Data privacy – Horst Sprenger

Data protection notice

We are happy to welcome you to our website. The protection and security of your personal information when using our website is very important to us. Therefore, we would like to take the opportunity to inform you of the personal data we collect when you visit our website, and for which purposes it is used.
This data protection declaration applies for the Horst Sprenger GmbH online presence which is accessible at the domain horst-sprenger.com, and the various subdomains (“our website”).

Who is responsible and how can I contact them?

Authoritative and responsible party
for the processing of personal data as per EU General Data Protection Regulation (GDPR)
Horst Sprenger GmbH
Spezialwerkzeuge
Pferdsweide 41
47441 Moers (Germany)
info(at)horst-sprenger.com

Data Protection Officer
Pragma Consulting UG
Stefan König
Johann-Maas-Str. 6
47559 Kranenburg
datenschutz(at)pragmacon24.de

What is it all about?

This data protection declaration meets the legal requirements for transparency in relation to processing personal data. This is information which relates to an identified or identifiable natural person. This includes information, such as your name, age, address, telephone number, date of birth, e-mail address, IP address, or the user behaviour when visiting our website. Information with which we cannot (or only with a disproportionate amount of effort) establish a link to you personally, e.g. as a result of anonymisation, is not classed as personal data. The processing of personal data (e.g. gathering, surveying, use, storage or communication) always requires a legal basis and a defined objective.

Stored personal data is deleted as soon as the objective of processing has been achieved, and there are no longer any legal grounds for further storage. We inform you in the individual processing procedures of the specific storage periods and the respective criteria for storage. Notwithstanding the above, in individual cases, we save your personal data to assert, exert or defend legal claims, and in case of legal storage obligations.

Who receives my data?

We only forward the personal data of yours processed at our website to third parties if this is necessary to achieve the objectives and is recognised in each individual case by the legal basis (e.g. consent or legitimate interest). In addition to this, in individual cases, we forward personal data to third parties if this serves to assert, exert or defend legal claims. Possible recipients include, e.g. law enforcement authorities, lawyers, auditors, courts etc..
In the event that, for the operation of our website, we use service providers who process data as per Article 28 GDPR within the scope of processing our order, these service providers can also be recipients of your personal data. You will find more detailed information on the use of service providers and web services in the overview of individual processing procedures.

The use of cookies

Cookies are small text files which are sent by us to the browser of your terminal and stored there when you visit our internet pages. Alternative to the use of cookies, information can also be stored in the local storage of your browser. Some of the functions of our website cannot be provided without the use of cookies or local storage (technically essential cookies). Other cookies, on the other hand, make it possible for us to conduct analyses so that we can recognise the browser you use when you visit our website again, and to transfer various items of information to us, for instance (non-essential cookies). The use of cookies helps us, for instance, to organise our online presence in a more user-friendly and effective manner for you, as we can thus comprehend how you use our website and identify your preferred settings (e.g. country and language settings). In the event that third parties process information using cookies, they collect this information directly from your browser. Cookies do not cause any damage to your terminal. They cannot run any programs or contain any viruses.

We provide information on the respective services for which we use cookies in the individual processing procedures. You will find detailed information on the cookies used in the cookie settings or in the consent manager of this website.

Domain	Name	Description	Storage period
www.google.com	_GRECAPTCHA	Not available	Approx. 6 months
horst-sprenger.com	borlabs-cookie	Is used in order to store the cookie consent of the user so that consent does not have to be given again the next time the user accesses the website.	Approx. 6 months
horst-sprenger.com	PHPSESSID	PHP session cookie which is linked to the embedded contents from this domain.	Session
.horst-sprenger.com	pll_language	This cookie name is linked to the Polylang plug-in for WordPress websites. It stores a language preference for the visitor in order to support multilingual websites. If it is defined as a persistent cookie or with the standard lifetime of 1 year, it does not necessarily have to be regarded as essential, but rather as functional.	Approx. 12 months

What rights do I have?

Subject to the conditions of the legal guidelines of the General Data Protection Regulation (GDPR), as the affected person, you have the following rights:

To be informed (as per Article 15 GDPR) of the data stored relating to you as a person in the form of meaningful information on the details of processing, and a copy of your data;
To rectification (as per Article 16 GDPR) of any incorrect or incomplete data which we store;
To be forgotten (as per Article 17 GDPR), i.e. erasure of the data we have stored as long as processing is not essential for the exertion of the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exertion or defence of legal claims;
To restriction of processing (as per Article 18 GDPR) if the accuracy of the data is disputed, processing is unlawful, we no longer require the data and you refuse to have it erased because you require it for the assertion, exertion or defence of legal claims, or you have objected to processing as per Article 21 GDPR.
To data portability (as per Article 20 GDPR) if you have provided us with personal data within the scope of consent as per Article 6(1)(a) GDPR or on the basis of a contract as per Article 6(1)(b) GDPR, and we have processed it using automated procedures. You receive your data in a structured, conventional and machine-readable format or we send the data directly to another responsible party insofar as this is technically possible.
To object (as per Article 21 GDPR) to the processing of your personal data insofar as this is carried out on the basis of Article 6(1)(e), (f) GDPR, and there are grounds resulting from the specific situation, or you object to processing for direct marketing purposes. You do not have the right to object if predominant, compulsory grounds for processing worthy of protection can be proven, or if data is processed in order to assert, exert or defend legal claims. In the event that you do not have the right to object for certain individual processing procedures, this is specified in each case.
To withdraw (as per Article 7(3) GDPR) consent already given with effect for the future.
To lodge a complaint (as per Article 77 GDPR) with a regulatory body if you are of the opinion that the processing of your personal data violates the GDPR. In general, you can contact the regulatory body of your usual abode, your place of work or our place of business.

How is my data processed in detail?

In the following, we inform you about the individual processing procedures, the volume and objective of data processing, the legal basis, the obligation to provide your data and the respective storage duration. An automated decision is not made in individual cases, including profiling.

Provision of the website
Type and volume of processing
When you call up and use our website, we collect personal data which is transferred to our server automatically by your browser. The following information is stored temporarily in what is referred to as a log file:

IP address of the computer requesting connection
Date and time of access
Name and URL of the file called up
Website from which access was gained (referrer URL)
Browser used and, if necessary, the operating system of your computer and the name of your access provider

We do not host our website ourselves. This is performed by a service provider who processes the aforementioned data on our behalf as per Article 28 GDPR.

Objective and legal basis
Processing is performed for our predominant legitimate interest in displaying our website and guaranteeing security and stability based on Article 6(f) GDPR. The collection and storage of data in log files is essential for operation of the website. You do not have the right to object to processing as a result of the exception as per Article 21(1) GDPR. If further storage of the log files is stipulated by law, processing is performed on the basis of Article 6(1)(c) GDPR. There is no legal or contractual obligation to provide data, however, it is not technically possible to call up our website without providing data.

Storage period
The aforementioned data is stored for the duration for which the website is displayed, and for an additional maximum of 7 days for technical reasons.

Contact form
Type and volume of processing
On our website we give you the opportunity to contact us using the provided contact form. The information which is collected in the compulsory fields, is necessary in order to be able to process the enquiry. You can also provide additional information voluntarily if you believe it is necessary for processing the contact request.

When using the contact form, your personal data is not forwarded to third parties.

Objective and legal basis
The processing of your data as a result of use of our contact form is performed with the objective of communication and processing your enquiry on the basis of your consent as per Article 6(1)(a) GDPR. If your enquiry relates to an existing contractual relationship with us, the data is processed with the objective of fulfilment of contract on the basis of Article 6(1)(b) GDPR. There is no legal or contractual obligation to provide data, however, it is not possible to process your enquiry without the provision of the information in the compulsory fields. If you do not wish to provide this data, please use other means to contact us.

Storage period
If you use the contact form as the basis for your consent, we store the collected data from each enquiry for a period of three years, starting from completion of the enquiry, or until you withdraw your consent.

If you use the contact form within the scope of a contractual relationship, we store the collected data from each enquiry for a period of ten years after the end of the contractual relationship.

Google CDN

Type and volume of processing
We use Google CDN in order to provide the contents of our website properly. Google CDN is a service of Google Ireland Limited which acts as the content delivery network (CDN) on our website.

A CDN helps to provide the contents of our online presence, in particular files, such as graphics or scripts, with the aid of regionally or internationally distributed servers. When you access these contents, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland, and your IP address and, if necessary, browser data, such as your user agent, are communicated in the process. This data is processed for the aforementioned objectives and to maintain the security and functionality of Google CDN only.

Objective and legal basis
Content delivery networks are used on the basis of our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online presence as per Article 6(1)(f) GDPR.

Storage period
We cannot influence the specific storage period for processed data; this is determined by Google Ireland Limited. You will find further information in the data protection declaration for Google CDN: https://policies.google.com/privacy.

Google Fonts

Type and volume of processing
We use Google Fonts of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland as a service for the provision of fonts for our online presence. In order to obtain these fonts, you establish a connection to the servers of Google Ireland Limited, and your IP address is being communicated in the process.

Objective and legal basis
Google Fonts is used on the basis of your consent as per Article 6(1)(a) GDPR and Section 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act).

Google reCAPTCHA

Type and volume of processing
We have integrated components of Google reCAPTCHA into our website. Google reCAPTCHA is a service of Google Ireland Limited, and enables us to determine whether a contact request has been sent by a natural person or whether it has been generated automatically by a program. When you access these contents, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland, and your IP address and, if necessary, browser data, such as your user agent, are communicated in the process. Google reCAPTCHA also records the length of stay and mouse movements of the user in order to distinguish automated enquiries from human ones. This data is processed for the aforementioned objectives and to maintain the security and functionality of Google reCAPTCHA only.

Objective and legal basis
Google reCAPTCHA is used on the basis of your consent as per Article 6(1)(a) GDPR and Section 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act).