Data protection statement
As the operator of this website, we take the protection of your personal data extremely seriously. We will handle your personal data confidentially and in accordance with statutory data protection regulations and this data protection statement. You can use our website without having to input personal data. Where personal data (e.g. name, address, email address etc.) is collected on this site, it is collected on a voluntary basis wherever possible. This data will not be shared with any third party without your express permission.
Nonetheless you should be aware that data transfer via the Internet (e.g. via email) is never wholly secure and the protection of your data against third party access cannot be guaranteed.
1. Name and contact details for the data controller responsible for data processing and for the company data protection officer
This data protection information applies to the processing of data by:
Data controller: HBI Helga Bailey GmbH, represented by its managing directors Corinna Voss and Helga Bailey, Stefan George Ring 2, 81929 Munich, email email@example.com,
tel. +49 (0)89 99 38 87-0, fax +49 (0)89 930 24 45.
2. Collection and storage of personal data and type and purpose of use of personal data
a) When you visit our website
When you visit our website, the browser used on your device will automatically send information to our server. This information will be temporarily saved in a logfile. The following information will be captured and stored until it is automatically deleted:
- IP address of requesting computer
- Date and time of access
- Name and URL of file accessed
- Website you were on before visiting ours (referrer URL)
- Browser type used and version and where applicable your computer’s operating system and the name of your access provider
- Websites accessed by user via our website
The aforementioned data will be used by us for the following purposes:
- Establishing a trouble-free connection to our website
- Guaranteeing ease of use of our website
- Evaluation of system security and stability
- Other administrative purposes
The legal basis for data processing is art. 6 para. 1 f) GDPR. Our legitimate interest lies in the aforementioned purposes of data collection. In no circumstances will the data collected be used to identify you. Logfiles and their contents are stored for a maximum of 7 days and then deleted, unless they are required for the clarification or documentation of an abusive or illegal use that has become known within the retention period.
b) When you subscribe to our newsletter
You can subscribe to a free newsletter on our website. If you have expressly agreed to the double opt-in procedure in accordance with Art. 6 para. 1 a) GDPR, we will use your e-mail address to send you our newsletter on a periodic basis. To receive the newsletter, it is sufficient to provide an e-mail address. When registering for the newsletter, the IP address of the accessing computer and the date and time of registration are also transmitted.
You can unsubscribe at any time by, for example, clicking on the link at the end of every newsletter. Alternatively, you can email us at firstname.lastname@example.org. When you unsubscribe from the newsletter, we delete your e-mail address.
c) When you use our contact form
For questions of any kind, you can contact us using the contact form on our website, for which you will have to enter your first name, surname and email address so that we know who has sent the enquiry and so that we can respond. Other information can be provided voluntarily.
If you would like to use our chat to contact us quickly and directly, you first have to agree to use the chat. When using the chat, a cookie is set (see 5.). If you chat with us, only your IP address will be saved. All other data that you provide us with in the context of the chat will be answered if necessary to process further questions.
Data processing for the purpose of contacting us and processing, documenting and following up your enquiry is carried out in accordance with Art. 6 para. 1 b) or f) GDPR. Your data will be deleted as soon as your enquiry has been answered and there is no other purpose for storage.
3. Data sharing
Your personal data will not be shared with any third party for any purpose other than those defined in this data protection statement. A commercial sale of your personal data expressly does not take place.
Your personal data will be shared with third parties only if:
- You have given your express consent under art. 6 para. 1 a) GDPR
- The sharing is required under art. 6 para. 1 f) GDPR for the assertion of or defence against claims or for the exercise of rights and there are no grounds for supposing that you have an overwhelming interest in your data not being shared
- There is a statutory obligation to do so as per art. 6 para. 1 c) GDPR
- The sharing is permissible under statute and under art. 6 para. 1 c) GDPR is necessary for the processing of contractual relations with you.
4. Duration of storage
For the duration of website use or in the event that information or other services are required, the personal data you provide will be stored to the extent allowed and in accordance with GDPR. Your personal data will be deleted or locked as soon as it is no longer required for the purpose for which it was stored. It may be stored for longer if allowed under EU or national legislation in the form of regulations, statutes or other regulations to which the data controller is subject. Except in cases where continued storage is required for formation or performance of contract, data will also be locked or deleted if a storage period specified by the aforementioned provisions expires.
The use of all the company’s websites implies the consent for those cookies that are absolutely necessary for their functioning. In addition, you can give us consent to use other cookies (e.g. for analysis and marketing purposes). This request is always made before using our websites for the first time and serves as the legal basis for the processing of personal data, which is automatically collected by our websites, on the basis of Art. 6 para. 1 a) GDPR.
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 a) GDPR.
Responsible for all Google services: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
For further information on data protection and the storage period at Google, please see the data protection declaration for Google: https://policies.google.com/privacy?hl=en.
a) Google Analytics
We use Google Analytics as a web analysis service. IP anonymisation is activated on all company websites so that the IP address of users is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of the cookies used by setting your browser software accordingly. However, this offer informs users that in this case they may not be able to use all the functions of this website to their full extent. Users may also prevent the collection of data generated by the cookie and relating to their use of the website (including their IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
b) Google Ads Conversion Tracking
To promote our services and increase our reach, we use the Google Ads Conversion Tracking tool. With this we see which keywords, ads and campaigns lead to the desired customer actions. We see how many customers interact with our ads on a device and then make a conversion. When you click on a Google Ads ad, a cookie is set on your device. We can therefore recognise that you have reached our website via the ad. We do not receive any personal data from you. Google provides us with a report containing only statistical evaluations (e.g. total number of clicks on our ads). The legal basis for the processing is your consent.
c) Google Tag Manager
We use Google Tag Manager to manage website tags through one interface and allows us to control the exact integration of services on our website. This allows us to integrate additional services flexibly in order to evaluate user access to our website. The use of Google Tag Manager is based on our legitimate interests, i.e. interest in optimising our services. For further information on data protection and storage periods, please see the data protection declaration: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
d) Google reCAPTCHA
We have integrated components of Google reCAPTCHA on our website. This enables us to distinguish whether a contact request originates from a natural person or is automated by means of a program. Your IP address and, if applicable, browser data are transmitted. Furthermore, reCAPTCHA records the duration of the user’s visit and mouse movements in order to distinguish between automated and human enquiries. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of reCAPTCHA (Art. 6 para. 1 f) GDPR).
e) Google CDN
We use Google CDN to properly provide the content of our website. When you access this content, a connection is established to Google servers, where your IP address and possibly browser data are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google CDN.
The use is based on our legitimate interests, i.e. interest in a secure and efficient provision as well as the optimisation of our online offer according to Art. 6 para. 1 f) GDPR.
f) Font Awesome
We use Font Awesome from Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA) on our website. When you access our website, the Font Awesome web font is loaded via the Font Awesome CDN. In this way, the texts and icons are displayed appropriately on every end device. In order to load the font, your IP address must be recognised. Font Awesome also collects when which icon files are downloaded, as well as technical data (browser version, screen resolution, time). This collection is necessary for the delivery of the font, to detect technical errors and to protect against attacks. Font Awesome is used with granted consent. For more information on Font Awesome, please visit https://fontawesome.com/privacy.
On this website we use HubSpot for our online marketing activities. HubSpot is a US-based software company with a branch in Ireland (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland).
This involves integrated software for various online marketing activities, including: Email marketing (newsletters and automated mailings, e.g. for the provision of downloads), social media publishing and reporting, reporting (e.g. traffic sources, access, etc.), contact management (e.g. user segmentation and CRM), landing pages and contact forms. Our registration service enables visitors to our website to learn more about our company, download content and provide their contact details and other demographic information. This information is saved on the servers of our software partner HubSpot. It can be used by us to contact visitors to our website and to assess which of our services they might be interested in. All the information gathered by us is subject to these data protection regulations. All information captured is used solely for the purpose of optimising our marketing initiatives.
The legal basis for the use of HubSpot services is consent or legitimate interest. For more information on HubSpot’s data protection regulations, EU data protection regulations and the cookies used by HubSpot visit: https://legal.hubspot.com/privacy-policy and https://legal.hubspot.com/cookie-policy.
For the integration and display of video content, our website uses plugins from Vimeo. The provider of the video portal is Vimeo Inc., 555 West 18th Street, New York 10011, USA. When a page with an integrated Vimeo plugin is called up, a connection to the Vimeo servers is established. Vimeo thereby learns which of our pages you have accessed. Vimeo learns your IP address, even if you are not logged in to Vimeo Portal or do not have an account there. The information collected by Vimeo is transmitted to the video portal’s servers in the USA.
Vimeo can assign your surfing behaviour directly to your personal profile. You can prevent this by logging out first. The use of Vimeo is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 f) GDPR. Details on the handling of user data can be found at: https://vimeo.com/privacy.
On this website we use Mouseflow (Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark), a web analytics tool that analyzes user behavior so that we can make improvements to the user experience. If you consent to the use of statistical cookies in our consent management, Mouseflow collects the following information: anonymized IP adress, Clicks, Mouse Movements/Hovers, Scrolling; Browser; Device (Desktop/Tablet/Phone); Language; Operating System; Screen Resolution; Duration (Time on Site); Navigation (URLs); Page Content (HTML); Referrer URL; Visitor Type (First Time/Returning); Custom Tags or Variables.
If you do not give us consent, we ensure that Mouseflow only collects fully anonymized information. Anonymization means that no personal reference can be made and we cannot track you. We thus receive no information about whether you are a first-time visitor to our website or a return visitor. If you would like to deactivate Mouseflow in your browser for all web pages, you can do so via the following link: https://mouseflow.com/opt-out/
All data collected by Mouseflow is stored on servers in the EU. There is no data transfer to third countries. We have concluded a data processing agreement (DPA) with Mouseflow. For more information on data protection, please visit https://mouseflow.com/de/privacy/.
7. Social media
Our website uses links to social networks on the basis of art. 6 para. 1 f) GDPR in order to promote awareness of our company. The commercial purpose of this usage is a legitimate interest in the sense intended by GDPR. Responsibility for adherence to data protection regulations is that of the providers concerned.
The social media buttons we use are individual buttons embedded in the design of our website and are genuine links to the social media providers concerned. Simply visiting any of the pages of the HBI website will not in itself result in the transfer of any data to social media providers. Only when you click on the link in question will data be transferred.
When you visit our website, your browser will create a direct link to the servers of Facebook, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereafter “Facebook”). Facebook will thus be informed that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or, if you do have a Facebook account, even if you are not logged in to it at the time. This information (including your IP address) will be transmitted from your browser directly to a Facebook server in the US and saved there.
For more information on the scope and purpose of data collection, the processing and use of the data by Facebook, your rights in this regard and how you can adjust your settings to protect your privacy, see https://www.facebook.com/privacy/explanation.
When you visit our website, your browser creates a direct connection with the servers of Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, US (hereafter “Instagram”). This will inform Instagram that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or, if you do have one, even if you are not logged in to it. This information (including your IP address) will be transferred from your browser directly to an Instagram server in the US and saved there. For more information visit https://help.instagram.com/155833707900388.
When you visit our website, your browser creates a direct connection to the servers of LinkedIn, which is operated LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereafter ” LinkedIn “). This will inform LinkedIn that your browser has accessed the corresponding page of our website, even if you do not have a LinkedIn profile or, if you do have one, even if you are not logged in to it. This information (including your IP address) will be transferred from your browser directly to a LinkedIn server and saved there. For more information see https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.
Twitter is a microblogging service provided by the American company Twitter, Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107). If you use our services, e.g. if you visit one of our websites that contains a Twitter button, your browser will also establish a direct connection to the Twitter servers and the button will be loaded from there. In doing so, the information is transmitted to Twitter that our website has been accessed. Even if you are not logged in, Twitter may collect and save usage data.
If you click on the Twitter buttons and “tweet” information via the Twitter window that opens, you transmit the tweeted information to Twitter. This information is then published in your Twitter user profile. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter. For further information on data collection, evaluation and processing of your data by Twitter and your rights in this regard, please refer to https://twitter.com/en/privacy.
8. Data subject rights
You have the right:
- under art. 15 GDPR to be informed as to the personal data of yours that we are processing;
- under art. 16 GDPR to the immediate correction of inaccurate data held by us or the completion of incomplete data held by us;
- under art. 17 GDPR to the deletion of the personal data held by us about you, unless the processing is required for the exercise of the right to freedom of speech or information, for compliance with a legal obligation, on the grounds of public interest or for the assertion of or defence against claims or the exercise of rights;
- under art. 18 GDPR to the restriction of the processing of your personal data;
- under art. 20 GDPR to have the personal data that you have provided to us issued to you in a structured, current and machine-readable form or to have it transferred to another data controller;
- under art. 21 GDPR to object to the processing;
- under art. 7 para. 3 GDPR at any time to withdraw your previously given consent. This will mean that we will with future effect have to cease any data processing based on this consent; and
- under art. 77 GDPR to complain to the supervisory authorities. This usually involves complaining to the supervisory authority responsible for your habitual place of residence or work or for our corporate head office.
If you wish to make use of your rights, please contact us using the contact details given under 1.
9. Data security
Our website uses the widely deployed SSL (secure socket layer) process in combination with the highest level of encryption supported by your browser, which is usually 256 bit encryption. If your browser does not support this level of encryption, we will revert to 128 bit v3 technology. Whether or not a specific page of our website is encrypted can be determined from the presence of the key or padlock symbol in the status bar at the bottom of your browser.
We also use appropriate technical and administrative security measures to protect your data from accidental or intentional manipulation, partial or total loss, destruction and unauthorised third-party access. Our security measures are continually updated in line with technological developments.
10. Updating and amendment of this data protection statement
This data protection statement is currently valid and was last amended in November 2021.
As our website and services develop or as statutory or official regulations change, it may be necessary for this data protection statement to be amended. The latest version can always be found at, and printed out from, at https://www.hbi.de/en/datenschutzerklaerung/