Social Media

Imprint Privacy Statement Social Media

Social Media data protection statement

As at: December 1th, 2023
 

We appreciate your interest in our social media presences and are glad that you are visiting them. This data protection statement covers our social media presences on Instagram, X, YouTube Xing and Facebook (hereinafter referred to as "social media platform") and the pages operated there (each referred to as "social media page" in the following). This specifically pertains to the following presences:

 

In the following, we inform you in detail about the processing of your personal data and about your rights as a data subject in the use of our social media pages.

Personal data means:

any information which relates to an identified or identifiable natural person; a natural person is deemed to be identifiable if he or she can directly or indirectly be identified, in particular by allocating an identifier such as a name to a code number, to location information, to online identification data or to one or more special features which express the natural person’s physical, physiological, genetic, mental, economic, cultural or social identity.

1. Data controller

The data controllers for the data processing as defined by the GDPR are:

Heckler & Koch GmbH, Heckler & Koch-Straße 1, 78727 Oberndorf a. N., Germany, Tel: +49 (0)7423 79-0, Fax: +49 (0)7423 79-2350, hkinfoboard@heckler-koch-de.com, www.heckler-koch.com.

Aside from us, the respective operator of the social media platform in question (hereinafter referred to as the "Provider") is also responsible for data processing on our social media page. These are:

  • for the YouTube platform: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"),
  • for the Xing platform: XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland (hereinafter "Xing"),
  • for the Facebook platform: Meta Platforms Limited, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (hereinafter "Instagram"),
  • for the Facebook platform: Meta Platforms Limited, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (hereinafter "Facebook"),
  • for the X platform: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (hereinafter "Twitter").

2. Contact information and data protection officers:

Our data protection officer:

Marc Stolz, Hopp + Flaig PartG mbB, Beratende Ingenieure, Neue Weinsteige 69/71, 70180 Stuttgart, E-Mail stolz@hopp-flaig.de, Tel.: +49 (0)711 320 657-0

Data protection officers of the social media providers:

For Instagram:

You can reach the data protection officer of Instagram using the online contact form provided: https://de-de.facebook.com/help/contact/540977946302970.

For Facebook:

You can reach the data protection officer of Facebook using the online contact form provided: https://de-de.facebook.com/help/contact/540977946302970

For X (formerly Twitter):

You can reach the data protection officer of X using the online contact form provided: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp?lang=de.

For Xing:

You can reach the data protection officer of Xing by E-mail at datenschutzbeauftragter@xing.com or by post at the following address: Data protection officer, c/o XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

For YouTube:

You can reach the data protection officer of Google using the online contact form provided:  https://support.google.com/policies/troubleshooter/7575787.

3. General information about the social media platform

Please be aware that you assume sole responsibility for your use of our social media page and its functions, as well as the social media platform on the whole. This applies in particular to the use of interactive functions (such as liking, following, commenting, sharing, rating).

The decisive factors in your use of the Xing platform as well as data processing by Xing are primarily the general terms and conditions (https://www.xing.com/terms) as well as the data protection statement (https://privacy.xing.com/de/datenschutzerklaerungof Xing.

The decisive factors in your use of the Instagram platform as well as data processing by Instagram (the META Group) are primarily the terms of use (https://help.instagram.com/581066165581870) as well as the data protection policy (https://help.instagram.com/519522125107875of Instagram.

The decisive factors in your use of the Facebook platform as well as data processing by Facebook (the META Group) are primarily the terms of use terms of use https://de-de.facebook.com/legal/terms?ref=pf as well as the data protection policy (https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0of Facebook and the joint-controller addendum https://de-de.facebook.com/legal/terms/page_controller_addendum

The decisive factors in your use of the X platform as well as data processing by X are primarily the general terms and conditions (https://twitter.com/de/tos) as well as the data protection policy (https://twitter.com/de/privacyof X.

The decisive factors in your use of the YouTube platform as well as data processing by Google are primarily the YouTube terms of use (https://www.youtube.com/t/terms) as well as the data protection policy of Google (https://policies.google.com/privacy), which also covers the YouTube platform.

We are not able to influence the collection of data and further use thereof by the provider. This also applies to the scope, location of data processing and duration of data storage. We also have no knowledge of nor influence on the implementation of legal deletion obligations, the extent to which the provider complies with existing deletion obligations, what evaluations and links are made with the data and which parties the data is transferred to.

For that reason, please always be sure to check what personal information (personal data) you disclose about yourself as a user on the social media platform in question.

Please refrain from transferring confidential information (such as application documents or bank or payment data) over our social media page.

If you would like to learn about our company without using the social media platform, you can also access much of the information provided over our social media page on our website as an alternative https://www.heckler-koch.com/.

4. Type, extent, purposes and legal bases of the processing of your personal data:

We operate our social media page to inform users and visitors about our company as well as to interact with them.

Unless otherwise described in the following, your personal data is processed on the basis of our legitimate interests (Article 6(1)(f) GDPR) in the efficient operation, optimisation and usage analysis of our social media page and for communication with visitors to the social media page. Conducting advertising activities over the social media platform also constitutes our legitimate interest.

In some cases, our social media page can also be used without logging in to the social media platform. Personal data can be processed even if you do not log in to the social media platform.

The following provides you with an overview of the type, extent, purposes and, if applicable, specific legal bases of automatic data processing in the use of our social media page.

Usage analysis

In connection with the operation of our social media pages, we use the “Insight” or “Analytics” function of the social media platform, through which the provider provides us with statistical data on the use of our social media page. This data is anonymous to us, so we are not able to view personal data of individual users or visitors. We do not know the details on which data the provider draws upon for usage analysis in connection with our social media page.

  • From X, we receive aggregated data on the following areas in particular: reach (e.g. active viewers, video thumbnail impressions), interactions (e.g. clicks, shares), target group (e.g. demographic/geographic information, previously visited pages or videos, audience engagement).
  • From YouTube, we receive aggregated data on the following areas in particular: number of impressions, profile visits and followers (including increases and developments over time)..
  • From Xing, we receive aggregated data on the following areas in particular: Reach (impressions), interactions ([link] clicks, likes, shares, comments), target group (demographic/geographic information, previously visited websites).
  • From Instagram, we receive aggregated data on the following areas in particular: activities (e.g. interactions such as profile visits and website clicks or the number of people who see content and where they can find it), content (evaluations of posts, stories and promotions) and target group (demographic information on subscribers and other visitors).
  • From Facebook, we receive aggregated data on the following areas in particular: activities (e.g. interactions such as profile visits and website clicks or the number of people who see content and where they can find it), content (evaluations of posts, stories and promotions) and target group (demographic information on subscribers and other visitors).
 

Cookies

The provider uses cookies as well as cookie-like technologies, which generally means small files that are stored on your end device (hereinafter referred to as "cookies") in order to offer you a comprehensive range of functions, make use more convenient for you and to optimise its offerings, among other things. The data obtained via cookies are saved and processed by the provider immediately. We ourselves do not have have access to this data, nor are we able to influence how the provider uses it.

Information obtained via cookies may be used by the provider within the social media platform as well as in other provider services and in services of third parties that use the provider’s services to create usage profiles for market research and advertising purposes. In the process, your usage behaviour and resulting interests are taken into account in particular. In this context, the provider may allow partners or even third parties to use this data to place advertisements within and outside the social media platform, for example. If you use the social media platform on multiple end devices, the collection and evaluation can also take place across devices, especially if you are logged in as a user.

Specific information on the type, scope, purposes, legal basis and possibilities for objection ("opt-out" options) for the use of cookies by the provider in question can be found under the following links:

 

If you do not want cookies and/or cookie-like technologies to be used, you can also prevent them from being stored on your end device by selecting the appropriate settings on your end device and/or internet browser or by using separate opt-out options. Please note that this may limit the functioning and range of functions of our social media page.

Contact over our social media page

Should you contact us directly over our social media page (e.g. by way of a personal message, messenger or form), we will only process the personal data you provide this way for communication purposes within the scope of your enquiry. Data transfer to other internal systems does not take place.

If we request a voluntary declaration of consent from you, this data processing takes place based on Article 6(1)(a) GDPR.

If a contractual relationship is being entered into, your personal data which is transmitted by direct contact via the social media platform, is processed on the legal basis of Article 6(1)(b) GDPR.

If you contact us directly through a job posting, in particular through our Xing page, and provide us with information about yourself, we will delete your queries from the social media platform immediately.

Interest-based advertising

We are capable of using demographic and geographic analyses of our target groups provided to us by the provider to place interest-based advertisements on our social media page or to boost our posts in a targeted manner, albeit without gaining direct knowledge of the identity of the user or visitor to whom the advertisements are displayed. In this case, the advertisements or boosted posts are displayed on our social media page based on an analysis of previous usage behaviour by the provider, in which we only have anonymised or pseudonymised information that does not regularly allow us to identify you personally and is not merged with any personal data we may have stored at any time.

If, in exceptional cases, we intended to carry out an expanded comparison with customer lists in the scope of interest-based advertising, this would only be done with your voluntary consent (Article 6(1)(a) GDPR).

 

User interactions

The functioning of a social media platform allows us to gain knowledge of the users who like, subscribe to, rate, comment on or share our social media page as well as our posts, if you have made your interaction on the social media platform public and have not explicitly marked it as "private" using the relevant settings on the social media platform. We analyse this information in aggregated form to provide our users and visitors with more relevant content that may be of greater interest to you. This does not allow any conclusions about a natural person to be made.

You as a user have the option to actively hide your "posts," "tweets," "rated videos," "subscriptions," "followers" or other profile information in your respective social media profile, or to stop following or subscribing to our social media page. In this case, you will no longer appear in the list of followers or subscribers of this social media page.

5. Internal and external transfer of your personal data  

Your personal data will only be transferred internally for the fulfilment of contractual obligations or other tasks in connection with the aforementioned purposes.

Your personal data may be transferred externally under the following circumstances:

  • Commissioning a subcontractor (third-party processor, if applicable) to fulfil the tasks of the data controller.
  • Commissioning supporting services in which access to your personal data is necessary, or at least cannot be completely ruled out. These include IT support, invoicing services or the use of tax consulting services.
  • Transfer of your personal data due to legal obligations
  • Wear Obtaining information from credit agencies
  • Wear Transfer of personal data through automated matching with databases in export controls
 

Transfer of your personal data by the relevant social media provider

Information on the transfer of your personal data by the relevant social media provider can be found under the following links:

6. Transfer of your personal data to a non-member state or international organisation (outside the scope of the GDPR)

As a rule, we do not transfer your personal data to countries outside the scope of the GDPR (including organisations operating internationally). Should data be transferred nonetheless (e.g. in the case of software applications or other IT services whose manufacturers are based in a country outside the scope of the GDPR), this would only take place if a suitable EU adequacy decision or other appropriate safeguards (e.g. EU standard contractual clauses plus any additional measures there may be) are in place. You have the right to receive further detailed information on this and on suitable guarantees. You can request the desired information under the contact details of our data protection officer (see No. 2).

Data processing by the relevant social media provider also regularly takes place in non-member states outside the EU/EEA, such as the USA in particular. You can find further information on this in the respective data protection information of the relevant social media provider (please see Point 12 of this data privacy statement).

7. Storage period and deletion of your personal data

Legislative authorities have enacted a great number of retention periods, which we observe with the utmost care and are advised on how to best comply with. As a general rule, we only store your personal data for as long as is permitted by the defined purpose or as required by law for evidentiary reasons. Should we intend store your data for longer than previously described, we would ask you for a voluntary declaration of consent.

As a general rule, we have no influence over how the social media providers save or delete your data on the social media platform. You can find further information under the following links:

8. Right to access, erasure, rectification, objection and restriction of processing of your personal data

You have the right to demand confirmation from us as to whether personal data concerning you will be processed. If this is the case, you will have the right to access this personal data and to the following information:

  • the purposes of processing
  • the categories of personal data which are processed
  • the recipients or categories of recipients to whom your personal data has been or will be disclosed, in particular in the case of recipients in non-EU member states or international organisations
  • if possible, the planned duration for which your personal data will be saved or, if this is not possible, the criteria for the determination of this duration
  • the existence of a right to the correction or deletion of the personal data concerning you or to the restriction of processing by us or the existence of a right to object to this processing
  • the existence of the right to file a complaint with a supervisory authority
  • if the personal data are not collected from the data subject, all available information about the origin of the data
  • if automated decision-making is carried out, including profiling (significant information about the logic involved and the scope and intended effects of such processing for your person).

If your personal data is transferred to a non-member state or to an international organisation, you have the right to be informed of suitable “guarantees” to ensure an adequate level of data protection in connection with the transfer.

We will provide you with a free copy of the personal data which is the subject of the processing. We may charge a reasonable fee based on administrative costs for any additional copies you request. If you place the request in electronic form, you will receive the information in a conventional electronic format, unless you specify otherwise.

The right to receive a copy may be restricted if this compromises the rights and freedoms of other persons.

You have the right to demand us to rectify any incorrect personal data concerning you. You are entitled to demand the completion of incomplete personal data – also by way of a supplementary declaration – in observance of the purpose of processing. You are welcome to contact our data protection officer to exercise this right.

You are entitled to request the deletion of your personal data stored by us if one of the following criteria is met:

  • The personal data is no longer necessary to fulfil the purpose agreed upon.
  • You withdraw a voluntary declaration of consent you have given (however, this has no effect on the lawfulness of the processing carried out on the basis of the consent up to the time of revocation).
  • Your personal data was previously being processed unlawfully.
  • There is a legal obligation for deletion.
  • The personal data was collected in relation to information society services offered (persons under 16 years of age).
 

You furthermore have the right to demand us to restrict processing if one of the following prerequisites applies:

  • You dispute the correctness of the personal data for a duration which makes it possible for us to check the correctness of the personal data.
  • The processing is unlawful and you reject the deletion of your personal data and demand the restricted use of your personal data instead.
  • If we no longer require the personal data for the purposes of processing, but you require it to assert, exercise or defend legal claims.
  • If you have objected to the processing, as long as it has not yet been determined whether our legitimate reasons outweigh yours.

9. Right to data portability

You have the right to receive the personal data we store about you, if said data is processed in an automated procedure, in a structured, conventional and machine-readable format.

You furthermore have the right to transfer this data to another data controller to whom the personal data has been provided without being hindered by us.

In exercising your right to data portability, you have the right to effect that the personal data is transferred directly from us to another data controller, as long as doing so is technically feasible.

The right to data portability can be restricted if exercising this right would compromise the rights or freedoms of other persons.

10. Right of revocation for consents and continuation of consents granted

If we process personal data about you on the basis of a declaration of consent, you have the right to revoke the consent granted. However, this has no effect on the lawfulness of the processing carried out on the basis of the consent up to the time of revocation. Point 7 of this data protection statement must also be observed with regard to compliance with storage periods.

11. Right to complain to the supervisory authority

If you see the need to file a complaint with the competent supervisory authority, you have the right to do so at any time.

The contact details of the competent supervisory authority are as follows:

Der Landesbeauftragte
für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart

Telephone: 0711/615541-0
Fax: 0711/615541-15
eMail: poststelle@lfdi.bwl.de

12. Rights of data subjects towards the relevant social media platform

You can also assert all the rights of data subjects described in point No. 10 of this data protection statement towards the provider of the social media platform in question. We recommend you to address requests for information and the assertion of other data subject rights regarding our social media pages to the provider directly. After all, as the operator of the social media platform, only the provider has direct access to the necessary information and is able to provide information and take any necessary measures.

You can find out how to assert your rights as data subject towards the provider in question in

 

As an Instagram user, you can make adjustments in the Instagram data protection settings (https://www.instagram.com/accounts/privacy_and_security) in particular. You can find more information on this directly on the Instagram platform: https://help.instagram.com/116024195217477.

As an Facebook user, you can make adjustments in the Facebook data protection settings (https://www.facebook.com/login/?next=%2Fsettings%2Fprivacy%2F&ref=%2Fsettings%2Fprivacy%2F ). You can find more information on this directly on the Facebook platform: https://www.facebook.com/privacy/center/.

As a Twitter user, you can make adjustments in the Twitter data protection settings (https://twitter.com/settings/safety) in particular.

As a YouTube user, you can make adjustments in the YouTube data protection settings (https://www.youtube.com/account_privacy) in particular, as well as in the Google data protection settings (https://policies.google.com/privacy#infochoices), which also cover YouTube.

As a Xing user, you can make adjustments to the display, retrievability, visibility of activities, contact lists and messages in the Xing data protection settings (https://www.xing.com/settings/privacy/profile).

13. Links to third-party offers

Social media pages, websites and services of other providers linked to from our social media page have been and are designed and provided by third parties. We have no influence on the design, content and functioning of these third-party providers and dissociate ourselves from all content of all linked third-party offers.

Please note that the third-party offers linked from our social media page could install their own cookies on your end device and may collect personal data. We have no influence over this. Details on the data controller in question can be found in their legal notice and data privacy statement.

14. Revision status

As of 14.12.2022. The current version of this data privacy statement applies.