Data Privacy Policy

HELM AG (hereinafter “we” or “Controller”), Nordkanalstrasse 28, 20097 Hamburg, Germany is responsible for this website.

Our Data Protection Officers can be contacted via the following e-mail address: datenschutzbeauftragter@helmag.com.

1. Definitions

The terms “personal data” or “data” refer to all information related to an identified or identifiable natural person. “Identifiable” means a natural person who can be identified directly or indirectly, in particular through an identifier such as a name, an index number, location data, or one or several characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

“Data subject” means an identified or identifiable natural person, for instance you yourself.

“Controller” refers to the natural or legal person, public authority, agency or other body that solely or jointly decides on the purpose and means of the processing of personal data. 

“Processing” or “process” refers to all manual or automated procedures carried out, or all such series of procedures related to personal data such as the gathering, collation, organization, assignation, saving, adjustment or modification, selection, calling up, use, provision of access through transfer, dissemination or any other means of making data available, comparison, linking, limitation, or deletion. Processing refers to the corresponding activity.

“Processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

Further, the terms used in this Privacy Policy correspond to those used in Art. 4 of the European General Data Protection Regulation (“GDPR”). Please see for additional and deviating requirements according to your local law Sec. 7 of this Privacy Policy.

2. Processing your data

We process the personal data that you make available to us via our website or via e-mail in the manner described in the following.

2.1 Visits to our website

When you visit our website, your browser automatically sends us information that is then temporarily saved in a logfile. This information includes your IP address, the date and time of your visit, time deviation from GMT, HTTP status code as well as the domain name of the website from which you visited ours (referrer URL). We process these data to ensure the correct display, use, stability and security of our own website.

The legal basis for data processing is Art. 6 (1) 1(f) GDPR. Legitimate interest is provided by the above-mentioned data-processing purposes.

We additionally use cookies on our website. Further information on these is available below under section 2.4 of this Data Privacy Policy.

2.2 Contacting us via the Contact Form

Should you have questions about our products or regarding other matters, we give you the option of contacting us via the Contact Form we provide (link on the upper right side). In this context we process your personal data (name, address, telephone number, e-mail address, details regarding your company and position) to be able to provide you with an individualised response to your request.
Within this, the processing of your data is necessary either to carry out pre-contractual measures with you (Art. 6 (1) 1(b) GDPR) or is based on our legitimate interest in responding to your enquiry (Art. 6 (1) 1(f) GDPR).

2.3 Contact via e-mail

You also have the option of contacting us via e-mail should you have questions regarding our products or other enquiries. We process your data, i.e. your e-mail address, destination address, IP address, e-mail programme, date and time of your e-mail, the content of your e-mail as well as the information you provide to enable us to respond to your enquiry individually.
Within this, the processing of your data is necessary either to carry out pre-contractual measures with you (Art. 6 (1) 1(b) GDPR) or is based on our legitimate interest in responding to your enquiry (Art. 6 (1) 1(f) GDPR).

2.4 Cookies

We use ‘cookies’ on our website. These are text files that are saved on your computer or other end-devices such as your smartphone or tablet. Using cookies helps us design our website to meet the needs of users and to continually optimize it, as well as to analyse how you use our website in order to improve it to better serve your interests.

For instance, session cookies show us when you have visited individual pages of our website. Session cookies are automatically deleted when you leave our website.

In addition we also use temporary cookies that are saved on your computer or end-devices for a limited period of time. These cookies indicate to us what data you entered and what settings you selected on a previous visit to our website, so that you do not have to re-enter or reselect these.

Further, we use tracking cookies to log the use of our website statistically and thus to optimise our website.

Our use of cookies may involve processing of your personal data, e.g. your IP address and information on how you interact with our website. The processing of your data in connection with our use of cookies for the above-mentioned purposes is based on our legitimate interest in order to fulfil the purposes listed above and below (Art. 6 (1) 1(f) GDPR) and/or, where required by law, your consent (Art. 6 (1) 1(a) GDPR). 

When you first visit our website you will be required to expressly accept the use of cookies through an “Accept” button, which will be enabled in the cookie notification. In any case, please note that you can block or disable cookies by configuring your browser to block the installation of some or all cookies. Almost all browsers allow you to be alerted to the presence of cookies or block them automatically. If you block cookies, you can continue to use our website, although some services may be limited and your experience on our website may be less satisfactory as a result.

We use the following cookies on our website:

CookieProviderPurposeOpt-Out/ RefusalProcedere
cookieconsent_dismissed
(cookie notification on top of website)
HELM AGChecks whether or not the user has accepted cookiesNot possible, as this is necessary for the technical provision of the website.1 year
fe_typo_user
(standard TYPO3 session cookie)
HELM AGIdentifies the user’s session via a randomly generated numeric code.Not possible, as this is necessary for the technical provision of the website.session cookie
(automatically deleted on leaving the website)
pixel_ratioHELM AGAdjusts the layout file / design to suit the user’s end-device.Not possible, as this is necessary for the technical provision of the website.session cookie
(automatically deleted on leaving the website) 
_ga (Google Analytics)Google LLC
1600 Amphitheatre Parkway
Mountain View
CA 94043 USA (“Google”)
Logs information about the user’s activity on the website.https://tools.google.com/dlpage/gaoptout?hl=en2 Years
_gid (Google Analytics)GoogleLogs information about the user’s activity on the website.https://tools.google.com/dlpage/gaoptout?hl=ensession cookie
(automatically deleted on leaving the website)
_gat (Google Analytics)GoogleLogs the frequency of the user’s visits to the website, to minimise data traffic.https://tools.google.com/dlpage/gaoptout?hl=ensession cookie
(automatically deleted on leaving the website)
NID (Google Maps)GoogleDisplays our locations.https://tools.google.com/dlpage/gaoptout?hl=en6 months
IDE (Google Ads)GoogleMeasures user activity on the website to optimise the display of advertisementshttps://tools.google.com/dlpage/gaoptout?hl=ensession cookie
(automatically deleted on leaving the website) 


In detail:

cookieconsent_dismissed
With the aid of this cookie we can identify whether you have confirmed your acceptance of the cookie notification by clicking “Accept”; if so, the page will not display this notification again. As part of this, your IP address will be saved until you leave the website.

fe_typo_user
This is a standard TYPO3 session cookie that stores information regarding your current website visit (including your anonymized IP address and the time of your visit). To do this, a randomly generated numeric code is created that allows our website to recognise you, as long as you do not close your browser. For example, your language preference will be maintained during your visit to our website.

pixel_ratio
This cookie ensures that our website is correctly displayed to you, through storing information on your screen resolution for the duration of your visit to our website.

IDE (doubleclick.net)
This cookie supports the appropriate display of advertising to the user (for instance, preventing single advertisements from appearing repeatedly). This cookie logs user activity following the display of an advertisement in order to measure its effectiveness and to optimise future advertisements correspondingly for the user.

Google Maps
We use Google Maps, a Google offer, on our website to display the locations of our offices and subsidiaries. When users visit sub-pages in which Google Maps is integrated (‘Locations’ and ‘Contact Form’) a cookie is saved on your end-device to process user settings and user data (language, number of search results displayed, activation of the Google SafeSearch filter).
This cookie is not normally deleted when you close your browser but expires after a certain period, unless you delete it previously. If you do not accept this data processing you can deactivate the Google Maps service and thus prevent data processing by deactivating the JavaScript function in your browser. Further information on the cookies used by Google is available here as well as in Google’s Data Privacy Statement.

3. Access to your data and transfer to third parties

HELM AG’s personnel have access to your data.

Additionally, we commission third parties to carry out data processing on our behalf (as Processors). In such cases their contractual relationships with us are governed by the requirements of the applicable data protection law.

Otherwise your data will not be transferred to third parties (as Controllers) unless we specifically inform you of this in advance, and such data transfer to third parties is permitted under an applicable statutory provision (e.g. your explicit consent, the execution of a contract, or on the basis of other statutory provisions), or we are legally obliged to make this data available to fulfil an applicable statutory requirement.

The following third party companies are working for us as Processors:

Support
sitegeist Media Solutions GmbH
Poßmoorweg 2
22301 Hamburg (Germany)

Provider
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp (Germany)

4. Duration of data storage

As a general principle we only store personal data until the originally intended and approved purpose of saving and storing it has been fulfilled.
Notwithstanding the above general principle, data is not deleted if this information is necessary to fulfil a statutory obligation that we are required to uphold. For instance we are subject to statutory commercial as well as taxation data-storage provisions that require certain data to be stored for up to ten years under applicable local law.

5. Your rights

You have the following rights:

  • the right to be informed about and have access to the personal data we process (Art. 15 GDPR)
  • the right to have the personal data we process corrected and / or completed (Art. 16 GDPR)
  • the right to have the personal data we process deleted (Art. 17 GDPR) or to restrict its processing (Art. 18 GDPR)
  • the right to data portability (Art. 20 GDPR).

You have the right to lodge an official complaint with the responsible supervisory authority.

You have the right under the provisions of Art. 21 (1) and Art. 21 (2) GDPR to refuse the processing of your personal data at any time that is carried out in pursuit of our legitimate interests (Art. 6 (1) 1(f) GDPR).

If you have consented to the processing of your personal data, you have the right to withdraw this consent at any time.

To exercise these rights please e-mail our Data Protection Officers using the contact details provided under Sec. 8.

6. Security of your data

To ensure the security of your personal data we have implemented appropriate technical and organisational measures in accordance with Art. 32 GDPR. We take technical and organisational safety measures so as to ensure that our personally identifiable information is protected against loss, manipulation, destruction and unauthorized access. Our security measures are constantly being improved according to the technological development.

7. Local Law Requirements

Some jurisdictions require additional or amended privacy information as set out in the following:

Brazil:

You will find all Articles of the GDPR, as applicable under Brazilian laws, in Portuguese under: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex:32016R0679.

In particular, this Privacy Policy refers to the following Articles of the GD:

Article 4 – Definitions

For the current regulation, the following definitions apply:

1) “Personal Data” refers to information related to an identified or identifiable natural person (”Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, identifiers through electronic means, or one or several characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

2) “Processing” refers to a procedure or a set of procedures carried out in relation to personal data or a personal data set by automated or non-automated means, such as the gathering, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison, alignment, restriction, deletion or destruction.

3) “Processing restriction” refers to marking personal data stored with the aim of restricting processing in the future.

4) “Profile definition” refers to any form of automated processing of personal data, which consists of the use of such personal data in order to assess certain personal aspects of a natural person, in particular to analyse or predict aspects relating to professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.

5) “Pseudonymisation” refers to processing personal data in such a way that this can no longer be allocated to a specific data subject without resorting to supplementary information, provided that such additional information is maintained separately and subject to technical and organisational measures to ensure that personal data cannot be allocated to an identified or identifiable natural person.

6) “File system” refers to any structured personal data set, accessible according to specific criteria, whether centralised, decentralised or dispersed functionally or geographically.

7) “Controller” refers to a natural or legal person, public authority, agency or another body which, individually or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by the law of the European Union or a Member State, the controller or the specific criteria applicable to their appointment may be provided by the Law of the European Union or a Member State.

8) “Processor” refers to a natural or legal person, public authority, agency or another body that processes personal data on behalf of the Controller.

9) “Recipient” refers to a natural or legal person, public authority, agency or another body who receives personal data communication, regardless of whether or not it is related to a third party. However, public authorities that can receive personal data as part of specific enquiries, under the terms of the law of the European Union or a Member States, are not considered recipients; the processing of data by these public authorities must comply with the data protection rules applicable according to the processing objectives.

10) “Third Party” refers to one or several natural or legal persons, a public authority, service or body who is not the data subject, a controller, a subcontractor as well as to persons who, under the direct authority of the controller or processor, are authorised to process the personal data.

11) “Consent” of the data subject refers to a free, specific, informed and explicit expression of will via which the data subject accepts, via a statement or an unequivocal positive act, the processing of their data.

12) “Personal data breach” refers to a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transferred, stored or otherwise processed in connection with any other type of processing.

13) “Genetic data” refers to personal data relating to the genetic or hereditary characteristics of a natural person which provide unique information on the physiology or health of that natural person and which results, in particular, from an analysis of a biological sample from the natural person concerned.

14) “Biometric data” refers to personal data resulting from a specific technical process relating to the physical, physiological or behavioural characteristics of a natural person enabling or confirming the unique identification of that natural person; in particular, facial or dactyloscopic data.

15) “Health data” refers to personal data related to the physical or mental health of a natural person, including the provision of health services, which reveals information on the individual’s state of health.

[…]

18) “Company” refers to a natural or legal entity which, regardless of its legal form, fulfils an economic activity, including businesses or associations that regularly carry out an economic activity.

19) “Corporate group” refers to a group consisting of the controlling and controlled companies.

[…]

26) “International organisation” refers to an organisation and the public international legal bodies governed by it, or another agency created by an agreement entered into between two or more countries, or by an agreement of this nature.

Article 6 – Lawfulness of processing

1. Processing is only permissible if and inasmuch as at least one of the following situations occurs:
a) The data subject has given their consent to the processing of their data for one or more specific purposes.
b) Processing is necessary for the implementation of a contract to which the data subject is a party, or for pre-contractual arrangements at the request of the data subject.
[…]
f) If the processing is necessary for the legitimate interests pursued by the controller or by third parties, except where the interests or fundamental rights and freedoms of the subject requiring the protection of personal data prevail, in particular, if the subject is a child.
[…]

Article 15 – Access rights of the data subject

1. The data subject has the right to obtain from the controller the confirmation that their data are the object of processing and, if applicable, the right of access to their data as well as the following information:
a) Purpose of data processing.
b) Categories of personal data in question.
c) Recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular, recipients established in third-party countries or belonging to international organisations.
d) Where possible, the retention period of personal data, or, if this is not possible, the criteria used to establish such a period.
e) The existence of the right to request the controller rectifies, deletes or limits the processing of personal data in relation to the data subject, or the right to object to such processing.
f) The right to submit a complaint to a supervisory authority.
g) If the data was not collected from the subject, the available information on the origin of the data.
h) The existence of automated decisions, including the definition of profiles, referred to in Article 22, paragraphs 1 and 4, and at least in such cases, useful information concerning the underlying logic and the significance and consequences for the data subject as a result of such processing.

2. Where personal data are transferred to a third-party country or an international organisation, the data subject shall be entitled to be informed of the appropriate safeguards in accordance with Article 46 related to the data transfer.

3. The controller shall provide a copy of the personal data being processed. To provide other copies requested by the data subject, the controller may require payment of a reasonable fee, taking into account administrative costs. If the data subject submits the request by electronic means, and unless otherwise requested by the data subject, the information will be provided in a commonly used electronic format.

4. The right to obtain a copy as referred to in paragraph 3 shall not affect third-party rights and freedoms.

Article 16 – Right of rectification

The subject shall have the right to obtain, without undue delay, from the controller the rectification of inaccurate personal data. Given the purposes of the processing, the data subject has the right to have their incomplete personal data completed, including by means of an additional statement.

Article 17 – Right to data deletion ('right to be forgotten')

1. The subject has the right to obtain from the controller the deletion of their data without undue delay, and the controller must delete the personal data without undue delay when one of the following reasons applies:
a) Personal data are no longer necessary for the purpose for which it was collected or processed.
b) The subject withdraws the consent on which the processing of the data is based under the terms of Article 6, paragraph 1, subparagraph a) or Article 9, paragraph 2, subparagraph a) and if there is no other legal basis for said processing.
c) The subject opposes the processing under Article 21, paragraph 1 and there are no pre-existing legitimate interests justifying the processing, or the subject opposes the processing in accordance with Article 21, paragraph 2.
d) The personal data was processed illicitly.
e) The personal data must be deleted to comply with a legal obligation arising from the law of the European Union or a Member State to which the controller is subject.
f) The personal data have been collected in the context of the provision of services referred to in Article 8, paragraph 1.

2. When the controller has made the personal data publicly available and is obliged to delete the information in accordance with paragraph 1, they shall take reasonable measures, including technical measures, taking into account available technology and the costs of its application, in order to notify those responsible for the effective processing of personal data that the data subject has asked them to delete links to these personal data, as well as copies or reproductions thereof.

3. Paragraphs 1 and 2 shall not apply where the processing is proven to be necessary:
a) To exercise freedom of expression and information.
b) To comply with a legal obligation requiring the processing provided for by the law of the European Union, or of a Member State to which the controller is subject; to exercise functions in the public interest, or to exercise official authority vested in the controller.
c) On the grounds of public interest in the area of public health, in accordance with Article 9, paragraph 2, subparagraphs h) and i) and Article 9, paragraph 3.
d) For archival purposes in the public interest, for the purposes of scientific or historical research or statistical purposes, in accordance with Article 89, paragraph 1, inasmuch as the right referred to in paragraph 1 is likely to render impossible or seriously impede the achievement of such processing objectives.
e) For the declaration, exercise or defence of a right in a judicial proceeding.

Article 18 – Right to restrict processing

1. The data subject has the right to obtain processing restriction from the controller if one of the following applies:
a) To dispute the accuracy of the personal data, during a period that allows the controller to verify their accuracy.
b) The processing is unlawful and the data subject opposes the deletion of personal data and instead requests the restriction of its use;
c) The controller no longer requires personal data for processing but the data subject requires such data for reporting, exercising or defending a right in a legal proceeding.
d) If processing has been opposed in accordance with Article 21, paragraph 1 until it is established that the controller’s legitimate reasons prevail over those of the data subject.

2. Where processing has been limited under the terms of paragraph 1, with the consent of the subject personal data may be processed, except for preservation or for the purposes of declaration, exercise or defence of a right in a judicial defence of the rights of another natural or legal person, or for important reasons of public interest of the European Union or of a Member State.

3. The subject who has obtained processing restriction in accordance with paragraph 1 shall be informed by the controller before the restriction of such processing is cancelled.

Article 20 – Data transferability rights

1. The data subject has the right to receive their data, which they have provided to a data controller in a structured, current and automated reading format, and the right to transfer their data to another controller without the controller to whom the personal data was supplied being able to prevent it, if:
a) The processing is based on consent given under Article 6, paragraph 1, subparagraph a), or Article 9, paragraph 2, subparagraph a) or in a contract referred to in Article 6, paragraph 1, subparagraph b), and
b) The processing is fulfilled by automated means.

2. In exercising the right to data portability in accordance with paragraph 1, the data subject has the right to have the personal data transferred directly between the controllers, where this is technically possible.

3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice of Article 17. This right shall not apply to the processing necessary to exercise functions in the public interest or to exercise official authority vested in the controller;

4. The right referred to in paragraph 1 shall not affect third-party rights and freedoms.

Article 21 – Right of opposition

1. The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their data on the basis of Article 6, paragraph 1, subparagraphs e) or f), or Article 6, paragraph 4, including the definition of profiles on the basis of those provisions. The controller shall cease the processing of personal data unless they submit overriding and legitimate reasons for such processing which prevail over the interests, rights and freedoms of the data subject, or for the declaration, exercise or defence of a right in a judicial process.

2. When personal data are processed for direct marketing, the data subject has the right to oppose at any time the processing of their data for such purpose, which covers the definition of profiles insofar as it is related to direct marketing.

3. If the data subject objects to the processing for direct marketing, the personal data shall no longer be processed for that purpose.

4. At the time of the first communication to the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and distinctly from any other information.

5. In the context of the use of information society services, and without prejudice to Directive 2002/58/EC, the data subject may exercise their right of opposition by automated means using technical specifications.

6. Where personal data are processed for scientific or historical research or statistical purposes, in accordance with Article 89, paragraph 1 the data subject has the right to object, on grounds relating to their particular situation, to the processing of their personal data, unless such processing is necessary for the performance of tasks in the public interest.

8. Contact

Should you have any queries or comments regarding data privacy please contact our Data Protection Officers via e-mail (datenschutzbeauftragter@helmag.com).

The further development of the internet requires us to update our Data Privacy Policy. We will publish all required changes on this website.

Germany / Hamburg, 20.08.2018