, with the consequence that in the future, we would not be able to continue to process the data that was the subject of the consent.
within the meaning of Art. 77 of the GDPR, to submit a dispute to an oversight authority. To which end, you could normally contact the oversight authority in your place of habitual residence or workplace or our registered offices.
to withdraw consent at any time within the meaning of Art. 7, paragraph 3, and Art. 9 paragraph 2, letter a), of the GDPR.

Right of objection by the Concerned Party

If the processing of the data is based on a legitimate interest within the meaning of Art. 6, paragraph 1, letter f), of the GDPR, the Concerned Party has a right to object for reasons related to the Concerned Party's particular situation, the processing of the personal data in accordance with Art. 21, paragraph 1 of the GDPR. In that case, the processing of your personal data will stop immediately, unless the Data Controller can demonstrate reasons that show the legitimacy of the processing, overriding your interests, rights and freedom, and according to the same principle in the situation in which the processing would be necessary for the establishment, exercise or defend a legal right within the meaning of Art. 21, paragraph 1 of the GDPR.

In which case, please contact the addresses shown above.

Security

HENNECKE-OMS has taken the necessary technical security and organizational measures to ensure the protection of your (submitted) personal data from accidental or intentional manipulation, loss, destruction or access by unauthorized third parties. In the event of collection and processing of personal data, the information will be transmitted in encrypted form, to prevent misappropriation of the data by third parties. Our security measures are constantly being revised to ensure they are in keeping with the technological progress. At the time of writing, within the scope of navigation of the utilization of our website, we are using an SSL procedure, secured by means of RSA 2048 bit encryption.

Validity

This Privacy Policy is in effect as of 05/25/2018.