Privacy Policy / Duty to Inform

Privacy Policy
Protecting your data is a primary concern for us. Therefore, we comply with the applicable data protection regulations, in particular the GDPR (General Data Protection Regulation) and the DSG (Data Protection Act), when processing your personal data (e.g., master data).
Below you will find detailed information about the data processing activities we carry out:

1. Controller
HERMES Technologie Ltd. 8 High Street

Heathfield, TN 21 8LS
Tel: +44 790 896 2521
Email: office@hermes-technologie.com

Since we are not legally required to do so, we have not appointed or designated a Data Protection Officer with the data protection authority.

2. Rights of Data Subjects / Right to Object and Withdraw Consent / Right to Lodge a Complaint
2.1. You have the following rights toward us regarding your personal data:

Right of access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR)

Restriction of processing (Art. 18 GDPR)

Right to data portability (Art. 20 GDPR)

Right to object to processing (Art. 21 GDPR)

Right to object: If the processing of your personal data is based on a balancing of interests (Art. 6 (1) (f) GDPR: legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. When exercising your right to object, we ask you to explain the reasons why we should not process your personal data as we have done. We will examine the situation and either stop or adjust the data processing, or demonstrate our compelling legitimate grounds and continue the data processing. We will also continue the data processing if it serves the establishment, exercise, or defense of legal claims.
You may object to data processing for the purposes of direct marketing and data analysis at any time. In this case, we will stop the data processing.

Right to withdraw consent: If you have given us your consent to process your personal data, you can withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise the aforementioned rights, you must inform us in person, by telephone, or in writing:
HERMES Technologie Ltd. (Address & contact details as stated above).
Please note that we can only provide information if you can identify yourself.

2.2. Right to lodge a complaint:
If you believe that the data processing violates applicable data protection law or that we are violating your data protection claims, you also have the right to lodge a complaint with the supervisory authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen Postfach 20 04 44, 40102 Düsseldorf

Email: poststelle@ldi.nrw.de

3. Information on the Processing of Your Personal Data
3.1. Website Visit

Purpose: If our website is used for information purposes only, personal data transmitted by your browser to our server is collected. This is technically necessary to display our website and ensure its stability and security.

Legal basis: Legitimate interest (Art. 6 (1) (f) GDPR), § 96 (3) TKG 2003.

Data processed: IP address, date/time of request, time zone difference to GMT, content of request (specific page), access status/HTTP status code, amount of data transferred, requesting website, browser, operating system, language/version of browser software.

Storage duration: For the duration of your website use.

Recipients: Processors.

3.2. Electronic Contact Inquiries via the Website

Purpose: Processing contact inquiries via email or the website contact form.

Legal basis: Performance of a contract or pre-contractual measures (Art. 6 (1) (b) GDPR), legitimate interest (Art. 6 (1) (f) GDPR).

Data processed: Master data, content of the inquiry.

Storage duration: Until the inquiry is answered. If legal retention obligations exist, processing will be restricted until then.

3.3. Cookies / Web Analysis Service

Purpose: Improvement of services, web appearance, and direct marketing.

Legal basis: Consent (Art. 6 (1) (a) GDPR), performance of contract (Art. 6 (1) (b) GDPR), legitimate interest (Art. 6 (1) (f) GDPR).

Data processed: IP address.

Recipients: Analysis service company/service providers.

Note: If cookies are used to track user behavior, data is processed under both the GDPR and the TDDDG (specifically § 25 (1) TDDDG regarding consent).

3.4. Customer Management, Accounting, Logistics, and Bookkeeping

Purpose: Processing personal data within the scope of business relationships with customers and suppliers, including systematic recording of all business transactions (income/expenses).

Legal basis: Consent, performance of contract, legal obligation (Art. 6 (1) (c) GDPR), legitimate interest (legal claims), or explicit consent (Art. 9 (2) (a) GDPR).

Storage duration: Until the end of the business relationship or expiry of warranty, limitation, and statutory retention periods (e.g., BAO); furthermore, until the conclusion of any legal disputes.

Recipients: Tax office, courts/authorities, suppliers, debt collection agencies, banks, legal representatives, auditors, payroll accountants.

Requirement: Providing your data is necessary for the performance of the contract. Without this data, we cannot conclude a contract with you.

3.5. Customer Support and Marketing for Own Purposes

Purpose: Processing customer and prospect data for business initiation, advertising, and newsletter distribution; CRM.

Legal basis: Consent, performance of contract, legal obligation, legitimate interest.

Storage duration: Data may be stored until the end of the third year after the last contact, unless longer retention periods apply.

4. Data Transfers to Third Countries or International Organizations
The data we process is not transferred to recipients in third countries or international organizations.
Note: For the display of Google Maps, we require your consent according to Art. 6 (1) (a) GDPR in combination with § 25 (1) TDDDG.

5. Telecommunications-Digital-Services-Data Protection Act (TDDDG)
The TTDSG became effective on Dec 1, 2021, and was renamed TDDDG on July 24, 2024. It complements the GDPR. We have adjusted our legal bases to account for the requirements of the TDDDG regarding access to information stored in terminal equipment (cookies).