Privacy Policy for HORA eTec GmbH

Inhaltsübersicht

Preliminary Information

With the following Privacy Policy, we inform you about which personal data we process, for which purposes and to what extent. This Privacy Policy applies to all processing activities carried out in the course of our business activities and, in particular, to our website and online presences.

The terms used are gender-neutral.

Verantwortlicher

HORA eTec GmbH
Lange Str. 65
D-32257 Bünde

Authorised representative:
Managing Director authorised to represent the company:
Dipl.-Betriebsw. (FH) Dirk Niestrat

Email address: info@hora-etec.com

Legal Notice: https://hora-etec.com/impressum/

Contact Details of the Data Protection Officer

datenschutz@hora-etec.com

Overview of Processing Activities

The following overview summarises the types of personal data processed, the categories of data subjects concerned and the purposes of processing.

Types of Data Processed

  • Master data
  • Employee data
  • Payment data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Metadata, communication and process data
  • Image and/or video recordings
  • Log data

Categories of Data Subjects

  • Customers, clients and contracting parties
  • Employees
  • Prospects
  • Communication partners
  • User
  • Business and contractual partners
  • Third parties

Purposes of Processing

  • Performance of contractual services and fulfilment of contractual obligations
  • Communication
  • Security measures
  • Audience measurement and tracking
  • Office, organisational and administrative procedures
  • Target group segmentation and marketing
  • Feedback
  • Provision of our online services and user-friendliness
  • Establishment and performance of employment relationships
  • Information technology infrastructure
  • Financial and payment management
  • Public relations and sales promotion
  • Business processes and commercial procedures

Relevant Legal Bases

Below is an overview of the legal bases under the General Data Protection Regulation (GDPR) on which we process personal data. In addition to the GDPR, national data protection regulations may apply. Specific legal bases are specified in this Privacy Policy where applicable.

Legal Bases under the GDPR

  • Consent (Article 6(1)(a) GDPR): Processing based on the consent of the data subject.
  • Performance of a Contract and Pre-contractual Measures (Article 6(1)(b) GDPR): Processing for the performance of a contract or to carry out pre-contractual measures.
  • Legal Obligation (Article 6(1)(c) GDPR): Processing to comply with a legal obligation.
  • Legitimate Interests (Article 6(1)(f) GDPR): Processing to safeguard our legitimate interests, provided that the interests or fundamental rights and freedoms of the data subject do not override these interests.
  • Processing of Special Categories of Personal Data (Article 9(2)(b) and (h) GDPR): Processing in the context of employment relationships, in particular under labour, social security and occupational health law.

National Data Protection Regulations in Germany

In addition to the GDPR, national data protection regulations apply, in particular the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains supplementary provisions, for example regarding data subject rights and the processing of special categories of personal data.

Security Measures

Taking into account the legal requirements, we implement appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguards to ensure the confidentiality, integrity and availability of data, as well as controls over access, processing and transmission. Furthermore, we have established procedures to ensure the protection of data subject rights and to respond appropriately to security incidents.

Personal data protection is taken into account already at the stage of selecting and developing systems through data protection-friendly default settings and design.

Encryption (TLS/SSL)

To protect data transmitted via our website, we use TLS/SSL encryption (HTTPS). This protects data transmitted between your browser and our server against unauthorised access.

Transfer of Personal Data

In the course of processing personal data, it may be transferred or disclosed to other parties, companies or service providers. This applies in particular to IT service providers or providers of services and content integrated into our website. In such cases, we comply with the statutory requirements and conclude appropriate contracts to protect your data.

Personal data may be transferred to so-called third countries (outside the European Union or the European Economic Area), in particular in connection with the use of external service providers. In such cases, we ensure that appropriate safeguards are in place to protect the data, such as the conclusion of Standard Contractual Clauses or participation in the EU-U.S. Data Privacy Framework, where applicable.

Internal Data Transfers: Personal data may be transferred within our organisation to other departments or organisational units where this is necessary for administrative purposes, for the fulfilment of contractual obligations, or on the basis of consent or a statutory authorisation.

Allgemeine Informationen zur Datenspeicherung und Löschung

We delete personal data in accordance with statutory requirements once consent has been withdrawn or there is no longer a legal basis for processing. This applies in particular where the original purpose of processing no longer applies or the data is no longer required.

Exceptions apply where statutory retention obligations or legitimate interests require longer storage, for example for reasons related to commercial or tax law or for the assertion or defence of legal claims.

Specific retention periods may be specified for individual processing operations in this Privacy Policy. Where multiple retention periods apply, the longest retention period shall prevail.

Unless otherwise stated in this Privacy Policy, personal data is stored only for as long as is necessary for the respective purposes or for as long as statutory retention obligations exist.

Data retained on the basis of statutory obligations is processed exclusively for the purposes justifying its retention.

Where retention periods do not start on a specific date and last at least one year, they generally begin at the end of the calendar year in which the triggering event occurred. In the case of ongoing contractual relationships, this is generally their termination.

Rechte der betroffenen Personen

As a data subject, you have the following rights under the GDPR, in particular pursuant to Articles 15 to 21 GDPR:

  • Right to Object
    You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data where such processing is based on Article 6(1)(e) or (f) GDPR. Where your data is processed for direct marketing purposes, you may object at any time.
  • Right to Withdraw Consent
    You may withdraw your consent at any time.
  • Right of Access
    You have the right to obtain confirmation as to whether your personal data is being processed and to access such data, as well as to receive a copy thereof.
  • Right to Rectification
    You have the right to request the rectification of inaccurate personal data or completion of incomplete data.
  • Right to Erasure and Restriction of Processing
    You may request the erasure of your data or restriction of its processing, provided the legal requirements are met.
  • Right to Data Portability
    You have the right to receive your data in a structured, commonly used and machine-readable format or to have it transmitted to another controller.
  • Right to Lodge a Complaint with a Supervisory Authority
    You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

Business Processes and Procedures

Personal data of customers, clients and other third parties is processed in the context of contractual and pre-contractual relationships. This serves to support business operations, in particular in the areas of customer management, sales, payment processing, accounting and project management.

Processing is carried out to fulfil contractual obligations and to ensure the efficient design of internal processes, such as transaction processing, maintaining customer relationships, managing sales activities and ensuring financial processes. It also supports administrative tasks and organisational management.

Data is only disclosed to third parties where this is necessary to fulfil the purpose or due to legal obligations. When transferring data to third countries, limitations may arise with regard to the enforcement of data subject rights. Deletion takes place after the purpose has ceased or statutory retention periods have expired.

  • Types of data processed: Master data; payment data; contact data; content data; contract data; log data; usage data; metadata, communication and process data; employee data
  • Data subjects: Customers and clients; prospects; communication partners; business and contractual partners; users; employees; other third parties
  • Purposes of processing and legitimate interests: Performance of contracts; organisational and administrative procedures; business processes; communication; marketing and sales promotion; public relations; financial and payment management; IT infrastructure
  • Retention and deletion: In accordance with the section “General Information on Data Storage and Deletion”
  • Legal bases: Article 6(1)(b), (c) and (f) GDPR

Further information on processing activities, procedures and services:

  • Customer management and CRM: Procedures for customer acquisition, retention and communication, as well as for the management and analysis of customer data
    Legal bases: Article 6(1)(b) and (f) GDPR
  • Contact management: Organisation, maintenance and protection of contact data, including database management, updates and access controls
    Legal bases: Article 6(1)(b) and (f) GDPR
  • Payment transactions: Execution and monitoring of payment processes, including account reconciliation and payment management
    Legal bases: Article 6(1)(b) and (f) GDPR
  • Accounting: Processing of business transactions, invoices and outstanding items, including dunning procedures and account reconciliation
    Legal bases: Article 6(1)(b), (c) and (f) GDPR
  • Financial accounting and taxation: Recording and processing of financially relevant transactions and fulfilment of tax obligations
    Legal bases: Article 6(1)(b), (c) and (f) GDPR
  • Sales: Planning, execution and analysis of sales activities, including customer support and order processing
    Legal bases: Article 6(1)(b) and (f) GDPR
  • Marketing, advertising and sales promotion: Market analysis, campaign planning and implementation, as well as performance measurement
    Legal basis: Article 6(1)(f) GDPR
  • Public relations: Planning and implementation of communication measures and PR activities
    Legal basis: Article 6(1)(f) GDPR

Provision of our Online Services and Web Hosting

We process users’ personal data in order to provide our online services. This includes, in particular, the processing of IP addresses, which are technically necessary to deliver content and functions to the browser or end device. For hosting and the technical provision of our online services, we use external service providers (web hosting providers).

  • Types of data processed: Usage data (e.g. page views, duration of visits, click paths, devices and operating systems used); Metadata, communication and process data (e.g. IP addresses, timestamps, identification numbers); Log data (e.g. log files relating to access and use)
  • Data subjects: Users (e.g. website visitors and users of online services)
  • Purposes of processing and legitimate interests: Provision of the online services and user-friendliness; operation and security of the IT infrastructure
  • Retention and deletion: In accordance with the section “General Information on Data Storage and Deletion”
  • Legal basis: Article 6(1)(f) GDPR

Further information on processing activities, procedures and services:

  • Hosting: Provision of our online services using external storage space, computing capacity and software of a web hosting provider
    Legal basis: Article 6(1)(f) GDPR
  • Collection of access data and log files: Logging of accesses (e.g. pages/files accessed, date and time, data volume, browser type, operating system, referrer URL, IP address). Processing is carried out to ensure stability and security (e.g. defence against attacks).
    Log files are generally stored for a maximum of 30 days and then deleted or anonymised. Longer storage takes place only where required for evidentiary purposes.
    Legal basis: Article 6(1)(f) GDPR
  • United Domains: Hosting and infrastructure services provided by united-domains AG, Starnberg, as well as, where applicable, further technical service providers in connection with the provision of our online services.
    Legal basis: Article 6(1)(f) GDPR. Further information is available in the provider’s privacy policy and the data processing agreement.

Use of Cookies

Cookies are technologies that store and retrieve information on end devices. They are used to ensure the functionality, security and user-friendliness of our online services and, where applicable, to analyse visitor flows.

We use cookies in accordance with statutory requirements. Where required, we obtain prior consent. Where consent is not required, cookies are processed on the basis of legitimate interests, in particular to provide technically necessary functions and to ensure security and stability. Consents may be withdrawn at any time. Tracking and analytics cookies are used exclusively following user consent.

Notes on legal bases: The processing of personal data using cookies is carried out either on the basis of consent or – where consent is not required – on the basis of legitimate interests.

Storage duration:

  • Session cookies: deleted after the session ends
  • Persistent cookies: remain stored beyond the session (e.g. for settings or recognition). Where no specific information is provided, the storage period may be up to two years.

Withdrawal and objection (opt-out): Consents may be withdrawn at any time. Users may also object to processing in accordance with statutory requirements, in particular via their browser settings.

  • Types of data processed: Metadata, communication and process data (e.g. IP addresses, timestamps, identification numbers)
  • Data subjects: Users
  • Legal bases: Article 6(1)(a) and (f) GDPR

Further information on processing activities, procedures and services:

Consent management: Use of a solution for collecting, documenting and managing consents (in particular for cookies and comparable technologies). Consents are stored to enable verification and to avoid repeated requests. Storage takes place server-side and/or in a cookie (opt-in cookie) and may last up to two years. Processed data includes a pseudonymous user identifier, the time and scope of consent, as well as technical information (e.g. browser, device).
Legal basis: Article 6(1)(a) GDPR

Complianz: Tool for managing and documenting cookie consents, displaying cookie notices and handling withdrawals. Further information is provided in the provider’s privacy policy.

Contact and Enquiry Management

When contacting us (e.g. by post, contact form, email, telephone or social media) and within the scope of existing business relationships, we process the personal data transmitted insofar as this is necessary to handle the enquiry and requested measures.

  • Types of data processed: Contact data (e.g. email address, telephone number); Content data (e.g. messages and associated information such as time or sender); Metadata, communication and process data (e.g. IP addresses, timestamps, identification numbers)
  • Data subjects: Communication partners
  • Purposes of processing and legitimate interests: Communication; organisational and administrative procedures; feedback; provision and optimisation of our online services
  • Retention and deletion: In accordance with the section “General Information on Data Storage and Deletion”
  • Legal bases: Article 6(1)(b) and (f) GDPR

Further information on processing activities, procedures and services:

Contact form: Processing of transmitted data for handling enquiries. This regularly includes name, contact details and further information provided, insofar as required. Use is exclusively for the purpose of contact and communication.
Legal bases: Article 6(1)(b) and (f) GDPR

Webanalyse, Monitoring und Optimierung

Web analytics (audience measurement) serves to evaluate the use of our online services. Pseudonymous information on user behaviour, interests and technical characteristics is processed to identify usage patterns and optimise our offering.

We may also use testing procedures (e.g. A/B tests) to analyse and improve different versions of our online services.

Usage profiles may be created and information stored on and retrieved from end devices. Processed data includes, in particular, visited pages, functions used and technical details (e.g. browser, operating system, usage times). Where consent has been given, coarse location information derived from IP addresses (e.g. country, region or city) may also be processed. Precise location tracking does not take place.

IP addresses are processed exclusively in pseudonymised form (IP masking). No direct identifiers such as names or email addresses are stored.

Notes on legal bases: Processing takes place on the basis of consent (Article 6(1)(a) GDPR) or – where consent is not required – on the basis of legitimate interests (Article 6(1)(f) GDPR). Further information can be found in the section “Cookies”.

  • Types of data processed: Usage data; metadata, communication and process data (e.g. IP addresses, timestamps, identification numbers)
  • Data subjects: Users
  • Purposes of processing and legitimate interests: Audience measurement; creation of pseudonymous user profiles; optimisation and provision of our online services
  • Retention and deletion: In accordance with the section “General Information on Data Storage and Deletion”. Cookies may be stored for up to two years.
  • Security measures: IP masking (pseudonymisation of the IP address)
  • Legal bases: Article 6(1)(a) and (f) GDPR

Further information on processing activities, procedures and services:

Google Analytics: We use Google Analytics to analyse use of our online services based on consent (Article 6(1)(a) GDPR). Processing is carried out using pseudonymous user identifiers and may include the creation of pseudonymous user profiles.

Processed data includes, in particular, page views, interactions, duration of visits, referrer information, devices and browsers used, and timestamps. Cookies and comparable technologies may be used.

IP addresses are truncated within the EU (IP masking) and are not stored permanently. They are used solely to derive coarse geographical information (e.g. region) and are subsequently deleted. Identification of individual persons does not take place. We do not combine this data with other data.

Processing may also take place in third countries, in particular the United States. Appropriate safeguards are implemented to ensure an adequate level of data protection (in particular Standard Contractual Clauses and participation in the Data Privacy Framework, where applicable).

Users may withdraw their consent at any time and object to processing (e.g. via cookie settings or Google opt-out mechanisms). Further information on data processing and data protection measures is available in Google’s privacy information.

Social Media Presence

We maintain online presences in social networks in order to communicate with users and provide information about our company.

Our website does not integrate functions of these networks (e.g. plug-ins or tracking elements); instead, it only contains external links to our respective profiles.

Providers of social networks generally process user data for market research and advertising purposes. Usage profiles may be created, for example based on user behaviour and derived interests, and used for personalised advertising within and outside the platforms. This typically involves the use of cookies and comparable technologies, including across devices.

Personal data may also be processed outside the European Union, which may entail risks, particularly with regard to the enforcement of data subject rights.

For details on data processing and objection options, please refer to the privacy policies of the respective providers. Data subject rights can generally be asserted most effectively directly with the providers, but you may also contact us.

  • Types of data processed: Contact data; content data (e.g. posts and messages); usage data (e.g. interactions, page views, technical information)
  • Data subjects: Users
  • Purposes of processing and legitimate interests: Communication; feedback; public relations
  • Retention and deletion: In accordance with the section “General Information on Data Storage and Deletion”
  • Rechtsgrundlagen: 6 Abs. 1 lit. f DSGVO

Further information on processing activities, procedures and services:

LinkedIn: We operate a company page on LinkedIn. For the collection of data for “Page Insights” (statistics), we are joint controllers with LinkedIn Ireland Unlimited Company. This relates in particular to information on interactions, content, devices and profile data.

Joint controllership is limited to data collection and transmission to LinkedIn. Further processing is carried out by LinkedIn. A corresponding joint controller agreement (“Page Insights Joint Controller Addendum”) has been concluded.

Further information on data processing, data subject rights and objection options is available in LinkedIn’s privacy information. Processing may also take place in third countries (in particular the United States); appropriate safeguards are applied (e.g. Standard Contractual Clauses, Data Privacy Framework).

YouTube: We operate a company channel on the YouTube video platform to provide content and interact with users. User data may be processed by the provider, in particular for analytics and advertising purposes.

Processing is carried out under YouTube’s sole responsibility. Further information is available in Google’s privacy information. Processing may also take place in third countries (in particular the United States); appropriate safeguards apply (e.g. Standard Contractual Clauses, Data Privacy Framework).

Plug-ins and Embedded Functions and Content

We integrate functional and content elements (e.g. graphics, videos or buttons) from third-party providers into our online services.

This regularly involves the processing of users’ IP addresses, as these are required to deliver the content. Third-party providers may also use technologies such as pixel tags or cookies to process usage data for analytics and marketing purposes. Pseudonymous user profiles may be created and combined with further information.

Notes on legal bases:
Processing is carried out on the basis of consent (Article 6(1)(a) GDPR), where required (in particular for tracking and marketing), otherwise on the basis of legitimate interests (Article 6(1)(f) GDPR). Further information can be found in the section “Cookies”.

  • Types of data processed: Usage data; metadata, communication and process data (e.g. IP address, timestamps, identification numbers)
  • Data subjects: Users
  • Purposes of processing and legitimate interests: Provision and optimisation of the online services; audience measurement; marketing and tracking; creation of pseudonymous user profiles
  • Retention and deletion: In accordance with the section “General Information on Data Storage and Deletion”. Cookies may be stored for up to two years.
  • Legal bases: Article 6(1)(a) and (f) GDPR

Further information on processing activities, procedures and services:

Google Fonts (locally hosted): Provision of fonts for consistent presentation of our online services. No data is transmitted to Google.
Legal basis: Article 6(1)(f) GDPR

LinkedIn links: Our website contains links to our company profile on LinkedIn. No data is transmitted to LinkedIn when our website is accessed. Only when clicking the link will you be redirected to the external platform, where data may be processed by the provider. Further information is available in LinkedIn’s privacy information. Processing may occur in third countries; LinkedIn’s data protection provisions and appropriate safeguards apply.
Legal basis: Article 6(1)(f) GDPR

YouTube videos: Integration of video content from YouTube. Content is loaded only after user consent. Personal data (e.g. IP address, usage data) may be transmitted to Google and cookies may be set. Processing may take place in third countries; Google’s data protection provisions and appropriate safeguards apply.
Legal basis: Article 6(1)(a) GDPR

Processing of Data in the Context of Employment Relationships

In the context of employment relationships, we process personal data for the establishment, execution and termination of employment relationships. This includes administrative and organisational human resources processes.

Processing ranges from contract initiation to the termination of employment and includes the management of working hours, access rights, personnel measures and payroll accounting.

Processing also takes place to safeguard legitimate interests, for example to ensure IT and occupational safety or to organise operational processes. Data may be used to the extent necessary in the context of external communication.

Processing is carried out in compliance with applicable legal requirements. Data is deleted or anonymised after the purpose ceases or in accordance with statutory retention periods.

  • Types of data processed: Employee data; contact data; content data; image and/or video recordings
  • Data subjects: Employees (e.g. staff, applicants, temporary workers)
  • Purposes of processing and legitimate interests: Establishment and performance of employment relationships; organisational management; public relations
  • Legal bases: Article 6(1)(b), (c) and (f) GDPR; Article 9(2)(b) GDPR (processing in the context of employment and social security law) and Article 9(2)(h) GDPR where required, in particular in connection with employment law obligations (e.g. processing of sickness notifications).

Further information on processing activities, procedures and services:

Publication of employee data: Publication or disclosure takes place only where required for the performance of employment-related duties (e.g. naming as a contact person) or within the scope of public relations activities. Otherwise, publication takes place only with employee consent or on the basis of legitimate interests (e.g. event photographs).
Legal bases: Article 6(1)(b) and (f) GDPR

Changes and Updates

We amend this Privacy Policy where necessary due to changes in data processing. Please inform yourself regularly about the current version.

Where changes require your involvement (e.g. consent) or individual notification, we will inform you accordingly.

Please note that contact details of companies and organisations may change over time.

A comprehensive version of this Privacy Policy in German is available here:
https://hora-etec.com/wp-content/uploads/Datenschutzerklaerung_HORA-eTec_Stand_Februar_2026.pdf

Date: 10 February 2026