Privacy policy

Data protection is a high priority for us. Personal data such as names, addresses, email addresses or telephone numbers is always processed in accordance with the legal requirements of the General Data Protection Regulation and in compliance with the applicable legal, country-specific data protection provisions. With this privacy statement, we hereby inform you about the nature, scope and purpose of the personal data which we collect, use and process.

Please note that despite the strictest security precautions on our part, there may be security gaps when transmitting data over the internet. Therefore, we cannot guarantee complete protection.

Name and contact details of the controller

The controller within the meaning of the General Data Protection Regulation is:

Friedrich Herzog & Co. e. K.
Owner Christoph Latz
Keltenstrasse 3-7
63939 Wörth am Main
Germany

Telephone: +49 (0) 9372 / 987550
Fax: +49 (0) 9372 / 987540
Email: mail@herzogleather.com

Collection of general data, disclosure of data

When our website is accessed, it collects general data and information which is then stored in the server’s log files. The following information may be collected:

  • Browser type and version used
  • Operating system used by the accessing system
  • Website from which the accessing system arrives at our website
  • Time and date of access to our website
  • IP address
  • Internet service provider of the accessing system, other data and information that is intended to prevent security threats in the event of attacks on our information technology systems.

When using this general data and information, we do not draw any conclusions about the data subject. Rather, we require this information in order to display the content of our website correctly by optimising the content and advertising for this. The information is also required to ensure the long-term functionality of our IT systems and the technology of our website, as well as to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

We statistically evaluate this anonymously collected data and information with the aim of increasing the data protection and data security of our business, thus ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files is stored separately from any personal data that data subjects have provided.

Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:

  • you have given your express consent to this (see Article 6 (1)(a) of the GDPR),
  • the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data (see Article 6 (1)(f) of the GDPR),
  • there is a legal obligation for the disclosure (see Article 6 (1)(c) of the GDPR),
  • the transfer is legally permissible and necessary for processing a contractual relationship with you (see Article 6 (1)(b) of the GDPR).

Cookies

Our website uses cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.
Numerous websites and servers use cookies. Many cookies contain what is called a cookie ID, which is a unique identifier for a cookie. It consists of a string of characters by which internet pages and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers that were visited to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. An individual internet browser can be recognised and identified using the unique cookie ID.

Cookies allow us to optimise the information and offers on our website to the user. They also allow us to recognise users on our website. The purpose of this recognition process is to make it easier for users to navigate our website. For example, on a site which uses cookies, users do not have to re-enter their login details when they return to the site, as the site and the cookie stored on the user’s computer system will carry out this step for them.

You can prevent our website from placing cookies at any time by changing the relevant setting in your internet browser, thus permanently objecting to cookies being placed in your browser. At any time, you can also delete any cookies that have already been placed using your internet browser or other software programs. If the data subject deactivates the placement of cookies in their internet browser, not all functions of our website may be fully usable.

Registration and contact on our website

You have the option of registering on our website by providing personal data or contacting us. The data which is transmitted to us in this process is the data from the respective input mask that you use for registration (e.g. in the contact form). The personal data you enter here will be collected and stored exclusively for our own purposes. We may arrange for the data to be passed on to one or more processors, e.g. transport companies, who will then in turn permissibly use the data exclusively for their own company purposes.

When you register on our website, the IP address assigned to you as well as the time and date of registration are stored. The reason for this storage is that it is the only way to prevent misuse, which therefore makes this process necessary for the protection of both parties. In principle, this data is not passed on to third parties unless there is a legal obligation to do so or unless this disclosure is for the purposes of criminal prosecution.

The data subject’s registration, in which personal data is voluntarily provided, allows the controller to offer the data subject content or services which can only be offered to registered users due to their nature. Registered users are free to change the personal data that they provided during registration at any time or to have it completely deleted from our database.

Upon the data subject’s request, we will at any time provide them with information about what personal data concerning them is stored. We will also correct or delete personal data at the data subject’s request or notice, provided that this does not conflict with any statutory retention obligations. If you wish to send such a message, you will find the necessary contact details in section 1 of this statement.

If you contact us by email or via the contact form, the personal data you provide will be stored automatically. Such personal data that you have voluntarily transmitted to us will be stored for the processing purposes or for contacting the data subject. This personal data is not passed on to third parties.

Routine erasure and blocking of personal data

We process and store personal data only for the period of time required to achieve the storage purpose pursued or insofar as this is prescribed by the legislator in the laws or regulations relevant to us.

If the purpose of storage no longer applies or if a legally prescribed storage period expires, the personal data will be blocked or deleted in accordance with the statutory provisions.

Rights of the data subjects

As the data subject within the meaning of data protection law, you have the right:

  • to request information about your personal data processed by us, in accordance with Article 15 of the GDPR. In particular, you have the right to request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • to immediately demand the rectification or completion of incorrect or incomplete personal data stored by us, in accordance with Article 16 of the GDPR;
  • to request the erasure (right to be forgotten) of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims, in accordance with Article 17 of the GDPR;
  • to request the restriction of the processing of your personal data in accordance with Article 18 of the GDPR, insofar as the accuracy of the data is contested by you, or if the processing is unlawful, but you oppose its erasure. You also have the right to request such a restriction if we no longer require the data, but you require this for the assertion, exercise or defence of legal claims or you have objected to the processing, in accordance with Article 21 of the GDPR;
  • to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller, in accordance with Article 20 of the GDPR;
  • to withdraw consent that you have already given to us at any time, in accordance with Article 7 (3) of the GDPR. In this case, we will no longer process the data that was based on this consent with future effect;
  • to object to the processing of your personal data in accordance with Article 21 of the GDPR, if your personal data is processed by us on the basis of legitimate interests in accordance with Article 6 (1)(f) of the GDPR and there are grounds for this objection that arise from your particular situation or you are objecting to direct marketing. In the latter case, you have a general right to object, which we will then carry out promptly. To make an objection, you may send a simple email to the email address stated under section 1 of this statement, without needing to specify a particular reason;
  • to complain to a supervisory authority, without prejudice to any other administrative or judicial remedy, in accordance with Article 77 of the GDPR. You can generally contact the supervisory authority of your usual place of residence for this purpose.

Data security

We use the widespread SSL (Secure Socket Layer) procedure in combination with the highest encryption level supported by your browser. If the key or lock symbol in the lower status bar of your browser is closed, this means that the individual page of our website is being transmitted in encrypted form.

We also use appropriate technical and organisational security measures to protect your data against manipulation, misuse, partial or complete loss, or against unauthorised access by third parties. Our security measures are continuously updated in line with technological developments.

Legal basis of the processing

The legal basis for our processing operations is Article 6 (a) of the GDPR, according to which we must obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for processing a goods order, this processing is based on Article 6 (b) of the GDPR. The same applies to any processing operations that are necessary for the implementation of measures, for example in cases of inquiries from interested parties about our products, offers or services.

If we are subject to a legal obligation which requires personal data to be processed, such as, for example, for complying with tax obligations, the processing is based on Article 6 (c) of the GDPR.
Ultimately, processing operations could be based on Article 6 (f) of the GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on Article 6 (f) of the GDPR if the processing is necessary to protect a legitimate interest of our company or a third party, provided that these interests do not override your fundamental rights and freedoms. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, the legislator was of the opinion that a legitimate interest could be assumed if the data subject is a customer of the controller (see Recital 47 of the GDPR).

Duration of data storage

The criterion for the duration of the storage of personal data is the respective legally prescribed retention period. After this period has expired, the personal data is routinely deleted if it is no longer required for the fulfilment of a contract or the initiation of a new agreement.

Use of our newsletter distribution service provider “CleverReach”

We use the provider CleverReach to send our newsletter. The provider is CleverReach GmbH & Co. KG, Mühlenstrasse 43, 26180 Rastede, Germany. The data you provide for the purpose of receiving the newsletter will be stored on CleverReach’s servers in Germany or Ireland.

In order to successfully complete the registration, you will need to provide us with your email address. For the purposes of verifying if the registration was in fact made by the actual owner of the email address provided, we use the “double opt-in” procedure. This means that we log your registration for the newsletter, the sending of the confirmation email and the receipt of the response that was requested in this email. No other data will be collected. We will use the data for the sole purpose of sending the newsletter and it will not be passed on to third parties.

You can revoke your consent to the storage of your personal data and its use for receiving the newsletter at any time. If you do not wish for CleverReach to analyse your data, you must unsubscribe from the newsletter. All newsletters contain an unsubscribe link. Alternatively, you can also contact us directly at any time and inform us that you no longer wish to receive the newsletter in future. You can find the contact details in section 1 of this privacy statement.

Our newsletters sent with CleverReach allow us to analyse the behaviour of newsletter recipients, such as information on how many recipients have opened the newsletter message, if any links were clicked on and how often. Conversion tracking is a process that can be used to analyse whether a predefined action (e.g. purchasing a product on our website) has taken place after clicking on the link in the newsletter.

The data processing is based on the consent that was previously given (Article 6 (1)(a) of the GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of data processing operations that have already been carried out shall remain unaffected by the withdrawal.

We will store the data that you have provided for the purpose of receiving the newsletter until you unsubscribe from the newsletter. It will be deleted from both our servers and the servers of CleverReach after you have unsubscribed. Data that we store for other purposes (e.g. email addresses for the member area) shall remain unaffected by this.

You can find CleverReach’s privacy policy and more information on the subject of data protection at https://www.cleverreach.com/de/datenschutz/

Changes to this privacy statement

Should current circumstances necessitate any legal changes, such as changes in the relevant data protection regulations or court rulings, we will update our privacy statement as necessary.

Statement last updated December 2019