Imprint & Data Pri­vacy Protection



Harro Höfliger Ver­pack­ungs­maschinen GmbH Helmholtzs­traße 4 71573 Allmers­bach im Tal Phone: +49 7191 501–0 Telefax: +49 7191 501‑5244 E‑Mail: Home­page:

Man­aging directors

Thomas Weller, Uwe Amann, Peter Claußnitzer, Hein­rich Haven­stein, Thomas Heckner, Alexander Herb

Court of register

Court of dis­trict Stuttgart HRB-Nr. 270490 Ust.Id.-Nr.: DE 144693557


Copy­right Harro Höfliger Ver­pack­ungs­maschinen GmbH. All rights reserved. The con­tent of this web­site is pro­tected by copy­right. The repro­duc­tion, mod­i­fi­ca­tion, dis­tri­b­u­tion or storage of infor­ma­tion or data, in par­tic­ular of texts or images, requires the prior consent.


Thomas Weller, CEO

Edi­to­rial team:

Rose­marie Christ, Michael Waghub­inger, Markus von Mallinck­rodt, Kevin Perri, Monika Unkel­bach (Die Mag­a­ziniker GmbH)

Con­cept and design:

Heike Moll

Edi­to­rial assistance:

Dr. Karl­heinz Seyfang

Con­cept and implementation:

Die Mag­a­ziniker GmbH  

Data Pri­vacy Protection

Harro Höfliger thanks you for your visit to our web­site and the interest you have shown in our com­pany and prod­ucts. The pro­tec­tion of your per­sonal data is very impor­tant for us. Harro Höfliger Ver­pack­ungs­maschinen GmbH (here­after referred to as “Harro Höfliger GmbH”, “we”, or “us”) values the safety of users’ data, as well as com­pli­ance with legal pro­vi­sions related to data protection.

Harro Höfliger GmbH web­sites may con­tain links to the web­sites of other providers not cov­ered by this Pri­vacy State­ment. The data that oper­a­tors of these sites may col­lect is beyond our knowl­edge and ability to influ­ence. You can obtain infor­ma­tion from the pri­vacy notice of the respec­tive site.

In the fol­lowing doc­u­ment, we will inform you in detail about how we handle your data.


The Pri­vacy State­ment is based on the ter­mi­nology used in the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR).

  • “Per­sonal data” are all infor­ma­tion that relate to an iden­ti­fied or iden­ti­fi­able indi­vidual (here­after referred to as a “data sub­ject”) (Article 4(1) GDPR). Your per­sonal data include infor­ma­tion such as your basic infor­ma­tion (first and last name, address and date of birth), your con­tact infor­ma­tion (tele­phone number, email address), billing data (bank account infor­ma­tion), and much more.
  • “Pro­cessing” is any oper­a­tion or set of oper­a­tions per­formed on per­sonal data, whether or not by auto­mated means, such as col­lec­tion, recording, orga­ni­za­tion, struc­turing, storage, adap­ta­tion or alter­ation, retrieval, con­sul­ta­tion, use, dis­clo­sure by trans­mis­sion, dis­sem­i­na­tion or oth­er­wise making avail­able, align­ment or com­bi­na­tion, restric­tion, era­sure or destruction.
  • The “data sub­ject” is any iden­ti­fied or iden­ti­fi­able indi­vidual whose per­sonal data are processed by the controller.
  • The “con­troller” is the indi­vidual or legal entity, public authority, agency or other body that, either alone or jointly with others, decides on the pur­poses and means of the pro­cessing of per­sonal data. If the objec­tives and means of this pro­cessing are pre­scribed by Euro­pean Union or Member State law, the con­troller or the spe­cific cri­teria for their nom­i­na­tion may be pro­vided for under Union or Member State law.
  • The “processor” is an indi­vidual or legal entity, public authority, agency or other body that processes per­sonal data on behalf of the controller.
  • The “recip­ient” is an indi­vidual or legal entity, public authority, agency or other body, to which the per­sonal data are dis­closed, whether it is a third party or not. How­ever, public author­i­ties that may receive per­sonal data in the con­text of a par­tic­ular inquiry in accor­dance with Union or Member State law are not regarded as recipients.
  • A “third party” is an indi­vidual or legal entity, public authority, agency or body other than the data sub­ject, con­troller, processor or per­sons who, under the direct authority of the con­troller or processor, are autho­rized to process per­sonal data.
  • “Con­sent” is any informed and unam­biguous indi­ca­tion of the data sub­ject’s wishes given vol­un­tarily by the data sub­ject for the spe­cific case in the form of a state­ment or by a clear affir­ma­tive action, by which the data sub­ject sig­ni­fies that he or she agrees to the pro­cessing of per­sonal data relating to him or her.

Col­lec­tion and pro­cessing of per­sonal data

In prin­ciple, it is pos­sible to use our web­site without pro­viding any per­sonal data. To the extent that you wish to make use of cer­tain ser­vices offered by our com­pany via our web­site, the pro­cessing of per­sonal data may become nec­es­sary. If the pro­cessing of per­sonal data is nec­es­sary and no legal basis exists for such pro­cessing, we gen­er­ally obtain con­sent from the data subject.

Anony­mous data col­lec­tion (server log files)

You can visit our site without actively giving infor­ma­tion about your person. How­ever, we do store access data every time the web­site is accessed (server log files), which include the name of your Internet ser­vice provider, the oper­ating system used, the web­site from which you visit us and the dura­tion of your visit or the name of the file requested. For secu­rity rea­sons (e.g. rec­og­nizing attacks on our web­sites), we also store the IP address of the com­puter used for a period of 60 days. These data are assessed exclu­sively for the improve­ment of our ser­vice and do not permit any infer­ences about your person. These data are not com­bined with other data sources. The legal basis for data pro­cessing is Article 6(1) GDPR. We process and use the data for the fol­lowing pur­poses: 1. Pro­viding the Harro Höfliger GmbH web­site, 2. Improving our web­site and 3. Pre­venting and detecting errors/malfunctions, as well as misuse of the web­site. This kind of data pro­cessing is under­taken either in ful­fill­ment of the agree­ment regarding the use of the Harro Höfliger GmbH web­site, or because we are pur­suing a legit­i­mate interest in the func­tion­ality and error-free oper­a­tion of the Harro Höfliger GmbH web­site, as well as cus­tomizing this web­site to user requirements.

Use of cookie tracking

In order to dis­play our web­site in an attrac­tive manner and facil­i­tate the use of cer­tain func­tions, we use cookies on our web­site. This is a stan­dard Internet tech­nology for storing and accessing login and other usage infor­ma­tion for all vis­i­tors to the Harro Höfliger GmbH web­site. Cookies are small text files that are stored on your end device. They make it pos­sible, among other things, for us to store user set­tings so that our web­site can be dis­played in a cus­tomized manner on your device. Some of the cookies we use are erased after the browser ses­sion ends – that is, after you close your browser (ses­sion cookies). Other cookies remain on your device and allow us or our partner com­pa­nies to rec­og­nize your browser on your next visit (per­sis­tent cookies).

You can con­figure your browser so that you are informed about the set­ting of cookies and decide on an indi­vidual basis whether to accept them, or bar the accep­tance of cookies for cer­tain cases or in gen­eral. Fur­ther­more, cookies can be erased after­wards in order to remove data that web­sites have stored on your com­puter. You can easily find instruc­tions on how to do this online. Deac­ti­vating cookies can lead to some lim­i­ta­tions in the func­tion­ality of the Harro Höfliger GmbH websites.

Use of Google Analytics

This web­site uses fea­tures of the Google Ana­lytics web ana­lytics ser­vice. The provider is Google Inc., 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA. Google Ana­lytics uses “cookies”, which are text files that are saved on your com­puter and enable the analysis of your use of the web­site. The infor­ma­tion gen­er­ated by the cookies about your use of this web­site (including your IP address) is trans­mitted to Google’s server in the USA and saved there. Google will use this infor­ma­tion to eval­uate your use of the web­site, com­pile reports about web­site activity for web­site oper­a­tors and pro­vide addi­tional ser­vices asso­ci­ated with web­site usage and Internet usage. Google may also transfer this infor­ma­tion to third par­ties, pro­vided this is required by law or if third par­ties process this data on behalf of Google.

Pre­venting the storage of cookies

You can pre­vent cookies from being stored by selecting the cor­re­sponding set­ting in your browser soft­ware. How­ever, we advise against this because then you may not be able to fully uti­lize all of the func­tions of this web­site. By using this web­site, you agree to Google pro­cessing the data col­lected about you in the manner and for the pur­poses set out above.

IP anonymiza­tion

We have acti­vated the IP anonymiza­tion fea­ture on this web­site. This means that your IP address is short­ened by Google within Member States of the Euro­pean Union or in other states that are par­ties to the Treaty of the Euro­pean Eco­nomic Area before being trans­ferred to the USA.

Objecting to data collection

If you do not want Google to receive data from your browser when you access the site, the opt out solu­tion for Google Ana­lytics can be found here:, This plugin pre­vents the browser from requesting the ana­lytics code, meaning that Google receives no data when you access the site. The plugin is only avail­able for Internet Explorer 7 and 8, Firefox 3.x and Chrome. According to Google, the browser blocks the Google Ana­lytics script after instal­la­tion. You can find more infor­ma­tion on usage con­di­tions and data pro­tec­tion at and

Please note that Google Ana­lytics has been extended using the code “gat.anonymizeIp” on this web­site, in order to ensure the anonymized col­lec­tion of IP addresses (IP masking).

Demo­graphics with Google Analytics

This web­site uses the “Demo­graphics” fea­ture of Google Ana­lytics. This allows the prepa­ra­tion of reports that con­tain state­ments on the age, sex and inter­ests of vis­i­tors to the page. These data come from interest-based adver­tise­ments from Google as well as vis­itor data from third-party providers. These data cannot be assigned to any person in par­tic­ular. You can deac­ti­vate this fea­ture at any time using the dis­play set­tings in your Google account, or forbid the col­lec­tion of your data by Google Ana­lytics on a gen­eral basis, as shown in the “Objecting to data col­lec­tion” section.

Use of etracker

Our web­site uses the etracker analysis ser­vice. The provider is etracker GmbH, Erste Brun­nen­strasse 1, 20459 Ham­burg, Ger­many. Web analysis is the col­lec­tion, com­pi­la­tion and eval­u­a­tion of data about the behavior of web­site users. Among other things, a web analysis ser­vice col­lects data on the web­sites from which a data sub­ject has come to the web­site (refer­rers), which sub­pages are accessed, or how often and for how long a sub­page is viewed. A web analysis is mainly used to opti­mize a web­site and for the cost-ben­efit analysis of web advertising.

A usage pro­file can be cre­ated from the data using a pseu­donym. Cookies can be used for this pur­pose. Cookies are small text files that are locally stored in your browser’s cache. Cookies allow your browser to be rec­og­nized. The data col­lected using etracker tech­nology are not used to iden­tify vis­i­tors to our web­site per­son­ally, and are not com­bined with per­sonal data about the bearer of the pseu­donym without sep­a­rate per­mis­sion from the data subject.

You can object to the col­lec­tion and storage of data at any time, which will take effect for the future. To object to the future col­lec­tion and storage of your vis­itor data, you can obtain an opt-out cookie from etracker using the fol­lowing link. This ensures that no vis­itor data will be col­lected and stored from your browser by etracker in the future. This sets a cookie from etracker with the name “cnt­cookie”. Please do not delete this cookie as long as you wish to main­tain your objec­tion. You can find fur­ther infor­ma­tion in the etracker pri­vacy pro­vi­sions:

Order data processing

We have a con­tract with Google for the order pro­cessing of data, and fully imple­ment the strict require­ments of the German data pro­tec­tion author­i­ties when using Google Analytics.

Our offers on social media plat­forms (Social Media Links)

On var­ious social media plat­forms, we make offers (for example fan pages) avail­able online that pro­vide infor­ma­tion about Harro Höfliger Ver­pack­ungs­maschinen GmbH and give us the oppor­tu­nity to get in touch with you. We point out that we have no influ­ence on the pro­cessing of your per­sonal data on these plat­forms and only the respec­tive oper­ator of the plat­form has full knowl­edge of the con­tent of the trans­mitted data and their use.

As a rule, cookies are stored in your browser when you visit the respec­tive platform.

You may be affected by this data col­lec­tion even if you are not reg­is­tered on the respec­tive plat­form. It is beyond our knowl­edge whether the data reaches out­side the Euro­pean Eco­nomic Area.

The pro­cessing of per­sonal data on the plat­forms by us is based on Art. 6 para. 1 lit. f DSGVO. Our legit­i­mate interest lies in being able to por­tray Harro Höfliger Ver­pack­ungs­maschinen GmbH in a variety of ways to the out­side world and to use the pos­si­bility of com­mu­ni­ca­tion with our cus­tomers as effec­tively as possible.

In addi­tion, con­sent to data pro­cessing pur­suant to Art. 6 para. 1 lit. a DSGVO legal basis if you have given them to the plat­form operator.

You will receive detailed infor­ma­tion about the data pro­cessing of the plat­form oper­a­tors regarding the respec­tive objec­tion pos­si­bil­i­ties, the rights of access as well as spe­cific infor­ma­tion about the respec­tive plat­forms via the fol­lowing data pro­tec­tion instruc­tions of the respec­tive operators:

Use of Facebook

Provider: Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dublin 2, Irland Pri­vacy State­ment:


The fea­tures of the Face­book ser­vice are inte­grated into our web­site. If you visit our web­site, the link cre­ates a direct con­nec­tion between your browser and the Face­book server. Face­book then receives the infor­ma­tion that you have vis­ited our web­site using your IP address. If you click on the Face­book “Like Button” while logged in to your Face­book account, the con­tent of our web­site may be linked to your Face­book pro­file. Face­book can thus asso­ciate your visit to our web­site with your user account. Please note that, as the provider of the web­site, we do not receive any knowl­edge of the con­tent of the trans­ferred data or the use of this data by Facebook.

Spe­cific infor­ma­tion on Face­book fan pages: When vis­iting our Face­book fan page, Face­book processes your per­sonal data (Face­book Insights). These data are trans­mitted to us by Face­book in the con­text of Face­book Insights anonymized. This anony­mous data is sta­tis­tical infor­ma­tion about our fan page subscribers.

In addi­tion, we receive from Face­book pro­file data from you, if you interact with us or our site, for example, like or com­ment on posts or write us via Face­book or follow our page.

If you do not want Face­book to be able to asso­ciate your visit to our web­site with your Face­book user account, please log out of your Face­book user account.

Face­book Pixel, Custom Audi­ences and Face­book Conversion

As part of our online offer­ings, we use the Face­book pixel based on our legit­i­mate interest in analysis, opti­miza­tion and the eco­nomic oper­a­tion of our online offer­ings. The Face­book pixel belongs to the Face­book social net­work, which is oper­ated by Face­book Inc, 1 Hacker Way, Menlo Park CA 94025, USA, or, if you are a res­i­dent of the EU, Face­book Ire­land Ltd., 4 Grand Canal Square, Dublin 2, Ire­land (here­after “Face­book”).

Face­book is cer­ti­fied under the Pri­vacy Shield Agree­ment, which guar­an­tees com­pli­ance with Euro­pean data pro­tec­tion leg­is­la­tion (

By using the Face­book pixel, it is pos­sible for Face­book to iden­tify vis­i­tors to our online offer­ings as a target group for dis­playing adver­tise­ments (“Face­book Ads”). Accord­ingly, we use the Face­book pixel to dis­play the Face­book ads we place only to Face­book users who have shown interest in our online offer­ings or cer­tain fea­tures (e.g. interest in cer­tain sub­jects or prod­ucts as deter­mined by the web­sites vis­ited), which we submit to Face­book (“custom audi­ences”). Thanks to the Face­book pixel, we would also like to ensure that our Face­book ads match users’ poten­tial inter­ests, and are not annoying. We use the Face­book pixel to fur­ther under­stand the effec­tive­ness of Face­book adver­tise­ments for sta­tis­tical and market devel­op­ment pur­poses, as we see whether users were trans­ferred to our web­site after clicking on a Face­book ad (“con­ver­sion”).

The pro­cessing of data by Face­book is car­ried out in accor­dance with Face­book’s Data Use Policy. Accord­ingly, gen­eral infor­ma­tion on the dis­playing of Face­book ads is avail­able from Face­book’s Data Use Policy: You can find spe­cial infor­ma­tion and details on the Face­book pixel and its func­tioning in Facebook’s help sec­tion:

You can object to the col­lec­tion of your data by the Face­book pixel and its use to dis­play Face­book ads. To con­figure the kinds of adver­tise­ments that are shown to you on Face­book, you can access the Face­book site set up and follow the instruc­tions on con­fig­uring user-spe­cific adver­tise­ments: The set­tings are plat­form-neu­tral, meaning that they will be adopted by all devices, including desktop com­puters and mobile devices.

You can fur­ther object to the use of cookies used to mea­sure reach and adver­tising objec­tives through the opt-out site of the Net­work Adver­tising Ini­tia­tive (, as well as the US web­site ( or the Euro­pean web­site (

Use of LinkedIn

Provider: LinkedIn Cor­po­ra­tion., 2029 Stierlin Court, Moun­tain View, CA 94043, USA. Pri­vacy State­ment:

Our web­site uses fea­tures of the LinkedIn net­work. Every time one of our pages con­taining LinkedIn fea­tures are accessed, a con­nec­tion is estab­lished to the LinkedIn servers. LinkedIn is thereby informed that you have vis­ited our web­site using your IP address. If you click the LinkedIn “Rec­om­mend” button while logged in to your LinkedIn account, LinkedIn is able to assign your visit to our web­site to you and your user account. Please note that, as the provider of the web­site, we do not receive any knowl­edge of the con­tent of the trans­ferred data or the use of this data by LinkedIn.

LinkedIn Spe­cific Infor­ma­tion: When you visit our LinkedIn Cor­po­rate Site, LinkedIn processes your per­sonal infor­ma­tion. This infor­ma­tion is trans­mitted to us through LinkedIn as part of LinkedIn Ana­lytics. These anonymized data are sta­tis­tical data of our fol­lowers. In addi­tion, LinkedIn will tell us your pro­file name when you interact with us or our site, for example, like or com­ment on amounts, or follow our pages.

Use of YouTube

Oper­ator: YouTube LLC, 901 Cherry Ave., San Bruno CA 94066, USA. Pri­vacy State­ment:


Our web­site uses fea­tures of the Google-oper­ated site, YouTube. When you use one of our sites with YouTube fea­tures, a con­nec­tion is estab­lished to the YouTube servers. This tells YouTube which of our pages you visited.

If you are logged into your YouTube account, you allow YouTube to assign your browsing behavior directly to your per­sonal pro­file. You can pre­vent this by log­ging out of your YouTube account.

Spe­cific Infor­ma­tion about Youtube Accounts or Chan­nels: When you visit our Youtube site, Youtube processes your per­sonal infor­ma­tion. These data are trans­mitted to us through Youtube as part of the Youtube STUDIO use anonymized. This anonymized data is sta­tis­tical infor­ma­tion about our channel subscribers.

In addi­tion, we’ll let Youtube know your Google+ pro­file user­name when inter­acting with us or our site, like liking or com­menting on videos or sub­scribing to our channel.

Con­tact form / Queries

On our site, you can to send us queries using a con­tact form. In this form, your infor­ma­tion from the con­tact form (the con­tent of your query) is stored by us, along with the con­tact infor­ma­tion you pro­vide on the form (name, com­pany, tele­phone, email and state) for the pur­pose of pro­cessing your query and for follow-up ques­tions. We do not dis­close these data without your con­sent. The legal basis for the col­lec­tion and pro­cessing of data is Article 6(1) GDPR.

The infor­ma­tion you enter in the con­tact form is retained by us until you ask us to erase it, revoke your con­sent to its storage or if the pur­pose of the data storage is no longer applic­able (e.g. after the pro­cessing of your query has been com­pleted). Manda­tory legal pro­vi­sions – in par­tic­ular, reten­tion periods – are not affected.

Email con­tact

When you send us queries or infor­ma­tion by email, your infor­ma­tion (email address, con­tent of your email, sub­ject and date of your email) are stored by us, including the con­tact data given (first name, last name; where appro­priate, tele­phone number and address) for the pur­pose of pro­cessing the query and for follow-up ques­tions. We do not dis­close these data without your con­sent. The legal basis for the col­lec­tion and pro­cessing of data is Article 6(1) GDPR.

The user is advised that emails can be read or changed without autho­riza­tion and without being noticed during transfer. Harro Höfliger GmbH uses soft­ware that fil­ters unde­sir­able email mes­sages (spam filter). Email mes­sages can be rejected by a spam filter if they are falsely iden­ti­fied as spam due to cer­tain characteristics.

The infor­ma­tion you enter is retained by us until you ask us to erase it, revoke your con­sent to its storage or if the pur­pose of the data storage is no longer applic­able (e.g. after the pro­cessing of your query has been com­pleted). Manda­tory legal pro­vi­sions – in par­tic­ular, reten­tion periods – are not affected.

Sub­scrip­tion to our newsletter

On our web­site, you can sub­scribe to our com­pa­ny’s newsletter. We use the newsletter to inform our clients and busi­ness part­ners about our com­pa­ny’s offer­ings on a reg­ular basis. To do this, we require a valid email address from you, as well as infor­ma­tion that allows us to check that you are the owner of the email address entered and have agreed to receive the newsletter. Other infor­ma­tion is not col­lected, or is only col­lected on a vol­un­tary basis. For legal rea­sons, a con­fir­ma­tion email is sent to the email address entered for a data sub­ject the first time it is entered, as part of a double opt-in pro­ce­dure. We use these data exclu­sively to send the newsletter and do not dis­close them to third par­ties. The legal basis for the col­lec­tion and pro­cessing of data is Article 6(1) GDPR.

During the newsletter reg­is­tra­tion, we also store the IP address pro­vided by the Internet ser­vice provider (ISP) of the com­puter used by the data sub­ject at the time of reg­is­tra­tion, as well as the date and time of reg­is­tra­tion. Col­lecting these data is nec­es­sary as part of our safe­guards to trace the (pos­sible) misuse of a data sub­ject’s email address at a later point.

You can revoke your con­sent to the storage of the data and email address, as well as the use of this infor­ma­tion to send the newsletter, at any time, for example, by clicking the “unsub­scribe” link in every newsletter. Alter­na­tively, you are wel­come to send your unsub­scribe request by email at any time to The legality of the data-pro­cessing oper­a­tions is unaf­fected by the revocation.

We store the data you have deposited with us for the pur­poses of sub­scribing to the newsletter until your removal, and erase them after you have unsub­scribed from the newsletter.

Cus­tomer Magazine

Our cus­tomer mag­a­zine is pub­lished under the fol­lowing link: The web­site uses Matomo, a cookie-based open-source web ana­lytics soft­ware plat­form, to ana­lyze the usage behavior of vis­i­tors to our web­site. The infor­ma­tion col­lected by the cookie (browser type and browser ver­sion, oper­ating system, your country of origin, date and time of server request, number of visits, your time spent on the web­site, as well as any external links that you have acti­vated) is saved to our server. This infor­ma­tion is used for the pur­pose of opti­mizing our web­site, in which we have a legit­i­mate interest within the meaning of Art. 6 (1) (f) of the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR).

This data is not passed on to any third party. It is stan­dard prac­tice to shorten or anonymize the IP address before saving. By anonymizing the IP address, it is impos­sible to iden­tify the user.

You may object to the anonymized data col­lec­tion by Matomo by des­e­lecting the checkbox. How­ever, we wish to point out that in this case you would then only have restricted use of the web­site as not all func­tions will be avail­able in full.

You may choose to pre­vent this web­site from aggre­gating and ana­lyzing the actions you take here. Doing so will pro­tect your pri­vacy, but will also pre­vent the owner from learning from your actions and cre­ating a better expe­ri­ence for you and other users.

Deleting your cookies will also delete the Matomo Opt-Out cookie. The opt out must be reac­ti­vated when returning to our website.

Sup­plier Col­lab­o­ra­tion Portal

The Sup­plier Col­lab­o­ra­tion Portal is a tool we use to manage our busi­ness rela­tion­ships with sup­pliers. The Sup­plier Col­lab­o­ra­tion Portal man­ages any col­lab­o­ra­tion with poten­tial or existing sup­pliers, for example infor­ma­tion pro­vided by the sup­plier, order pro­cessing, trans­port man­age­ment, etc.

Having a legit­i­mate interest in the effi­ciency of our busi­ness oper­a­tions and the secure run­ning of our sup­plier portal, we process the per­sonal data pro­vided by busi­ness con­tacts or by con­tacts of poten­tial and existing sup­pliers. Per­sonal data is processed for the exe­cu­tion of pre-con­trac­tual mea­sures and for the exe­cu­tion of con­tracts with poten­tial and existing suppliers.

The fol­lowing types of per­sonal data are processed when vis­iting or using the sup­plier portal:

  • Access and rights man­age­ment (e.g. user ID, user autho­riza­tions, login history)
  • Con­tact data (e.g. name, email, company)
  • Orga­ni­za­tion data (e.g. supplier’s man­aging director, con­tact person for logis­tics) — Com­mu­ni­ca­tion data (e.g. email for new request, email for offer status)
  • Doc­u­ment data (e.g. con­tact for sup­plier on invoice document)
  • Meta/transaction data (e.g. offer con­firmed on/by, order processed on/by)
  • Meta/communication data (device infor­ma­tion, IP addresses).

Fur­ther data pro­tec­tion infor­ma­tion with regard to the pro­cessing of per­sonal data from con­tact part­ners of poten­tial and existing sup­pliers, such as the length of time for which the data is saved, can be found here:

Career area / Online application

On our web­site, you can use the career area and/or send appli­ca­tions by email. The per­sonal data (basic infor­ma­tion, con­tact infor­ma­tion, attach­ments such as cover let­ters, resumes, ref­er­ences, etc.) from can­di­dates are col­lected and processed for the pur­poses of car­rying out the appli­ca­tion pro­ce­dure. The pro­cessing can also be per­formed elec­tron­i­cally. This occurs, in par­tic­ular, when a can­di­date sends the per­ti­nent appli­ca­tion doc­u­ments, for instance, by email or via a web form on the site to the con­troller. If the con­troller con­cludes an employ­ment con­tract with a can­di­date, the data trans­mitted for the pur­pose of entering into the employ­ment rela­tion­ship are stored in accor­dance with legal pro­vi­sions. If the con­troller does not con­clude an employ­ment con­tract with the can­di­date, the appli­ca­tion doc­u­ments are auto­mat­i­cally erased six months after noti­fi­ca­tion of the deci­sion to reject, as long as no other legit­i­mate inter­ests on the part of the con­troller pre­vent this. In such a case, other legit­i­mate inter­ests, would include the burden of proof in a process under the Gen­eral Act on Equal Treat­ment (AGG). The legal basis for the col­lec­tion and pro­cessing of data is Article 6(1) GDPR.

Web fonts

For the uni­form pre­sen­ta­tion of fonts, this site uses web fonts that have been pre­pared by When accessing a site, your browser loads the nec­es­sary web fonts in a cache in order to dis­play the text and fonts correctly.

The browser you use must estab­lish a con­nec­tion to the servers for this pur­pose. This informs the provider that your IP address was used to access our web­site. Web fonts are used in the interest of dis­playing our online offer­ings in a con­sis­tent and attrac­tive manner. This rep­re­sents a legit­i­mate interest within the meaning of Article 6(1)(f) GDPR.

If your browser does not sup­port web fonts, a stan­dard font will be used from your computer.

You can find more infor­ma­tion about web fonts at and in the Pri­vacy State­ment at: Dura­tion of retention

In prin­ciple, we store your data for as long as it is nec­es­sary for the delivery of our online offer­ings and the related ser­vices, or as long as pro­vided by the Euro­pean reg­u­la­tory author­i­ties or another leg­isla­tive authority in laws or pro­vi­sions to which the con­troller is sub­ject. In all other cases, we erase per­sonal data after their pur­pose has been ful­filled, with the excep­tion of such data as we must con­tinue to store to meet legal oblig­a­tions (for example, we are obliged by reten­tion periods under tax and com­mer­cial law to retain doc­u­ments such as con­tracts and invoices for a cer­tain period).

Dis­clo­sure to third parties

We dis­close your data to cer­tain third par­ties that pro­vide external ser­vices for us (proces­sors) for the pur­pose of being able to pro­vide appli­ca­tions and ser­vices. These include newsletter ser­vices, IT providers, etc. Dis­clo­sure to other third par­ties may occur in order to ful­fill our oblig­a­tions (author­i­ties, banks, social insur­ance agen­cies, etc.). Third par­ties process the data according to our instruc­tions; fur­ther­more, they are pro­hib­ited from using these data for their own com­mer­cial pur­poses that do not cor­re­spond to the agreed-upon purposes.

We must dis­close per­sonal data when we are obliged to do so in ongoing court pro­ceed­ings, on the basis of a decree, or by law (Article 6(1)(f) GDPR).

We only dis­close your per­sonal data to third par­ties if

  • you have com­mu­ni­cated your explicit con­sent to this under Article 6(1)(a) GDPR,
  • the dis­clo­sure is nec­es­sary under Article 6(1)(f) GDPR on asser­tion, exer­cise or defense of legal rights and there is no reason to believe that you have an over­riding interest worthy of pro­tec­tion in the non-dis­clo­sure of your data,
  • a legal oblig­a­tion to dis­close exists under Article 6(1)© GDPR, and
  • this is per­mitted by law and required for the pro­cessing of con­trac­tual rela­tion­ships with you in

accor­dance with Article 6(1)(b) GDPR.

If the pro­cessing of your data takes place out­side of Europe, e.g. in India, Brazil, China, Switzer­land, Sin­ga­pore or in the USA, this transfer occurs in com­pli­ance with all cur­rent data pro­tec­tion laws, and espe­cially with Article 44(f) GDPR.

Tech­nical security

Harro Höfliger GmbH employs tech­nical and orga­ni­za­tional secu­rity mea­sures to pro­tect your data admin­is­tered by us against acci­dental or delib­erate manip­u­la­tion, loss, destruc­tion or access by unau­tho­rized per­sons. Our secu­rity mea­sures are con­tin­u­ously being improved in accor­dance with tech­no­log­ical development.

This site uses SSL (secure socket layer) encryp­tion with the highest level of encryp­tion sup­ported by your browser for the pur­pose of the secu­rity and pro­tec­tion of trans­fers of con­fi­den­tial con­tent such as queries you send to us as a web­site oper­ator. You can tell if an indi­vidual page on our web­site is being trans­mitted using encryp­tion if the browser’s address line changes from “http://” to “https://”, and the lock symbol is shown in the address bar.

When SSL encryp­tion is acti­vated, the data you transmit to us cannot be read by third parties.

Please note that the transfer of data over the Internet (e.g. by email) may be vul­ner­able to secu­rity breaches. It is not pos­sible to com­pletely pro­tect data from being accessed by third parties.

Legal basis for processing

Article 6(1)(a) GDPR serves as a legal basis for our com­pa­ny’s data pro­cessing oper­a­tions, under which we obtain con­sent for a spe­cific pro­cessing objec­tive. If the pro­cessing of per­sonal data is nec­es­sary for the ful­fill­ment of a con­tract to which the data sub­ject is a party, as may be the case for data pro­cessing oper­a­tions that are nec­es­sary for the delivery of goods or the pro­vi­sion of a par­tic­ular ser­vice or con­tri­bu­tion, the pro­cessing is based on Article 6(1)(b) GDPR. The same applies to data pro­cessing oper­a­tions that are nec­es­sary to carry out pre-con­trac­tual mea­sures, for example in the event of queries regarding out prod­ucts or ser­vices. If our com­pany is sub­ject to a legal oblig­a­tion that neces­si­tates the pro­cessing of per­sonal data, such as the ful­fill­ment of tax oblig­a­tions, then pro­cessing is based on Article 6(1)© GDPR. In rare cases, the pro­cessing of per­sonal data may be nec­es­sary in order to pro­tect the vital inter­ests of the data sub­ject or another indi­vidual. This would be the case, for example, if a vis­itor to our busi­ness were to be injured and their name, age and health insur­ance data or other vital infor­ma­tion has to be dis­closed to a doctor, hos­pital or other third party. In that case, pro­cessing would be based on Article 6(1)(d) GDPR. Finally, data pro­cessing oper­a­tions could be based on Article 6(1)(f) GDPR. Data pro­cessing oper­a­tions that are not cov­ered by any of the legal bases indi­cated above are sup­ported by this legal basis if the pro­cessing is nec­es­sary to safe­guard a legit­i­mate interest of a com­pany or a third party, as long as it does not over­ride the inter­ests and fun­da­mental rights and free­doms of the data sub­ject. If the pro­cessing of per­sonal data is based on Article 6(1)(f) GDPR, our legit­i­mate interest is car­rying out our busi­ness activ­i­ties in the interest of the well-being of all of our employees and customers.

Legal or con­trac­tual pro­vi­sions on the pro­vi­sion of per­sonal data, neces­sity for the con­clu­sion of the con­tract, oblig­a­tion of the data sub­ject to pro­vide per­sonal data, pos­sible con­se­quences of non-provision

You should be aware that the pro­vi­sion of per­sonal data is some­times legally required (e.g. tax pro­vi­sions) or can come about as a result of con­trac­tual pro­vi­sions (e.g. Infor­ma­tion on the con­trac­tual partner). From time to time, it can be nec­es­sary for the con­clu­sion of a con­tract for a data sub­ject to make per­sonal data avail­able to us that sub­se­quently have to be processed by us. The data sub­ject may be obliged to pro­vide us with per­sonal data when our com­pany con­cludes a con­tract with them. The con­se­quence of not pro­viding per­sonal data is that the con­tract cannot be con­cluded with the data sub­ject. Before the pro­vi­sion of per­sonal data by the data sub­ject, the data sub­ject must con­tact one of our employees. Our employee will make the data sub­ject aware, on a case-by-case basis, of whether the pro­vi­sion of per­sonal data is legally or con­trac­tu­ally required, or nec­es­sary for the con­clu­sion of the con­tract, and whether there is an oblig­a­tion to pro­vide per­sonal data, and what con­se­quences the failure to pro­vide per­sonal data would have.

Notice for underage persons

This online offering is not aimed at chil­dren younger than 16. Per­sons who have not yet reached the age of 16 may not send any per­sonal data to Harro Höfliger GmbH without the con­sent of their legal guardians.

Rights of the data subject

You have the right to infor­ma­tion regarding the data stored by us, the dura­tion of the data reten­tion, the reason and legal basis for the storage and the origin and recip­i­ents of dis­clo­sures. Inac­cu­rate data must be cor­rected, data that is unlaw­fully stored or no longer required must be erased. In addi­tion, the data sub­ject has the right of objec­tion, a right to restric­tion of pro­cessing and the right to data portability.

This infor­ma­tion will be pre­pared at your request. This infor­ma­tion is free of charge. You also have the right to file a com­plaint with a super­vi­sory authority.

Revo­ca­tion of con­sent to data processing

Cer­tain data pro­cessing oper­a­tions are only pos­sible with your explicit con­sent. You can revoke con­sent at any point after granting it. An informal email noti­fi­ca­tion to suf­fices for this pur­pose. The legality of the data-pro­cessing car­ried out until the revo­ca­tion is unaf­fected by the revocation.

Respon­sible authority and con­tact infor­ma­tion of the external data pro­tec­tion officer

Respon­sible authority:

Harro Höfliger Ver­pack­ungs­maschinen GmbH
Helmholtzs­traße 4
71573 Allmers­bach im Tal 

Tel.: +49 7191 501 0

Con­tact infor­ma­tion of the external data pro­tec­tion officer:

Stefan Fischerkeller
Richard-Wagner-Str. 2
88094 Oberteuringen

Tel.: 07544 904 96 91
E‑Mail: fischerkeller(at)