Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Hirmer Verlag GmbH, Bayerstr. 57-59, 80335 Munich, Germany, Tel.: +49 (0)89/121516-0, Email: info@hirmerverlag.de. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 The controller has appointed a data protection officer, who can be contacted as follows: “Alexandra Bilyk – Email: datenschutz@hirmerverlag.de”

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to the page server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you accessed the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or otherwise used. However, we reserve the right to subsequently review the server log files if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

For the hosting of our website and the display of the page content, we use a provider that performs its services itself or through selected subcontractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), while others remain on your device for a longer period and enable the storage of page settings (so-called “persistent cookies”). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either for the performance of the contract, in accordance with Art. 6 (1) lit. a GDPR in the case of consent given, or in accordance with Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

5) Contacting Us

When contacting us (e.g. via contact form or email), personal data is processed exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

6) Data Processing When Opening a Customer Account

In accordance with Art. 6 (1) lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required for account opening can be found in the input mask of the corresponding form on our website.

Deletion of your customer account is possible at any time and can be carried out by sending a message to the above-mentioned address of the controller. After deletion of your customer account, your data will be deleted provided that all contracts concluded via it have been fully processed, no statutory retention periods prevent deletion and there is no legitimate interest on our part in further storage.

7) Use of Customer Data for Direct Marketing

7.1 Subscription to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters after you have expressly confirmed your consent to receive the newsletter by clicking a verification link sent to the specified email address.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) lit. a GDPR. In doing so, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later point in time. The data collected by us when registering for the newsletter is used strictly for its intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.

7.2 Sending the email newsletter to existing customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. In this respect, we do not need to obtain separate consent from you in accordance with Section 7 (3) UWG. Data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 (1) lit. f GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you any emails.

You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller named at the beginning. For this, you will only incur transmission costs according to the basic tariffs. After receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.

7.3 CleverReach

Our email newsletters and other promotional email communication are sent via this provider: CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany

On the basis of our legitimate interest in effective and user-friendly email marketing, we pass on the data you provided when registering to this provider in accordance with Art. 6 (1) lit. f GDPR so that they can send emails on our behalf.

Subject to your express consent in accordance with Art. 6 (1) lit. a GDPR, the provider also carries out statistical success evaluations of email campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with the content of the newsletter. Device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets.

You can revoke your consent to email tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

7.4 Advertising by postal mail

On the basis of our legitimate interest in personalized direct advertising, we reserve the right to store your first and last name, your postal address and – if we have received this additional information from you as part of the contractual relationship – your title, academic degree, year of birth and your professional, industry or business designation in accordance with Art. 6 (1) lit. f GDPR and to use it for sending interesting offers and information about our products by postal mail.

You can object to the storage and use of your data for this purpose at any time.

8) Data Processing for Order Handling

8.1 To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data you provided when placing the order in order to inform you personally within the scope of our legal information obligations in accordance with Art. 6 (1) lit. c GDPR. Your contact data is used strictly for notifications about updates owed by us and is processed by us only to the extent necessary for the respective information.

To process your order, we also cooperate with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.2 Shopware

We use the following provider for order processing: shopware AG, Ebbinghoff 10, 48624 Schöppingen

Name, address and, if applicable, other personal data are passed on to the provider exclusively for the purpose of processing the online order in accordance with Art. 6 (1) lit. b GDPR. Your data will only be passed on insofar as this is actually necessary for processing the order.

8.3 Transfer of personal data to shipping service providers

DPD

We use the following provider as our transport service provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany

We pass on your email address and/or telephone number to the provider in accordance with Art. 6 (1) lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification, provided that you have given your express consent for this during the order process. Otherwise, we only pass on the name of the recipient and the delivery address to the provider for the purpose of delivery in accordance with Art. 6 (1) lit. b GDPR. The data is only passed on insofar as this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.

Consent can be revoked at any time with effect for the future vis-à-vis the controller named above or the provider.

DPD Austria

We use the following provider as our transport service provider: DPD Direct Parcel Distribution Austria GmbH, Arbeitergasse 46, Leopoldsdorf 2333, Austria

Consent can be revoked at any time with effect for the future vis-à-vis the controller named above or the provider.

8.4 Use of payment service providers (payment services)

TeleCash by fiserv

One or more online payment methods from the following provider are available on this website: TeleCash by fiserv – First Data GmbH, Marienbader Platz 1, 61348 Bad Homburg v. d. Höhe, Germany

If you select a payment method from the provider for which you make advance payment (e.g. credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR. Your data will only be passed on in this case for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

Paypal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider for which you make advance payment, your payment data provided during the ordering process (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to the provider in accordance with Art. 6 (1) lit. b GDPR. Your data will only be passed on in this case for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method for which we make advance payment, you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data on an alternative payment method).

In such cases, in order to safeguard our legitimate interest in determining your creditworthiness, we will forward this data to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f GDPR. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the selected payment option can be granted with regard to payment and/or default risks.

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, is included in the calculation of the score values.

You can object to this processing of your data at any time by sending us a message or contacting the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

8.5 Sanctions list screening

In the context of initiating business relationships and processing orders, we reserve the right to compare the personal data you provide with those from sanctions lists of the European Union and/or its individual member states and to decide on the establishment of a business relationship or the execution of the order based on the results of this comparison.

This data processing is carried out in accordance with Art. 6 (1) lit. c GDPR due to our legal obligation to verify and ensure that we do not enter into business relationships with sanctioned natural or legal persons and thus prevent the provision of resources to such persons.

9) Web Analytics Services

Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), which enables analysis of your use of our website.

By default, Google Analytics 4 sets cookies when you visit the website, which are stored as small text elements on your device and collect certain information. This information also includes your IP address, which is shortened by Google by the last digits in order to exclude direct personal reference.

The information is transmitted to Google servers and further processed there. Transfers to Google LLC based in the USA are also possible.

Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide other services related to website and internet usage. The shortened IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. The data collected in the context of the use of Google Analytics 4 is stored for a period of two months and then deleted.

All processing described above, in particular the setting of cookies on the device used, only takes place if you have given us your express consent in accordance with Art. 6 (1) lit. a GDPR.

Without your consent, Google Analytics 4 will not be used during your visit to the website. You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the “cookie consent tool” provided on the website.

We have concluded a data processing agreement with Google that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and https://policies.google.com/technologies/partner-sites

Demographic characteristics

Google Analytics 4 uses the special function “demographic characteristics” and can create statistics that provide information about the age, gender and interests of website visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups for marketing activities to be identified. However, the collected data cannot be assigned to a specific person and is deleted after being stored for a period of two months.

Google Signals

As an extension of Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics in accordance with Art. 6 (1) lit. a GDPR, analyze your usage behavior across devices and create database models, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can deactivate the “Personalized Advertising” function in the settings of your Google account. Follow the instructions on this page: https://support.google.com/My-Ad-Center-Help/answer/12155764?hl=de

Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de

UserIDs

As an extension of Google Analytics 4, the “UserIDs” function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a GDPR, created an account on this website and log in to this account on different devices, your activities, including conversions, can be analyzed across devices.

Collection of user-provided data

To improve analysis results for users whose contact data we have received as part of business or business-like relationships, we use the function “collection of user-provided data”.

Subject to your express consent in accordance with Art. 6 (1) lit. a GDPR, we transmit one or more files with aggregated customer data relating to you (especially email address and telephone number) electronically to Google as part of this function. Google does not receive access to plain data, but automatically encrypts the information in the customer files during the transmission process using a special algorithm. The encrypted information can then only be used by Google to assign it to existing Google accounts that the data subjects have created.

The processing serves to refine measurement data, improve cross-device user tracking and enables the integration of analysis results into ad personalization and conversion tracking functions of Google Ads.

You can revoke your consent at any time with effect for the future. Further information on Google’s data protection measures regarding the transfer of customer data can be found here: https://support.google.com/google-ads/answer/6334160?hl=de&ref_topic=10550182

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission.

10) Website Functionalities

10.1 Facebook plugins

Plugins of the social network of the following provider are used on our website: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using a so-called “2-click” or “Shariff” solution.

This integration ensures that when a page of our website containing such plugins is accessed, no connection to the provider’s servers is established.

Only when you activate the plugins and thereby give your consent to data transmission in accordance with Art. 6 (1) lit. a GDPR, your browser establishes a direct connection to the provider’s servers. In doing so, certain information about your device (including your IP address), your browser and your page history is transmitted to the provider and may be further processed there, regardless of whether you are logged into an existing user profile.

If you are logged into an existing user profile on the provider’s social network, information about interactions carried out via the plugins will also be published there and displayed to your contacts.

You can revoke your consent at any time by deactivating the activated plugin again by clicking on it. However, the revocation does not affect the data that has already been transmitted to the provider.

Data may also be transferred to: Meta Platforms Inc., USA

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

10.2 Instagram plugins

Plugins of the social network of the following provider are used on our website: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using a so-called “2-click” or “Shariff” solution.

This integration ensures that when a page of our website containing such plugins is accessed, no connection to the provider’s servers is established.

Data may also be transferred to: Meta Platforms Inc., USA

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

10.3 LinkedIn plugins

Plugins of the social network of the following provider are used on our website: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

These plugins enable direct interactions with content on the social network.

To increase the protection of your data when visiting our website, the plugins are initially deactivated and integrated into the page using a so-called “2-click” or “Shariff” solution.

This integration ensures that when a page of our website containing such plugins is accessed, no connection to the provider’s servers is established.

Data may also be transferred to: LinkedIn Inc., USA

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For the transfer of data to the USA, the provider relies on standard contractual clauses of the European Commission to ensure compliance with the European level of data protection.

10.4 Applications for job postings via email

On our website, we publish currently vacant positions in a separate section, for which interested parties can apply by email to the contact address provided.

Applicants must provide all personal data required for a well-founded assessment, including general information such as name, address and contact details, as well as performance-related evidence and, if applicable, health-related information. Details on the application can be found in the respective job posting.

After receipt of the application by email, the data will be stored and evaluated exclusively for the purpose of processing the application. In the event of queries, we will use either the applicant’s email address or telephone number. Processing is carried out on the basis of Art. 6 (1) lit. b GDPR (or § 26 (1) BDSG), within the meaning of which the application process is considered as initiation of an employment relationship.

If special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as information on severe disability) are requested from applicants as part of the application process, processing is carried out in accordance with Art. 9 (2) lit. b GDPR so that we can exercise the rights arising from labor law and the law of social security and social protection and fulfill our obligations in this regard.

Cumulatively or alternatively, the processing of special categories of data may also be based on Art. 9 (1) lit. h GDPR if it is carried out for purposes of preventive health care or occupational medicine, for the assessment of the applicant’s working capacity, for medical diagnostics, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector.

If the applicant is not selected or withdraws their application prematurely, the transmitted data as well as all electronic correspondence including the application email will be deleted no later than 6 months after a corresponding notification. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, fulfilling our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be processed on the basis of Art. 6 (1) lit. b GDPR (in Germany in conjunction with § 26 (1) BDSG) for the purpose of implementing the employment relationship.

11) Tools and Miscellaneous

Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies requiring consent and cookie-based applications. The “cookie consent tool” is displayed to users when they access the page in the form of an interactive user interface, on which consent for certain cookies and/or cookie-based applications can be given by ticking boxes. By using the tool, all cookies/services requiring consent are only loaded if the respective user has given their consent by ticking the appropriate box. This ensures that such cookies are only set on the user’s device if consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

Another legal basis for processing is Art. 6 (1) lit. c GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user’s consent.

If necessary, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

12) Rights of the Data Subject

12.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective requirements for exercise:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to notification pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent granted pursuant to Art. 7 (3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A BALANCING OF INTERESTS BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING MAY BE RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

13) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing and – if applicable – additionally by the respective statutory retention period (e.g. commercial and tax law retention periods).

When processing personal data on the basis of explicit consent in accordance with Art. 6 (1) lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that are processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) lit. b GDPR, these data will be routinely deleted after expiry of the retention periods, provided that they are no longer required for the fulfillment or initiation of the contract and/or we no longer have a legitimate interest in further storage.

When processing personal data on the basis of Art. 6 (1) lit. f GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) lit. f GDPR, these data will be stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.