Print

Data protection

Data Protection Declaration

Welcome to the websites of Häfele SE & Co KG, www.haefele.de or www.hafele.com. The protection of your data is important to us. We would therefore like to inform you in the following about which data from your visit we will be using for which purpose.
 

1.    Responsible

Controller within the definition of the General Data Protection Regulation (the “GDPR”) and other data protection provisions: applicable within the Member States of the European Union is: 

Häfele SE & Co.KG (“Häfele”)
Adolf-Häfele-Str. 1
72202 Nagold, Germany
Phone: + 49(0) 74 52 95 0
Fax:     + 49 (0) 74 52 95 2 00
E-mail: info@haefele.de

  

2.    Contact data of the Data Protection Officer 

Häfele's Data Protection Officer can be contacted as follows:

Häfele SE & Co KG 
Data Protection Officer
Adolf-Häfele-Str. 1 
72202 Nagold, Germany

E-mail: HDEDatenschutzbeauftragter@Haefele.de
 

3.    Data processing

3.1.    General information 

Personal data is all data that can identify you personally, such as your name, address, email address and online user names. The personal data of our users is used as follows: 

1.    performing our services,
2.    ensuring the delivery of technical support.

Unless otherwise described in the following sections, in general no personal data will be collected, processed or used in connection with the use of this website. 

3.2.    Storage of access data, creation of log files

Whenever a user accesses a page on this website, and whenever a file is accessed, access data about this procedure is recorded in a log file and saved. The recorded information is standard logging. Each data record consists of the following:

  • Date/time of request
  • Page from which the file was requested
  • Pages retrieved via our website by the user's system
  • Called up file name
  • Transmitted volume of data
  • Access status (file transferred, file not found)
  • Description of operating system and web browser used, client IP address and user name (login data) of authenticated users

This data is used to deliver the content of our website, ensure the functionality of our information technology systems, and to optimise our online presence. The data may be used in an anonymised form for statistical purposes (see below), as well as for the purposes of data security, especially for error analysis and preventing hacking attempts (Art. 6 (1f) GDPR). Access rate will not be used for the creation of individual user profiles, nor be passed onto third parties, and will be erased after 90 days at the latest.

3.3.    Use of IP addresses

Each time our homepage is accessed, Häfele uses the client IP address to determine the country from where the access is made, in order to route the requesting party to the specific Häfele homepage of the relevant country. This data is not used further, with the exception of the storage of access data, and creation of log files described under No. 3.2.

3.4.    Contact form

If there is an option for entering personal or business information on this website, the information is always entered voluntarily. Information required to perform the desired operation is designated with an asterisk ‘*’. If you provide us with personal or business information via the contact forms, we will only use it for the respective intended purpose. Your consent constitutes the legal basis for this (Art. 6 (1a) GDPR). Data transfers are encrypted using SSL or TLS technology in order to prevent the unauthorised access of your personal data by third parties.

3.5.    Supplier portal

You enter your surname, first name and other business data in order to register for the supplier portal. This will enable you to access our services for suppliers. The data will be stored for the duration of the registration, for the purpose of performing the contract and in order to fulfil statutory obligations. The legal basis for this is Art. 6 (1 a and b) GDPR. You may cancel your registration at any time. In that case, your access will be blocked immediately and erased upon the expiry of the statutory retention obligations.

3.6.    Chat function

If you use the website’s chat function to contact Customer Service, various pieces of information will be relayed to Customer Service when the chat is initiated. Examples of these types of information include the specific sub-page of the Häfele website on which you are located at the start of the chat, the help topic you selected on the website, your name and address as provided by you, and the e-mail address, browser version and operating system version. The chat platform will also relay information at regular intervals, regarding the availability of the chat service. The button on the website for starting the chat will be activated or deactivated based on this information. We store the Chat history for a maximum period of 6 months to ensure that the issue can be transferred seamlessly if there is ever a change made to the support staff, and to improve our service quality with the aid of analyses performed on the history data statistics. To enable you to refer back to your previous inquiry, the chat history will be attributed to you according to the data you have entered, or directly assigned to your customer account if you are currently logged in. If, during the course of the chat, it transpires that internal queries need to be forwarded to other departments or specialists, the storage period may be extended until your query is conclusively clarified. The transfer of data is performed using SSL or TLS technology to prevent other parties accessing your personal data without authorisation. The legal basis for this is our legitimate interest in keeping our communications with you as efficient as possible (Art. 6(1)(f) GDPR).

3.7.    Newsletter

You have the opportunity of subscribing to our newsletter. To do so, you are required to enter your email address to which we will send the newsletter. If you enter this into the input screen, we will record your (company) name in order to address the newsletter personally to you. By entering your email address you agree that we may use your data for the purpose of sending the newsletter to tell you about our news. The legal basis for this processing is Art. 6 (1a) GDPR. Your email address will not be used for any other purpose. Häfele mails its newsletters using the XQueue Maileon mailing system. The system processes data to make improvements to the newsletter, such as technical optimisation of the mailing process and the presentation of the newsletter, for statistical purposes and for personalisation and other optimisation purposes. When the user opens the newsletter, a tracking pixel logs the opening, and every click made in the newsletter will be counted by a server-side forwarding system. The data is not used in any other way, nor is it passed on to third parties.

You can cancel your newsletter subscription and the consent you issued at any time; this will then take effect for the future. If you wish to cancel your newsletter subscription, please use the relevant button in the newsletter sent to you. Your email address will then be promptly erased from our system.

3.8.    Webshop

If you would like to place an order in our webshop, the conclusion of the contract requires you to provide your personal data that we need in order to execute your purchase order. An “*” indicates the mandatory information required to execute contracts; other data is voluntary. To place an order with us, you are required to enter your company-specific customer number. We will process the data provided by you, in order to execute your purchase order. To this end, we may forward your payment data to our house bank. The legal basis for this is Art. 6 (1 1st sentence b) GDPR.

We may also process the data you provide, in order to inform you about other interest products in our portfolio, or to send your emails containing technical information. The legal basis for this is Art. 6 (1 1st sentence f) GDPR.

We also process the data, sometime using automated processes, to analysis certain personal aspects (profiling). We use this for the purpose of giving you targeted product information and advice, and to provide you with recommendations. These analyses enable us to deliver appropriate communications and marketing, including market research and opinion polling.

To do this, in the web shop we use your personal customer master data as well as your order history data with Häfele (including outside of the web shop), the type and method of your interaction with the website or other Häfele services (e.g. newsletter). We use in-house developed programmes for this purpose. This data processing is performed in the pursuit of our overriding legitimate interest in a weighing of interests in the optimised presentation of our products and services, and in making appropriate recommendations of products in accordance with Art. 6 (1) (f) GDPR.

Commercial and tax law stipulations oblige us to store your address, payment and order details for a period of ten years. However, we will implement a limitation on processing after three years, meaning that your data will only be used in order to fulfil the statutory obligations.

The order procedure is encrypted using SSL or TLS technology in order to prevent the unauthorised access of your personal data – particularly your financial data – by third parties.

3.9.    Use of apps

When you use the app, our servers will temporarily save the IP address of your device and other technical characteristics, such as the requested content (Art. 6 (1 b) GDPR). Häfele will not use the data over and beyond this. Our app enables you to use various functions provided by a third party (such as Apple or Google), and used by the "controller" of the data processing operation. Please consult the relevant operating system vendor for details on the functionality, and how you can turn the use on and off.

3.10.  Integration of third-party services 

We have integrated YouTube videos into our online site. This are stored on https://www.youtube.com/ and can be viewed directly via our website. These are all integrated into the “enhanced data protection mode”, meaning that YouTube will not receive any data about you as a user, if you do not play the videos. The data described in No. 3.3 will only be transferred if you view the videos. We have no control over this transfer of data. 

We have integrated Google Maps – a service provided by Google LLC – into our website. (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA, as the third-party provider. When you visit the website, the third-party provider receives the information that you have retrieved the relevant sub-pages of our website. Furthermore, the data described in No. 3.3 of his notice will be transferred. This takes place regardless of whether this third-party provider provides a user account which you have logged into, or if no user account exists. If you are logged into the plug-in provider, this data will be directly correlated with your user account. If you do not wish the plug-in provider to make the correlation with your profile, you need to log out before activating the button.

Google stores this data for user profiles where relevant, and it uses the data for the purposes of advertising, market research and/or for the appropriate design of its website. This kind of analysis is particularly performed (not only for logged-in users) for the purpose of delivering appropriate advertising, and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles. You have to contact Google in order to exercise this right. The legal basis for this processing is Art. 6 (1f) GDPR.

Further information regarding the purpose of scope of the collection and the processing of this data by the plug-in provider can be found in Google’s Privacy Police: https://policies.google.com/privacy?hl=en-GB&gl=de. It also contains further information on your rights in this connection, and the configuration options to enable you to protect your privacy. 

3.11.  Cookies

Cookies will be stored on your device when you use our website. Cookies are small text files that are assigned to your browser, enabling us to receive certain information. They cannot run programs or transmit viruses, but serve to make the general online experience more user-friendly and effective. 

Change cookie settings

Types of cookies and how they are used
We use two main types of cookies:

  1. Technically essential cookies – These are necessary for the website to function properly. They enable basic functions such as navigation and access to secure areas.
  2. Optional cookies – These are used to improve the user experience, analyse the performance of our website and provide personalised advertising.

Cookie overview
Download list.

Legal basis
The legal basis for consent to the storage of or access to information is Section 25 (1) of the German Telecommunications Digital Services Data Protection Act (TDDDG) in conjunction with Art. 6 (1) lit. a GDPR for the processing of personal data. The legal basis for the use of technically essential cookies is Section 25 (2) No. 2 TDDDG in conjunction with Art. 6 (1) (f) GDPR in order to safeguard our legitimate interests. We have a legitimate interest in offering you a user-friendly website with a wide range of functions.

Withdrawal of consent – Management of cookie settings
As a rule, you have the option of managing or deactivating cookies via your browser settings. Please note, however, that this may limit the functionality of the website. Further information can be found in the help section of your browser. If we process cookies on the basis of your consent, you may withdraw your consent to the use of cookies at any time in the cookie consent tool on our website by changing your settings. The legitimacy of the processing remains unaffected until consent is withdrawn. 

3.12.  Google Analytics

This website uses Google Analytics, a web analytics service provided by GoogleLLC. (“Google“), Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies", text files stored on your computer, and which make it possible to analyse the use of the web site. The information that is generated by cookies about the use of this web site are usually transmitted to a Google server in the USA and stored there. This website uses Google Analytics with the extension “gat._anonymizeIp();” to guarantee the anonymous capture of IP addresses (“IP masking”). If IP anonymization is activated on this website, however, your IP address will be truncated by Google from within a Member State of the European Union or from within any other country which is party to the Agreement on the European Economic Area. The full address will be transmitted to a Google server in the USA and shortened there in exceptional cases only. Google will use this information on our behalf for purposes of evaluating your use of the website, compiling reports on website activity and providing the website operator with other services relating to website use and internet usage. The IP address transmitted within the scope of Google Analytics by your browser will not be combined with other data by Google. The legal basis for the processing of your data is your consent in accordance with Art. 6 (1)(a) GDPR. Google Analytics sets the following cookies: _ga, _gid, _gat, AMP_TOKEN and possibly _gac. (For more information, see https://developers.google.com/analytics/devguides/collection/gtagjs/cookie-usage.) We keep the collected data for up to 36 months.

You can withdraw your consent by changing the settings in the cookie consent tool.

3.13. Google Analytics advertising functions

This website uses advertising functions of Google Analytics not included in the standard implementation. These functions link data from your Google account and Häfele Google Ads with data from Google Analytics (data integration of Google Ads and Analytics). The following cookies are set for this purpose: NID, ENID, ANID, IDE, VISITOR_INFO1_LIVE and YEC. These cookies are stored for between 6 months and 13 months. If you have deactivated personalised advertising, this setting will be saved until 2030. DSID cookies are stored for 2 weeks. (You can also find more information about these cookies on the Google website: https://policies.google.com/technologies/cookies#types-of-cookies). We keep the collected data for up to 36 months.

The advertising functions of Google Analytics have the following purposes:

3.13.1. Remarketing with Google Analytics

Through the data integration of Google Ads and Analytics, user segments can be created which have seen certain ads but not paid attention to them. These segments can then be shown more relevant ads to encourage them to interact with the ad.

3.13.2. Reports on impressions in the Google Display Network

Through the data integration of Google Ads and Analytics, reports can be retrieved in Google Analytics showing where and when which Häfele ads were displayed in the Google Display Network. This enables Häfele to obtain detailed information about where and when the ads were seen.

3.13.3. Google Analytics reports on performance by demographics and interests

Google Ads creates estimates of demographic characteristics (e.g. age, gender, parental status) and interests from user data and makes them available in Google Analytics. These reports enable Häfele to narrow down target customer segments more precisely.

3.13.4. Additional data via Google cookies for ad preferences

Through the data integration of Google Ads and Analytics, additional data can be collected in Google Analytics via Google cookies for display intent and identifiers. This enables seamless integration of Google Ads and Google Analytics and allows ad-based data about users to be analysed in Google Analytics. These cookies are set by websites which display Google Ads. Information about Google Ads cookies can be found here: https://policies.google.com/technologies/cookies#types-of-cookies

The legal basis for the processing of your data is your consent in accordance with Art. 6 (1)(a) GDPR. The recipient of the data is GoogleLLC. (“Google“), Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can revoke this consent in the Cookie Consent Tool (Performance Cookies category) at any time by changing your settings.

3.14. Google Tag for Google Ads

The website uses a Google tag for Google Ads, this allows us to personalise advertisements. The legal basis for the processing of your data is your consent in accordance with Art. 6 (1)(a) GDPR. The recipient of the data is GoogleLLC. (“Google“), Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can revoke this consent in the Cookie Consent Tool (category Cookies for marketing purposes) at any time by changing your settings.

3.15.  Social Media presence

We maintain an online presence in Facebook, Instagram, Twitter and LinkedIn social networks to communicate with our business partners and to enter into contact with you as a visitor to this website. The operation of these pages incorporating the use of users’ personal data is performed on the basis of our legitimate interest in an auxiliary information and interaction facility with our customers in accordance with Art. 6 (1) (f) GDPR. If users are asked by the relevant platform operators to give their consent to the data processing described above, the legal basis for the processing is Art. 6 (1) (a), Art. 7 GDPR.

Please not that, as the operator of this site, we cannot preclude the transfer to, and subsequent processing of users’ personal data in third countries, such as the USA, as well as any risks this may entail to users (e.g. difficulties in asserting rights). U.S. providers with Privacy Shield certification have undertaken to comply with EU data privacy standards.

Users’ data are generally processed for market research and advertising purposes. User behaviour and users’ interests identified on that basis, can be used to create user profiles, for example. User profiles can, in turn, be used for displaying ads inside and outside of the platforms, for example. To this end, cookies are regularly saved on users’ computers, for the purpose of storing users’ behaviour and users’ interests. Data can also be stored in user profiles across any device.

Facebook
In its decision of 5 June 2018, the European Court of Justice (ECJ) ruled that the operator of a Facebook fan page is a controller jointly responsible with Facebook for the processing of personal data. Facebook’s Data Policy contains further information on the processing of data: https://www.facebook.com/about/privacy/. Users can exercise their right to refuse here (opt-out): https://www.facebook.com/settings?tab=ads. Facebook Insights enable us to view statistical data for a range of categories. These statistics are generated and supplied by Facebook. As the operator of this page, we have no influence over the generation or presentation. We are not able to deactivate this function, or block the generation and processing of data. Information on this data processing is available direct from Facebook at https://www.facebook.com/legal/terms/information_about_page_insights_data

Instagram
The Instagram data policy is available here: https://help.instagram.com/155833707900388.

Twitter
The Twitter data protection notes are available here: https://twitter.com/de/privacy. An opt-out tool is provided here: https://twitter.com/personalization.

LinkedIn
The LinkedIn privacy policy is available here: https://www.linkedin.com/legal/privacy-policy.

3.16.  Meta Pixel

Our website uses the ‘Meta Pixel’ from Meta Platforms, Inc. (1 Hacker Way Menlo Park, CA 94025 USA) to measure the effectiveness of our Facebook and Instagram advertising and to collect and optimise target group-specific data on how users interact with our website. Integrating this analysis tool on our website enables us to analyse and evaluate user behaviour after they click on one of our advertisements on Facebook or Instagram and are then redirected to our website. This continuous analysis enables us to compile precise statistics on the success of our adverts and, on this basis, to display Facebook and Instagram adverts tailored to specific target groups on other websites using re-targeting.

The following personal data is collected and processed for this purpose:

  • IP address
  • Page views
  • Time of access
  • Referrer URL
  • User behaviour on our website (viewing product pages, button clicks, completed purchases, shopping baskets etc.)

Your data is continuously transmitted to Meta and analysed by Meta both to achieve the purposes described above and to serve Meta’s own purposes. In the course of this continuous exchange of data between Häfele and Meta, it cannot be ruled out that your personal data will be transferred to the USA, where Meta has its headquarters. Meta is certified under the Data Privacy Framework and therefore offers a level of data protection equivalent to the GDPR: https://www.dataprivacyframework.gov/list.

We are jointly accountable with Meta under data protection law for the collection of your usage data when you visit our website and the transmission of this data to Meta, but Meta is solely responsible for analysing your data, in particular for Meta’s own purposes. We have no influence on how and to what extent Meta uses the data. Further information on data processing by Meta can be found here: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0.

If you are logged into your Facebook and/or Instagram account, Meta can assign the visit to our website and the user data collected to your account. We therefore recommend that you log out of your account before visiting our website.

The legal basis for the processing of your data is your consent in accordance with Art. 6 (1)(a) GDPR.  You can withdraw your consent by changing the settings in the cookie consent tool.

The data collected by the Meta Pixel through our website will be deleted from our systems as soon as you revoke your consent to storage or the purpose for data storage no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.

3.17. LinkedIn Insight Tag

Our website also uses the ‘LinkedIn Insight Tag’ from LinkedIn Ireland Unlimited Company to measure the effectiveness of our advertising on LinkedIn and to collect and optimise target group-specific data on how users interact with our website. Integrating this analysis tool on our website enables us to analyse and evaluate user behaviour after they click on one of our advertisements on LinkedIn and are then redirected to our website. This continuous analysis enables us to compile precise statistics on the success of our adverts and, on this basis, to display LinkedIn adverts tailored to specific target groups on other websites using re-targeting.

The following personal data is collected and processed for this purpose:

  • IP address (shortened or hashed)
  • URL and referrer URL
  • Device information
  • Browser information
  • Page views
  • Time of access
  • User behaviour on our website (button clicks, completed purchases, shopping baskets)

By integrating the LinkedIn Insight Tag on our website, a connection to the LinkedIn server is automatically established when the website is accessed and your data is continuously transmitted to LinkedIn. For this purpose, LinkedIn sets several conversion cookies in your browser. Information on the cookies set by LinkedIn can be found here: https://www.linkedin.com/legal/l/cookie-table. The cookies have a limited validity period. If you visit certain pages within our website and the cookie has not yet expired, both we and LinkedIn are able to identify that you have been redirected to this page after clicking on the advert. 
Your data will be analysed by LinkedIn both to achieve the purposes described above and to serve LinkedIn’s own purposes. Häfele only receives summarised, anonymised statistics.

In the course of this continuous exchange of data between Häfele and LinkedIn, it cannot be ruled out that your personal data will be transferred to the USA, where LinkedIn has its headquarters. LinkedIn is certified under the Data Privacy Framework and therefore offers a level of data protection equivalent to the GDPR: https://www.dataprivacyframework.gov/list

We are jointly accountable with LinkedIn under data protection law for the collection of your usage data when you visit our website and the transmission of this data to LinkedIn, but LinkedIn is solely responsible for analysing your data, in particular for LinkedIn’s own purposes. We have no influence on how and to what extent LinkedIn uses the data. Further information on data processing by LinkedIn can be found here: https://de.linkedin.com/legal/privacy-policy.

If you are logged into your LinkedIn account, LinkedIn can assign the visit to our website and the user data collected to your account. We therefore recommend that you log out of your account before visiting our website.

The legal basis for the processing of your data is your consent in accordance with Art. 6 (1)(a) GDPR. You can withdraw your consent by changing the settings in the cookie consent tool. 

LinkedIn anonymises the data within 7 days. Your data will be deleted within 90 days. We, as site operators who use the LinkedIn Insight Tag, do not receive any personal data. Stored cookies will remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

3.18.  Data protection notice for competitions

Consent to the processing of personal data:

When you participate in the competition, we collect the following personal data from you: surname, first name, e-mail address. If you win, additional data is also collected (address).
In accordance with Article 6 (1) (a) GDPR, we process your data for participation in the competition, in particular for selection of the winner, winner notification, winner confirmation and shipment of prizes. This requires the provision of personal data.

Your personal data will be deleted as soon as it is no longer required for the stated purposes. This is usually the case after the competition has been completed, in particular sending of all the prizes. You can revoke the declaration of consent at any time as well as object to the further processing of your data at any time. The revocation can be sent, for example, by e-mail to info@haefele.de. Your data will be deleted immediately after receipt of the revocation. In the event of revocation of consent, participation in the competition and sending of prizes is no longer possible.

3.19. Häfele Learning Portal

To use our Häfele Learning Portal, you will need a customer account with an existing shared user account for the Häfele webshop. To run the learning processes (registration for training programmes, etc.), it may be necessary to provide personal information beyond what is stored in your Häfele account. Mandatory information for running the learning processes is indicated with “*” – other information is voluntary. We will use the information you provide in order to run the learning processes. The legal basis for this is Art. 6(1) 1st sentence (b) GDPR. The legal basis for the voluntary information is Art. 6(1)(a) GDPR. This consent may be revoked at any time.  

In addition, we will collect the registration and completion data for the individual courses in your customer account in order to provide you with the best possible advice and to ensure that our training services meet the needs and requirements of our customers. This also constitutes a legitimate interest pursuant to Article 6(1)(f) of the General Data Protection Regulation (GDPR). 

We will also process the data you provide so that we can send you emails from noreply@hafele-academy.com with information such as course confirmations. This information is necessary for facilitating the learning processes. The legal basis for this is Art. 6(1) 1st sentence (b) GDPR. 

You have the option of rating our courses anonymously or in a personalised manner. Your evaluation will help us to continuously improve our range of courses and adapt them to the needs and requirements of our customers. If you decide to rate our courses on a personalised basis, your first name and surname will appear next to your rating. No other data processing will take place. Your consent constitutes the legal basis for the data processing involved in the rating procedure. To exercise your right of cancellation, you can edit or delete your rating at any time. 

To prevent the unauthorised access of your personal data by third parties, the use of the Learning Management System is encrypted using SSL or TLS technology. If you disclose personal or commercial data via the contact forms, we will only use this within the purpose specified. The legal basis for this is your consent (Art. 6(1)(a) GDPR).  

In making our Häfele Learning Portal available to you, it is necessary to pass on data to other bodies, companies, legally independent organisational entities or persons. Potential recipients include, for example, service providers who are commissioned to provide the LMS. In such cases, we will adhere strictly to the legal requirements and conclude special contracts or agreements that guarantee the protection of your data. 

As a rule, your personal data relating to the Häfele Learning Portal will be stored in data centres in the EU or EEA. However, the possibility of your data being accessed in particular by service providers, agencies or companies based in the USA cannot be ruled out. If data processing activities take place in a third country, such data processing will only take place in accordance with the legal requirements.  

In this case, an adequacy decision applies to the transfer of data to the USA, as the service provider Cornerstone OnDemand is certified under the Data Privacy Framework. Moreover, to safeguard the transfer of data to other third countries for which there is no adequacy decision, standard contractual clauses of the EU Commission have been concluded, which can be accessed here.  

Your personal data will be stored for as long as your account exists, unless statutory retention periods apply. The term “account” refers to your user account and includes your LMS account. If you wish to delete your account, you can send this request by email to info@haefele.de or alternatively in writing to the sales department or your sales contact person. Deleting your webshop account automatically results in the anonymisation of your associated LMS account. This means that all personal data collected in connection with your previously linked account can no longer be traced back to you. 

LMS Cookie notice 

This website only uses technically essential cookies that are required for the website to function properly. These cookies do not store any personal information and are only used for the technical operation of the website. The legal basis for this is Art. 6(1)(f) GDPR. 

You can set and control the use of cookies in your browser. Please note that disabling technical cookies may affect the website’s ability to function properly. 

3.20. Running events

If you sign up for events organised by Häfele, we will use your data for registration and for organising and running the event. In particular, we will need your name, your contact details such as your address, e-mail address, telephone number and any necessary billing information. The legal basis for this is Art. 6(1) 1st sentence (b) GDPR.
 

4.    Transfer of data to third parties

We transfer your data to processors (service providers bound by instructions), i.e. companies that we commission to process data within the legally prescribed framework, Art. 28 GDPR (service providers, vicarious agents). In this case, Häfele will still remain responsible for the protection of your data (i.e. we are the “controller”). We have implemented legal, technical and organisational measures, alongside the performance of regular controls, to ensure that processors comply with the provisions of the data protection laws. We commission companies in the following fields in particular: IT, sales, marketing, finance, consulting, customer service, human resources, logistics, printing.

We also transfer your data to cooperation partners and service providers (‘partners’) who process personal data under their own responsibility and without instructions (e.g. suppliers and delivery services). This is the case if you commission the services of such partners through us or if you consent to the involvement of the partner or if another legal basis for the transfer of the data is applicable. Personal data is transferred within the Häfele Group for internal administrative purposes connected with centralised customer care and order processing. The legal basis for this is Art. 6(1)(f) GDPR. Häfele has instituted internal guidelines that oblige its companies to implement the technical/organisational measures for ensuring the security of data processing operations.

Finally, in certain cases, we have a legal obligation to provide certain data to public agencies if requested.

4.1 Cooperation with moebelplus

On this website you will find a link that will take you straight to the moebelplus sales platform at meineKüchengeräte.de. Please note that Häfele is no longer responsible for data processing under data protection law once you have been redirected to the registration page of the moebelplus sales platform. For information on how moebelplus processes data, please click here. In order to honour the cooperation agreement concluded between Häfele and moebelplus with regard to the sales platform meineKüchengeräte.de, it may be necessary to compare your customer data stored by Häfele with the registration data on the moebelplus sales platform. To this end, Häfele will share your customer master data record including your company customer number, company address and, if applicable, your company name with moebelplus. Häfele also receives confirmation of your registration from moebelplus, which Häfele uses to carry out evaluations for the purpose of commission payments and sales management. In the event that this makes it possible to draw conclusions about you as a natural person, the legal basis for this data processing is Art. 6(1)(f) GDPR (balancing of interests). Our legitimate interest and the legitimate interest of the third party (in this case moebelplus) is the fulfilment of our mutual cooperation agreement.

4.2 Collection services

We use a debt collection service provider for our receivables management activities. For this purpose, we only transfer the data that is absolutely necessary to the service provider. This includes

  • Name,
  • Address,
  • Telephone number,
  • Reason for the claim, and
  • Amount of the claim and due date.

The legal basis for the processing is Art. 6 (1)(b) GDPR (fulfilment of contract) or Art. 6 (1)(f) GDPR due to the legitimate interest in settling the claim.
 

5.    Length of the storage  

Unless otherwise described in this Data Protection Declaration, personal data will be erased once it has fulfilled its applicable, specified purpose, and there are no retention obligations preventing its erasure. Data is routinely erased following the expiry of the retention period, provided it is not needed for the initiation or fulfilment of a contract, and there is no other existing legal basis for the data processing. 

6.    Security of data processing

We maintain up-to-date technical and organisational measures for ensuring the security of the data processing operation, especially in order to protect your personal data from risks during data transfer and from becoming known to unauthorised third parties. These measures are modified in accordance with the current state-of-the-art, the need for protecting the personal data in question, and the risks to your rights and freedoms. Generally speaking, your data will be processed in Germany and within other European countries. If, in exceptional cases, your data is also processed in countries outside of the European Union (i.e. in “third countries”), this will take place to the extent that you have explicitly consented to it, or if it is necessary in order for us to deliver our service to you, or if it is stipulated by law (Art. 49 GDPR). Furthermore, your data will be processed in third countries only insofar as certain measures are in place to ensure that a reasonable level of data protection exists there (e.g. adequacy decision taken by the EU Commission or “appropriate safeguards”, Art. 44 et seqq. GDPR). 

7.    Rights of the data subject

You have the right

  1. to demand information concerning the categories of data processed, the purposes of the processing, any recipients of the data, the envisaged storage period (Art. 15 GDPR);
  2. to demand the rectification or augmentation of incorrect or incomplete data (Art. 16 GDPR); 
  3. to withdraw consent at any time, effective for the future (Art. 7 (3) GDPR);
  4. to object to the processing of your personal data on grounds relating to your particular situation (Art 21 (1) GDPR);
  5. in certain cases defined in Art. 17 GDPR, to demand the erasure of data - especially insofar the personal data is no longer necessary for the envisaged purpose or if it is processed unlawfully, or if you withdraw your consent in accordance with (3) above, or if you have stated your objection in accordance with (4) above; 
  6. under certain conditions, to demand the restriction to the processing of data, insofar as it is not possible to erase it, or the obligation to erase disputed (Art. 18 GDPR);
  7. to data portability, i.e. you are entitled to receive the personal data concerning you, which you provided to us, in a commonly used machine-readable format, such as CSV, and, where relevant, to transmit it to others (Art. 20 GDPR);
  8. to object to the competent data processing supervisory authority regarding the processing of your personal data; the competent supervisory authority in this case is the Data Protection Commissioner of Baden-Württemberg (https://www.baden-wuerttemberg.datenschutz.de/).

8.    Amendment of the Data Protection Declaration

We reserve the right to amend this Data Protection Declaration in accordance with relevant changes to the law or the services we offer. Older versions shall remain accessible.

9.    Data protection information for job applicants

When you provide us with your application documents and your personal data, we will process your data in the course of the application process. The legal basis for processing this data is Section 26 (1) of the German Federal Data Protection Act (BDSG).

Rights of the data subject
In accordance with the GDPR and the BDSG, you are entitled to be kept informed about what personal data we have stored in connection with you, and to have this data corrected or erased, to have restrictions placed on the processing and to make requests regarding its portability. If you wish to exercise your rights, please feel free to contact our Data Protection Officer.

Your application documents will be forwarded to the specialist departments involved in the application process. Your application documents will not be disclosed to anyone else.
 
Your data will be erased after 6 months at the latest, or it will be transferred to the personnel administration department at Häfele if your application is successful. Your specific consent shall be required for retaining your application in our pool of applicants, or to forward it to other companies within the Häfele Group.

 

Nagold, 05.05.2025

Häfele headquarters

Häfele SE & Co KG
Adolf-Häfele-Str. 1
72202 Nagold
Germany

Tel:  +49 (0) 74 52 / 95 - 0
Fax: +49 (0) 74 52 / 95 - 2 00

E-mail: info@haefele.de

Any questions?

Do you have questions about our general business terms & conditions, the terms of use or on the topic of data protection? Do not hesitate to contact us.