Cookies are small files our website asks your internet browser to store on your computer/device for a given amount of time.
1. Remember your preferences on our website
2. Choose relevant content/advertisements to show
3. Provide technical support
4. Track user activity
5. Make the general online experience more user-friendly and effective
The legal basis this is Art. 6 (1 f) GDPR
This website uses the following types of cookies;
Transient cookies are automatically deleted when you close your browser. These store what is known as a session ID, which correlates various queries made by your browser during one common session. This helps to identify your computer when you return to the website. Session cookies are also deleted once you log out or close your browser.
Persistent cookies are automatically deleted after a given time, which varies depending on the cookie.
First vs Third-Party Cookies
The First Party Cookies we use come from our domain and are only used for essential, functional or performance-related tasks.
Third-Party Cookies we use are owned and managed by other parties and are used predominantly for analytical/marketing purposes. A full list of cookies currently in operation can be found below;
Hafele UK Website Cookies by Type
1st Party cookies – Essential, Functional & Performance
- HafeleSID - We use these essential, functional and performance-related cookies across our website to provide you with the optimal online shopping experience as well as to ensure site performance is maintained.
3rd party cookies – Performance
- Google Analytics - We use Google Analytics to understand how our media campaigns work and how you interact with our website to improve the user experience. More Info https://tools.google.com/dlpage/gaoptout
- YouTube - We embed videos or insert links to videos from YouTube on our website(s). As a result, when you visit a page with content embedded from or linked to YouTube, you may be presented with cookies from YouTube. More Info https://support.google.com/ads/answer/2662922?hl=en-GB
3rd party cookies - Functionality
- Zendesk Chat - Zendesk live chat service allows Hafele UK to connect with customers or website visitors in real-time through a web-based, text-only live chat. More Info https://www.zendesk.com/company/customers-partners/privacy-policy
3rd party cookies - Marketing
- Facebook - Facebook helps you stay in touch with your network through their website/ mobile application. We make it easier for you to share any content of interest on Facebook and sometimes, we may present with some targeted adverts on Facebook based on your engagement with our website(s). More Info https://en-gb.facebook.com/help/568137493302217
- DoubleClick Floodlight - DoubleClick Floodlight cookies enable us to understand if you complete certain actions on our website(s) after you have seen or clicked through one of our display/ video advertisements served on Google or other platforms via DoubleClick. DoubleClick uses this cookie to understand the content with which you have engaged on our website(s) so they may subsequently deliver some targeted advertisements to you. More Info https://support.google.com/ds/answer/2839090?hl=en
- Google tracking cookies - Google tracking cookies enable us to understand if you complete certain actions on our website(s) after you have seen or clicked through one of our adverts served via Google. Based on the content you have engaged with on our websites Google can deliver some targeted adverts across other Google partner websites. More Info https://support.google.com/ads/answer/2662922?hl=en
This website uses Google Analytics, a web analytics service provided by Google LLC. (“Google“), Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how it is used. The information generated by the cookie on your use of this website will normally be transmitted to a Google server in the United States and stored there. This website uses Google Analytics with the extension "gat._anonymizeIp();" to guarantee the anonymous capture of IP addresses (“IP masking”). If IP anonymization is activated on this website, however, your IP address will be truncated by Google from within a member state of the European Union or from within any other country which is party to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be sent to a Google server in the United States and truncated there. Google will use this information on our behalf for purposes of evaluating your use of the website, compiling reports on website activity and providing the website operator with other services relating to website use and internet usage. Google will not associate your IP address (sent by your browser and transferred via Google Analytics) with any other data held by Google. The legal basis for the processing of your personal data is Art. 6 (1f) GDPR.
You may refuse the storage of cookies by selecting the appropriate settings in your browser software, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the acquisition of the data generated by the cookie (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). https://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent the acquisition by Google Analytics by clicking the following link. An opt out cookie will be placed that will prevent future acquisition of your data while visiting this website. Deactivate Google Analytics. Further information concerning usage conditions and data protection can be found at http://www.google.com/analytics/terms/de.html or at https://policies.google.com/.
This website uses Mouseflow, an analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark), to record randomly selected individual visits (with anonymised IP address only). This generates a record of the movements and clicks of the mouse, with the purpose of recording randomly selected website visits in order to use this information to make improvements to the website. This information cannot be attributable to any particular individual, and it will not be made available to anyone else. If you wish to prevent the recording of this information, you do this on all websites that use Mouseflow, by clicking on the following link: https://mouseflow.co.uk/opt-out.
Social Media Plug-ins and Presence
When you access the social media page of our homepage, so-called social plug-ins ("plug-ins") of the social networks Facebook, Instagram and the microblogging service Twitter are used. Facebook and Instagram are operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). You can find an overview of the plugins and their appearance here:
https://developers.facebook.com/docs/plugins, http://blog.instagram.com/post/36222022872/introducing-instagram-badges and https://dev.twitter.com/web/overview
When you visit the Social Media page of our website, your browser establishes a direct connection to the Facebook, Instagram or Twitter servers. The content of the plugin is transmitted by the respective provider directly to your browser and integrated into the page. By integrating the plugins, the providers receive the information that your browser has called the corresponding page of our website, even if you do not have a profile on the corresponding social network or are not logged in. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider in the USA and stored there.
If you are logged in to Facebook, Instagram or Twitter, the providers can directly assign your visit to our website to your profile on Facebook or Twitter. If you interact with the plugins, for example by pressing the "Like" button or the "Instagram" button, the corresponding information is also transmitted directly to a server of the provider and stored there. The information is also published on the social network and displayed to your contacts there. The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options to protect your privacy, please refer to the data protection information of the providers.
Privacy Notices from Instagram:
If you do not want Facebook or Twitter to associate the information collected through our site directly with your profile on the social network, you must log out of that network before visiting our site. You can also prevent the loading of plugins completely with add-ons for your browser, e.g. with the script blocker „NoScript“ (http://noscript.net/).
We operate the online presence within the social networks Facebook, Instagram and Twitter to communicate with our business partners and to get in touch with you as a visitor of this site. The operation of these pages, including the processing of the personal data of the users, is based on our legitimate interests in a supportive information and interaction opportunity with our customers pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are requested by the respective providers of the platforms to give their consent to the aforementioned data processing, the legal basis for the processing is Art. 6 Para. 1 lit. a., Art. 7 DSGVO.
We would like to point out that the transfer and further processing of personal data of users to third countries, such as the USA, as well as the associated possible risks for users (e.g. in the form of more difficult law enforcement) cannot be excluded by us as the operator of the site. US providers certified under the Privacy Shield are committed to complying with EU privacy standards.
User data is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the resulting interests of users. The usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms. For these purposes, cookies are regularly stored on the computers of the users, in which the user behaviour and the interests of the users are stored. In addition, data can also be stored in the user profiles across all devices.
The so-called "Insights" on the Facebook page provide us with statistical data of various categories. These statistics are generated and provided by Facebook. As the operator of this site, we have no influence on the generation and display of this information. We cannot turn off this function or prevent the generation and processing of data. Information about this data processing can be found directly on Facebook at https://www.facebook.com/legal/terms/information_about_page_insights_data.
Transfer of data to third parties
We transfer your data to processors, these being companies we commission to process data within the legally defined parameters, Art. 28 GDPR (service providers, contractors). In this case, Häfele will still remain responsible for the protection of your data (i.e. we are the “controller"). We have implemented legal, technical and organisational measures, alongside the performance of regular controls, to ensure that processors comply with the provisions of the data protection laws. We commission contractors in the following areas in particular: IT, sales, marketing, finance, consulting, customer service, HR, logistics, printing.
We will also transfer your data to our co-operation partners, who deliver services to you under their own responsibility (suppliers, delivery companies). This is the case when you request us to deliver services from these partners, or if you consent to the involvement of the partner, or if we engage the partner in a situation in which we are legally permitted to do so, such as the performance of a contract, in accordance with Art. 6 (1 f) GDPR.
Personal data is transferred within the Häfele Group for internal administrative purposes connected with centralised customer care and order processing. The legal basis for this is Art. 6 (1 f) GDPR. Häfele has instituted internal guidelines that obliged its companies to implement the technical/organisational measures for ensuring the security of data processing operations.
We also process data, sometimes using automated processes, to analyse certain personal aspects (profiling). We use this for the purpose of giving you targeted product information and advice, and to provide you with recommendations. This analysis enables us to deliver appropriate communications and marketing, including market research and opinion polling.
To do this, in the web shop we use your personal customer master data as well as your order history data with Häfele (including outside of the web shop), the type and method of your interaction with the website or other Häfele services (e.g. newsletter). We use in-house developed programs for this purpose. This data processing is performed in the pursuit of our overriding legitimate interest in a weighing of interests in the optimised presentation of our products and services, and in making appropriate recommendations of products in accordance with Art. 6 (1) (f) GDPR.
Finally, in certain cases we have a legal obligation to provide certain data to public agencies if requested.
Length of the storage
Unless otherwise described in this Data Protection Declaration, personal data will be erased once it has fulfilled its applicable, specified purpose, and there are no retention obligations preventing its erasure. Data is routinely erased following the expiry of the retention period, provided it is not needed for the initiation or fulfilment of a contract, and there is no other existing legal basis for the data processing.
Security of data processing
We maintain up-to-date technical and organisational measures for ensuring the security of the data processing operation, especially in order to protect your personal data from risks during data transfer and from becoming known to unauthorised third parties. These measures are modified in accordance with the current state-of-the-art, the need for protecting the personal data in question, and the risks to your rights and freedoms. Generally speaking, your data will be processed in Germany and within other European countries. If, in exceptional cases, your data is also processed in countries outside of the European Union (i.e. in “third countries”), this will take place to the extent that you have explicitly consented to it, or if it is necessary in order for us to deliver our service to you, or if it is stipulated by law (Art. 49 GDPR). Furthermore, your data will be processed in third countries only insofar as certain measures are in place to ensure that a reasonable level of data protection exists there (e.g. adequacy decision taken by the EU Commission or “appropriate safeguards”, Art. 44 et seqq. GDPR).
Rights of the data subject
You have the right
a. to demand information concerning the categories of data processed, the purposes of the processing, any recipients of the data, the envisaged storage period (Art. 15 GDPR);
b. to demand the rectification or augmentation of incorrect or incomplete data (Art. 16 GDPR);
c. to withdraw consent at any time, effective for the future (Art. 7 (3) GDPR);
d. to object to the processing of your personal data on grounds relating to your particular situation (Art 21 (1) GDPR);
e. in certain cases defined in Art. 17 GDPR, to demand the erasure of data - especially insofar the personal data is no longer necessary for the envisaged purpose or if it is processed unlawfully, or if you withdraw your consent in accordance with (c) above, or if you have stated your objection in accordance with (d) above;
f. under certain conditions, to demand the restriction to the processing of data, insofar as it is not possible to erase it, or the obligation to erase disputed (Art. 18 GDPR);
g. to data portability, i.e. you are entitled to receive the personal data concerning you, which you provided to us, in a commonly used machine-readable format, such as CSV, and, where relevant, to transmit it to others (Art. 20 GDPR);
h. to object to the competent data processing supervisory authority regarding the processing of your personal data; the competent supervisory authority in this case is the Data Protection Commissioner of Baden-Württemberg (https://www.baden-wuerttemberg.datenschutz.de/).
Amendment of the Data Protection Declaration
We reserve the right to amend this Data Protection Declaration in accordance with relevant changes to the law or the services we offer. Older versions shall remain accessible.
Hafele UK - August 2020