Skip to main contentSkip to page footer

Privacy Statement

Subject matter of this privacy statement

Thank you for visiting the Hettich website and the interest you show in our company. Protecting your personal data is important to us. For this reason we would now like to inform you in detail about data collected when you visit our website and about which rights you have under data protection law.

Controller for data processing and data protection officer

The controller for processing the data that are collected and processed in connection with using our website is

Hettich Marketing- und Vertriebs GmbH & Co. KG
Anton-Hettich-Strasse 12 – 16
D - 32278 Kirchlengern
Tel.: + 49 5733 798 0
info@de.hettich.com

You can reach our company data protection officer at

Hettich Marketing- und Vertriebs GmbH & Co. KG
Data Protection Officer
Anton-Hettich-Strasse 12 – 16
D-32278 Kirchlengern
protection@de.hettich.com

Data acquired on visiting our website

When you visit our website, your browser will transfer specific data to our web server for technical reasons so that we can provide you with the information you have requested. This relates to the following data:

  • Your IP address
  • Date and time of opening one of our web pages
  • Subject matter of the request (specific page)
  • country of origin, language setting
  • Operating system and its access status
  • Browser and version of the browser software
  • The website you came to our website from (referrer)
  • The time spent on our web pages

We process the above mentioned data on the basis of our legitimate interest. This legitimate interest lies in properly displaying our website as well as in ensuring our website's stability and security. (Art. 6 (1) f) of the GDPR, Section 25 (2) no. 2 of the German Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TDDDG)).

The data are erased as soon as they are no longer needed for achieving the above mentioned purposes, at the latest, however, sixty days after they are collected.

We host our website on servers within Germany. The host receives the above mentioned data as a processor.

Use of "Cookies"

We use cookies to ensure the website is operated properly, to provide basic functions, to measure reach and – with your consent – to streamline our services to your interests. To this end, we use different types of cookies:

Session cookies:

These cookies give you unrestricted use of our website while you are visiting it and are automatically deleted as soon as you close the browser.

Persistent cookies:

These cookies automatically recognise your computer on your next visit and show you interest based information. They are deleted after 12 months at the latest.

First party cookies are set by the current website whereas third party cookies come from external organisations.

We only use persistent cookies and third party provider cookies with your prior consent (Section 25 (1) of the TDDDG and Art. 6 (1) a) of the GDPR). If it is absolutely necessary to use cookies, such is done on the basis of Section 25 (2) no. 2 of the TDDDG and data processing in accordance with Art. 6 (1) f) of the GDPR.

You can delete cookies already stored on your device at any time. If you wish to prevent cookies being stored, you can do so via the settings in your internet browser. Please note that some of our website's functions may not work if you have deactivated the use of cookies.

You can change your consent at any time in the cookie declaration on our website.

Change your consent

etracker web analysis service

We use the "etracker" analysis service on our website to collect, collate and evaluate data on the behaviour of visitors to the website. The provider is etracker GmbH, Erste Brunnenstrasse 1, 20459 Hamburg, Germany.

We use etracker to analyse the use of our website. Among other uses, data are collected about the website a user has come from to our website (referrers), about the website's subpages accessed or how often and how long a subpage was viewed for.

By default, we do not use web analysis cookies to analyse user behaviour. The data generated with etracker are only processed and stored on behalf of this website's provider by etracker in Germany and are therefore subject to stringent German and European data protection laws and standards. etracker has been audited in this regard by an independent body, certified and awarded the Privacy Seal ePrivacyseal .

The legal basis for collecting and processing data is Section 25 (2) no. 2 of the TDDDG, Art. 6 (1) sentence 1 f) of the GDPR. Our legitimate interest lies in optimising our web presence. Because the privacy of our visitors is important to us, the data that may enable identification of an individual, such as the IP address, login or device identifiers, will be anonymised or pseudonymised as soon as possible. etracker does not use data for any other purpose nor does it merge them with other data or pass them on to third parties.

You can object to the above described processing of data at any time . Such objection will have no adverse consequences.

Further information on data privacy at etracker can be found here.

Use of Salesforce Marketing Cloud Engagement (formerly Pardot)

We use Salesforce Marketing Cloud Engagement (Plus Edition), formerly "Pardot", a marketing automation solution from Salesforce, Inc, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA ("Salesforce"), which is linked to our CRM system for the purpose of efficiently carrying out marketing measures on an automated basis.

This means that once you give your consent via integrated components (forms, landing pages, newsletter registration), cookies are set on our website for analytical purposes which then let us use Salesforce to analyse your user behaviour in the context of our website offering. This allows us to track the subject matter you are interested in on the basis of your click paths. For this purpose, you are assigned a unique identifier (visitor ID) so we can recognise you again when you visit our website at a later date and bring together your interactions with our website to create an activity profile. Systematically recording and evaluating user behaviour, we can optimise our website, provide our customers with personalised content and product recommendations, conduct effective marketing campaigns as well as measure their success. Via the interface to our CRM system, user profiles are merged with the customer data of yours that we save.

We also use the Salesforce Marketing Cloud to send our newsletters, automated mailshots (e.g. welcoming mailshots) as well as advertising campaigns in social networks. If you have consented to website tracking, your user data will in this case be merged with your data from the sending of newsletters for creating an appropriate activity profile in our customer database.

Data are only collected and stored after express consent is given in accordance with Section 25 (1) of the TDDDG, Art. 6 (1) sentence 1 a) of the GDPR You can withdraw your consent at any time with immediate effect for the future.

Salesforce Marketing Cloud data is stored and processed on Salesforce servers in the USA. Salesforce has obtained certification in accordance with the EU-US Data Privacy Framework (DPF) Program, and is included on the Data Privacy Framework List of the International Trade Administration (ITA). This means that Salesforce has publicly committed to complying with DPF obligations, and any data transfer to the USA is unobjectionable and safe in line with the current adequacy decision of the European Commission from 10 July 2023.

A list of currently certified US companies can be found here: https://www.dataprivacyframework.gov/s/participant-search

As Salesforce servers are distributed worldwide and transfer to other third countries cannot be completely ruled out in the absence of any adequacy decision, we have additionally concluded the EU Standard Contractual Clauses with the provider. Salesforce has also undertaken to comply with binding corporate guidelines that have been approved by the responsible supervisory authority. Further information on data privacy at Salesforce as well as copies of binding corporate policy and agreed standard data protection clauses can be found at https://www.salesforce.com/de/campaign/gdpr/

SalesViewer

On the basis of the website operator's legitimate interests (Art. 6 (1) f) of the GDPR), this website uses SalesViewer® technology from SalesViewer® GmbH, Universitätsstrasse 60, 44789 Bochum, Germany, to collect and store data from identified companies and organisations that visit our website for marketing, market research and optimisation purposes.

To this end, a javascript based code is used for collecting company-related data and use such accordingly. The data collected with this technology are encrypted using a nonreversible one way function (known as hashing). The data is immediately pseudonymised and is not used to identify in person the visitor to this website. 

The data stored within the framework of Salesviewer® will be erased as soon as such is no longer required for its intended purpose, and erasure does not conflict with any statutory retention obligations.

You can object to the collection and storage of data at any time with effect for the future by clicking this link https://www.salesviewer.com/opt-out, thereby preventing any collection by SalesViewer® within this website in the future. In this context, an opt out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again.

Making contact

The personal data you give us will be collected when you contact us (e.g. by contact form). The particular contact form shows which data will be collected when you contact us. These data will only be used for the purpose of making contact and for handling your specific request. The legal basis for processing data is our legitimate interest in handling your request in accordance with Art. 6 (1) f) of the GDPR. Once your request has been dealt with in full your data will be erased unless such is opposed by any statutory retention periods.

Newsletter subscription

Our website gives you the opportunity to subscribe to our various industry specific newsletters. 

By subscribing to the newsletter, you agree that we and the Hettich Group company serving you may inform you by email at regular intervals about industry trends and new products, trade fairs and customer events, send you exclusive insights into company news and use the data that you provide for this purpose.

On the basis of the consent you previously gave us (Art. 6 (1) a) of the GDPR), we collect and use the email address you stated on subscribing to the newsletter. Above and beyond this, it is necessary to specify an industry you are interested in along with the applicable country so that you can be informed about news and events relevant to you. The provision of further data, such as your name, is voluntary and marked accordingly as optional data. These data will be used to address you personally.

To register for our newsletter, we use the double opt-in procedure. This means that after registration, we send you a message to the e-mail address you gave us in which we ask you to confirm your registration. If you do not confirm your subscription within four weeks, it will be automatically deleted.

The legal basis for sending the respective newsletter is your consent under Art. 6 (1) a) of the GDPR. With immediate effect for the future, you can at any time withdraw your consent to the newsletter being sent. You can withdraw your consent via the link provided for this purpose in every newsletter or by emailing protection@de.hettich.com. We will store your personal data until you unsubscribe from the newsletter or declare to us that you wish to withdraw your consent.

When you subscribe to the newsletter, we also store your IP address as well as the date and time of your confirmation for up to three years after subscribing (limitation period) so as to be able to prove your subscription in case of doubt and, if necessary, trace any possible misuse of your email address at a later time. The legal basis for logging the subscription is our legitimate interest under Art. 6 (1) f) of the GDPR in demonstrating any previously given consent, also see Art. 7 (1) of the GDPR.

Newsletter tracking

Our newsletters contain a click-tracking script. This click-tracking script is used to record a log file or analyse a log file. The embedded click tracking script tells us whether and when you have opened an and which links in the email you have clicked. This creates what are referred to as click paths. Personal data collected via the click-tracking script contained in the newsletters are saved and evaluated by us in order to optimise delivery of our newsletters and match the content of future newsletter to your interests even better. If you do not want the newsletter to be tracked, you are entitled at any time to withdraw the declaration of consent you have given to receiving newsletters. Tracking of this nature cannot be done either if you have deactivated the display of images in your email program by default. In this case, however, the newsletter will not be displayed in full and you may not be able to use all functions. If you display the images manually, above mentioned tracking will take place.

Your click tracking data used by us for optimising the sending of newsletters and for matching the content of future newsletters even better to your interests will be erased three years after they are collected.

To provide our newsletter service as well as to collect and analyse profile data, we use the Salesforce Marketing Cloud (formerly Pardot), which we explain in more detail in the section headed "Use of Salesforce Marketing Cloud Account Engagement".

Direct advertising

We use direct marketing measures via various advertising channels to inform our customers about news. As the services and products we offer are aimed exclusively at retail partners and corporate customers, we mainly use company related and no personal data. As we attach importance to addressing our customer contacts in person, we use the work related contact data of natural persons in those cases permitted by law. For this purpose, we only use your data that we have collected as part of a contractual relationship with you, insofar as our legitimate interest in processing for the purpose of direct advertising outweighs your interest (Recital 47 p. 7). The legal basis for processing your personal data in this respect is our legitimate interest in implementing direct advertising measures, Art. 6 (1) f) of the GDPR and Recital 47 p. 7. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. If you object to processing for purposes of direct advertising, your data will no longer be processed for these purposes.

If we also receive your email address from you as a corporate customer in connection with the sale of our goods or services, we will subsequently inform you about similar goods and services from our company. The legal basis in this respect is Art. 6 (1) f) of the GDPR in conjunction with the statutory authorisation pursuant to Section 7 (3) of the German Act against Unfair Competition (UWG). You can object to such processing at any time by contacting us or, if you receive the newsletter, by clicking the link provided in each email, without costs arising by virtue thereof, other than transmission costs in accordance with the basic rates.

Hettich eShop

In our eShop, we offer our industrial customers and retail partners the opportunity to create a Hettich customer account with ordering function. All other users have the option, as a guest, of creating a shopping basket and ordering products from our Hettich retail partners. You will be redirected to the relevant websites of individual Hettich retail partners via the retailer finder function. Please observe the data privacy policy of individual retail partners in respect of data processed during the course of ordering from one of our retail partners, 

eShop customer account:

We offer our industrial customers and retail partners the option of creating a customer account through our sales operation. We collect and store the following data for creating this customer account:

  • First name and last name of the person with access rights
  •  
  • Company/ business
  • Email address (business)
  • Password

After initiating the process of opening a customer account, you will receive a confirmation link by email. Registration will only be completed successfully by clicking this link and entering a password for the first time. Although creating a customer account is voluntary, it must be done before you can use our own eShop's ordering function.

As our eShop is aimed exclusively at industrial customers and retail partners, we generally process your business data. The legal basis for processing personal data is Art. 6 (1) a), b) and f) of the GDPR.

You can instruct us to erase your customer account at any time. On deleting the account, all personal data not subject to a statutory retention obligation or Article 17 (3) of the GDPR will be erased.

For the processing of data in the course of the ordering process, please refer to the data privacy notice for customers, which we will make available to you separately.

Social media plugins

We do not use any plugins automatically activated by social networks ("social media plugins") on our website.

The buttons for our social media pages, such as Facebook, Twitter, Xing or Instagram, are merely links that direct users to the corresponding provider's page. Furthermore, our website contains elements known as news boxes, which link to our pages on social media platforms. These news boxes – which are marked with the logo for the corresponding social media site – are also only links.

The integration of these buttons and news boxes in our website does not mean that any personal data is sent to the provider of these social media platforms when you open our website.

You will be directed to the corresponding social media page when you click on these buttons or news boxes. In this context, we refer to Item 13 of this Privacy Statement.

Social media pages 

Social media have become an integral part of the internet and modern communication. To stay in contact with our customers and prospects, we operate our own social media profile pages on selected social networks such as Facebook, Instagram, LinkedIn and Xing. In this context, we regularly publish contributions, stories or posts from our company, which you can publicly interact with using the social media platform's particular functions. We only process the personal data that have become an obvious part of our social media page as a result of your participating in such.

The moment you access our respective social media page, your browser connects with the servers of the operators concerned. At all events, regardless of whether or not you are registered with the respective social network, your IP address will be transmitted and cookies may be set. If you are a member of one of the above mentioned social networks and are logged into your user account, the provider can also match your visit to our social media page to your user account.

If you wish to prevent the respective provider from linking the data about your visit with your stored membership data, you should log out of the respective account before visiting our social media pages and delete the cookies stored on your device. However, even after these steps have been taken, the provider may still recognise you by means of unique identifiers, such as device IDs and other identifiers.

Above and beyond the publicly visible functions, all of the above mentioned social networks offer the option of viewing anonymous statistics on the interaction of visitors with our company profiles. These Insights functions provide us with anonymised data on visitors and their interactions with our social media pages in the form of statistics which the providers collect by using means such as cookies and other technologies. This does not enable us to draw any conclusion as to your person, even if you are logged into your respective user account when you visit our social media site.

The statistics of these Insights show us in particular our followers' and visitors' development trends, their summarised demographic data (average age, gender, approximate abode: country and town/city), as well as the reach of our posts (interactions, reactions, comments) so as to deduce those contents that interest our customers and prospects more than others contents do.

Further information on Insights can be found here:

Facebook Insights

Instagram insights

LinkedIn insights

Xing

The legal basis for using our social media pages as well as the Insights function is our legitimate interest, Art. 6 (1) f) of the GDPR. We see our legitimate interest in processing data to be in presenting our company as well as our products and services for your information and, in particular, in providing contemporary ways of communicating for and with you. The Insights function lets us better understand the needs and interests of our audience and improve our presence in social networks. If you have given your consent to data processing when visiting the social media site (e.g. by using the respective cookie banner), such processing will take place on the basis of your consent (Art. 6 (1) a) of the GDPR), which you can revoke at any time for the future.

As the operators Meta (Facebook and Instagram) and LinkedIn are headquartered in the USA, data processing outside the European Union cannot be ruled out. Both providers have obtained certification in accordance with the Data Privacy Framework (DPF) Program, and is included on the Data Privacy Framework List of the International Trade Administration (ITA). This means that the providers have publicly committed to compliance with a level of data protection equivalent to that in the EU. To this extent, any data transfer to certified US companies is always unobjectionable and safe by virtue of the current adequacy decision of the European Commission from 10 July 2023.

We share joint controller responsibility with the operators of the respective social network for the data processing operations taking place in connection with your visit to our social media pages:

Facebook und Instagram:

Meta Platforms Ireland Limited,
Serpentine Avenue, Block J,
Dublin 4 Ireland 

Given joint controller responsibility, we inform you below with regard to Art. 26 of the GDPR about the essential aspects of the agreement existing between us and Meta on joint responsibility: https://www.facebook.com/legal/terms/page_controller_addendum

LinkedIn: 

LinkedIn Irland Unlimited Company,
Wilton Place,
Dublin 2, Ireland

Given joint controller responsibility, we inform you below with regard to Art. 26 GDPR about the essential aspects of the agreement existing between us and LinkedIn on joint responsibility: https://legal.linkedin.com/pages-joint-controller-addendum

Xing bzw. onlyfy:

New Work SE,
Am Strandkai 1,
20457 Hamburg

Given joint controller responsibility, we inform you below with regard to Art. 26 GDPR about the essential aspects of the agreement existing between us and New Work SE on joint responsibility: https://www.xing.com/terms/onlyfy-one#h2-vereinbarung-zur-gemeinsamen-datenschutzrechtlichen-verantwortlichkeit

Your rights:

You can assert your rights vis-à-vis us and the respective operators of the social networks.

Please note that the operators of the social networks also process your data for their own purposes which are beyond our control. For further details, please refer to the operators' data privacy notices:

Facebook and Instagram

LinkedIn

Xing

Lucky draw

If you choose to enter one of the prize draws we offer, we will process your personal data insofar as it is required for the purposes of taking part. This is usually your name and contact details. Your data will be processed for the purpose of authorising you to participate, of notifying you and sending the prize. For some prize draws, we may pass your data on to our prize drawer partners, for example in respect of sending you the prize. Depending on the drawer, the way in which data are processed and passed on may vary, and is therefore specifically described in the respective terms and conditions of taking part and in the data privacy notices. Participation in prize draws and collection of data associated with this is, of course, voluntary.

The legal basis for processing of data in the context of taking part in prize draws is always Art. 6 (1) b) sentence 1 of the GDPR. We will delete your participant data once the drawer has closed unless there is any legal basis for storing such beyond this point. Further information will be communicated to you separately in the data privacy notices on the respective prize drawer.

Links to third-party websites

This website contains links to websites of third parties (e.g. our sales partners). Once you have clicked on the link, we no longer have any influence over the way any personal data sent as a result of clicking on the third party's link (e.g. your IP address) is collected, processed and used as we have no control over the third party's conduct. We bear no responsibility for the processing of such personal data by third parties.

External services

We incorporate external services or contents on our website. If you use services of this type or if contents from third parties are displayed to you, communication data will be exchanged between you and the relevant provider for technical reasons.

The provider of the particular third-party services or contents may sometimes also process your data for further purposes of their own. To the best of our knowledge and belief, we have configured services or contents from providers who are known to process data for their own purposes in a way that either no communication takes place for purposes other than to display contents or services or in a way that any communication only takes place if you actively decide to use the service. As we have no influence on the data collected by third parties or on the way in which they process them, we cannot provide any binding information on the purpose for which and on the extent to which your data are processed.

For further information on the purpose for which and the extent to which your data are collected and processed, please therefore refer to the data privacy information given by the providers of the services and contents we incorporate and who are responsible in law for protecting data.

Passing of your personal data

Within the Hettich group of companies only those companies gain access to your data which need them to meet contractual or legal obligations or to which we are authorised to communicate personal data on the basis of a balancing of interests.

Any external service providers we use may also receive data for these purposes. Our service providers are carefully selected and regularly monitored by us. They only process personal data on our behalf and in strict accordance with our instructions on the basis of relevant processor contracts (Art. 28 of the GDPR).

Otherwise no third party will receive your personal data. In particular, we will neither sell them nor will we utilise them in any other way. Only if we are officially requested or obliged to do so in law will we communicate data to the government authority responsible.

Rights of Data Subjects

Applicable data protection law gives you extensive rights vis-à-vis the controller (see clause 2 above) in relation to the processing of your personal data. Every data subject has the 

  • right to being informed about the data we store about their person;
  • Right to rectification, erasure or restriction of processing of their personal data;
  • Right to object to processing (for further details, refer to clause 19)
  • Right to data portability;
  • right to complain to a data-protection supervisory authority.

Withdrawal of consent given

If you have given your consent to personal data being processed, you can withdraw this from us at any time. Please note that withdrawal will only take effect for the future. This will not apply to any processing taking place before consent is withdrawn.

Information on your right to object

You have the right at any time to object to your data being processed on the basis of Art. 6 (1) f) of the GDPR (processing of data on the basis of a balancing of interests) if any grounds for such arise from your particular situation. Within the meaning of Art. 4 (4) of the GDPR, this also applies to any profiling based on the above provision.

If you file an objection, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of establishing, exercising or defending legal claims.

The collection of data for providing the website and the storage of log files are imperative for operating the website.

In individual cases, we process your personal data to carry out direct advertising. You have the right at any time to file an objection to your personal data being processed for the purpose of advertising of this type; this shall also apply to profiling insofar as this is in connection with such direct advertising.

If you object to processing for purposes of direct advertising, we shall no longer process your personal data for these purposes.

Effective: January 2025