Imprint & Data Pri­vacy Pro­tec­tion



Harro Höfliger Ver­pack­ungs­maschinen GmbH
Helmholtzs­traße 4
71573 Allmers­bach im Tal

Phone: +49 7191 501–0
Telefax: +49 7191 501‑5244


Man­aging direc­tors

Uwe Amann, Peter Claußnitzer, Turgay Gün­gormus, Hein­rich Haven­stein, Thomas Weller

Court of reg­ister

Court of dis­trict Stuttgart
HRB-Nr. 270490
Ust.Id.-Nr.: DE 144693557


Copy­right 2006–2014 Harro Höfliger Ver­pack­ungs­maschinen GmbH. All rights reserved.

All text, images, graphics, sound, video and ani­ma­tion files and their arrange­ments are sub­ject to copy­right laws and intel­lec­tual prop­erty pro­tec­tion.


Thomas Weller, CEO

Overall respon­si­bility:

Andreas Stre­icher

Edi­to­rial plan­ning & coor­di­na­tion:

Denise Dreher

Edi­to­rial team:

Rose­marie Christ, Markus von Mallinck­rodt, Jan Türk, Michael Waghub­inger;
Die Mag­a­ziniker GmbH: Christoph Kalscheuer, Tina Hof­mann, Rebekka Schramke, Monika Unkel­bach

Edi­to­rial assis­tance:

Dr. Karl­heinz Sey­fang, John van Tol

Con­cept and imple­men­ta­tion:

Die Mag­a­ziniker GmbH


Data Pri­vacy Pro­tec­tion

Harro Höfliger thanks you for your visit to our web­site and the interest you have shown in our com­pany and prod­ucts. The pro­tec­tion of your per­sonal data is very impor­tant for us. Harro Höfliger Ver­pack­ungs­maschinen GmbH (here­after referred to as “Harro Höfliger GmbH”, “we”, or “us”) values the safety of users’ data, as well as com­pli­ance with legal pro­vi­sions related to data pro­tec­tion.

Harro Höfliger GmbH web­sites may con­tain links to the web­sites of other providers not cov­ered by this Pri­vacy State­ment. The data that oper­a­tors of these sites may col­lect is beyond our knowl­edge and ability to influ­ence. You can obtain infor­ma­tion from the pri­vacy notice of the respec­tive site.

In the fol­lowing doc­u­ment, we will inform you in detail about how we handle your data.


The Pri­vacy State­ment is based on the ter­mi­nology used in the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR).

  • “Per­sonal data” are all infor­ma­tion that relate to an iden­ti­fied or iden­ti­fi­able indi­vidual (here­after referred to as a “data sub­ject”) (Article 4(1) GDPR). Your per­sonal data include infor­ma­tion such as your basic infor­ma­tion (first and last name, address and date of birth), your con­tact infor­ma­tion (tele­phone number, email address), billing data (bank account infor­ma­tion), and much more.
  • “Pro­cessing” is any oper­a­tion or set of oper­a­tions per­formed on per­sonal data, whether or not by auto­mated means, such as col­lec­tion, recording, orga­ni­za­tion, struc­turing, storage, adap­ta­tion or alter­ation, retrieval, con­sul­ta­tion, use, dis­clo­sure by trans­mis­sion, dis­sem­i­na­tion or oth­er­wise making avail­able, align­ment or com­bi­na­tion, restric­tion, era­sure or destruc­tion.
  • The “data sub­ject” is any iden­ti­fied or iden­ti­fi­able indi­vidual whose per­sonal data are processed by the con­troller.
  • The “con­troller” is the indi­vidual or legal entity, public authority, agency or other body that, either alone or jointly with others, decides on the pur­poses and means of the pro­cessing of per­sonal data. If the objec­tives and means of this pro­cessing are pre­scribed by Euro­pean Union or Member State law, the con­troller or the spe­cific cri­teria for their nom­i­na­tion may be pro­vided for under Union or Member State law.
  • The “processor” is an indi­vidual or legal entity, public authority, agency or other body that processes per­sonal data on behalf of the con­troller.
  • The “recip­ient” is an indi­vidual or legal entity, public authority, agency or other body, to which the per­sonal data are dis­closed, whether it is a third party or not. How­ever, public author­i­ties that may receive per­sonal data in the con­text of a par­tic­ular inquiry in accor­dance with Union or Member State law are not regarded as recip­i­ents.
  • A “third party” is an indi­vidual or legal entity, public authority, agency or body other than the data sub­ject, con­troller, processor or per­sons who, under the direct authority of the con­troller or processor, are autho­rized to process per­sonal data.
  • “Con­sent” is any informed and unam­biguous indi­ca­tion of the data sub­ject’s wishes given vol­un­tarily by the data sub­ject for the spe­cific case in the form of a state­ment or by a clear affir­ma­tive action, by which the data sub­ject sig­ni­fies that he or she agrees to the pro­cessing of per­sonal data relating to him or her.

Col­lec­tion and pro­cessing of per­sonal data

In prin­ciple, it is pos­sible to use our web­site without pro­viding any per­sonal data. To the extent that you wish to make use of cer­tain ser­vices offered by our com­pany via our web­site, the pro­cessing of per­sonal data may become nec­es­sary. If the pro­cessing of per­sonal data is nec­es­sary and no legal basis exists for such pro­cessing, we gen­er­ally obtain con­sent from the data sub­ject.

Anony­mous data col­lec­tion (server log files)

You can visit our site without actively giving infor­ma­tion about your person. How­ever, we do store access data every time the web­site is accessed (server log files), which include the name of your Internet ser­vice provider, the oper­ating system used, the web­site from which you visit us and the dura­tion of your visit or the name of the file requested. For secu­rity rea­sons (e.g. rec­og­nizing attacks on our web­sites), we also store the IP address of the com­puter used for a period of 60 days. These data are assessed exclu­sively for the improve­ment of our ser­vice and do not permit any infer­ences about your person. These data are not com­bined with other data sources. The legal basis for data pro­cessing is Article 6(1) GDPR. We process and use the data for the fol­lowing pur­poses: 1. Pro­viding the Harro Höfliger GmbH web­site, 2. Improving our web­site and 3. Pre­venting and detecting errors/malfunctions, as well as misuse of the web­site. This kind of data pro­cessing is under­taken either in ful­fill­ment of the agree­ment regarding the use of the Harro Höfliger GmbH web­site, or because we are pur­suing a legit­i­mate interest in the func­tion­ality and error-free oper­a­tion of the Harro Höfliger GmbH web­site, as well as cus­tomizing this web­site to user require­ments.

Use of cookie tracking

In order to dis­play our web­site in an attrac­tive manner and facil­i­tate the use of cer­tain func­tions, we use cookies on our web­site. This is a stan­dard Internet tech­nology for storing and accessing login and other usage infor­ma­tion for all vis­i­tors to the Harro Höfliger GmbH web­site. Cookies are small text files that are stored on your end device. They make it pos­sible, among other things, for us to store user set­tings so that our web­site can be dis­played in a cus­tomized manner on your device. Some of the cookies we use are erased after the browser ses­sion ends – that is, after you close your browser (ses­sion cookies). Other cookies remain on your device and allow us or our partner com­pa­nies to rec­og­nize your browser on your next visit (per­sis­tent cookies).

You can con­figure your browser so that you are informed about the set­ting of cookies and decide on an indi­vidual basis whether to accept them, or bar the accep­tance of cookies for cer­tain cases or in gen­eral. Fur­ther­more, cookies can be erased after­wards in order to remove data that web­sites have stored on your com­puter. You can easily find instruc­tions on how to do this online. Deac­ti­vating cookies can lead to some lim­i­ta­tions in the func­tion­ality of the Harro Höfliger GmbH web­sites.

Use of Google Ana­lytics

This web­site uses fea­tures of the Google Ana­lytics web ana­lytics ser­vice. The provider is Google Inc., 1600 Amphithe­atre Parkway, Moun­tain View, CA 94043, USA. Google Ana­lytics uses “cookies”, which are text files that are saved on your com­puter and enable the analysis of your use of the web­site. The infor­ma­tion gen­er­ated by the cookies about your use of this web­site (including your IP address) is trans­mitted to Google’s server in the USA and saved there. Google will use this infor­ma­tion to eval­uate your use of the web­site, com­pile reports about web­site activity for web­site oper­a­tors and pro­vide addi­tional ser­vices asso­ci­ated with web­site usage and Internet usage. Google may also transfer this infor­ma­tion to third par­ties, pro­vided this is required by law or if third par­ties process this data on behalf of Google.

Pre­venting the storage of cookies

You can pre­vent cookies from being stored by selecting the cor­re­sponding set­ting in your browser soft­ware. How­ever, we advise against this because then you may not be able to fully uti­lize all of the func­tions of this web­site. By using this web­site, you agree to Google pro­cessing the data col­lected about you in the manner and for the pur­poses set out above.

IP anonymiza­tion

We have acti­vated the IP anonymiza­tion fea­ture on this web­site. This means that your IP address is short­ened by Google within Member States of the Euro­pean Union or in other states that are par­ties to the Treaty of the Euro­pean Eco­nomic Area before being trans­ferred to the USA.

Objecting to data col­lec­tion

If you do not want Google to receive data from your browser when you access the site, the opt out solu­tion for Google Ana­lytics can be found here:, This plugin pre­vents the browser from requesting the ana­lytics code, meaning that Google receives no data when you access the site. The plugin is only avail­able for Internet Explorer 7 and 8, Firefox 3.x and Chrome. According to Google, the browser blocks the Google Ana­lytics script after instal­la­tion. You can find more infor­ma­tion on usage con­di­tions and data pro­tec­tion at and

Please note that Google Ana­lytics has been extended using the code “gat.anonymizeIp” on this web­site, in order to ensure the anonymized col­lec­tion of IP addresses (IP masking).

Demo­graphics with Google Ana­lytics

This web­site uses the “Demo­graphics” fea­ture of Google Ana­lytics. This allows the prepa­ra­tion of reports that con­tain state­ments on the age, sex and inter­ests of vis­i­tors to the page. These data come from interest-based adver­tise­ments from Google as well as vis­itor data from third-party providers. These data cannot be assigned to any person in par­tic­ular. You can deac­ti­vate this fea­ture at any time using the dis­play set­tings in your Google account, or forbid the col­lec­tion of your data by Google Ana­lytics on a gen­eral basis, as shown in the “Objecting to data col­lec­tion” sec­tion.

Use of etracker

Our web­site uses the etracker analysis ser­vice. The provider is etracker GmbH, Erste Brun­nen­strasse 1, 20459 Ham­burg, Ger­many. Web analysis is the col­lec­tion, com­pi­la­tion and eval­u­a­tion of data about the behavior of web­site users. Among other things, a web analysis ser­vice col­lects data on the web­sites from which a data sub­ject has come to the web­site (refer­rers), which sub­pages are accessed, or how often and for how long a sub­page is viewed. A web analysis is mainly used to opti­mize a web­site and for the cost-ben­efit analysis of web adver­tising.

A usage pro­file can be cre­ated from the data using a pseu­donym. Cookies can be used for this pur­pose. Cookies are small text files that are locally stored in your browser’s cache. Cookies allow your browser to be rec­og­nized. The data col­lected using etracker tech­nology are not used to iden­tify vis­i­tors to our web­site per­son­ally, and are not com­bined with per­sonal data about the bearer of the pseu­donym without sep­a­rate per­mis­sion from the data sub­ject.

You can object to the col­lec­tion and storage of data at any time, which will take effect for the future. To object to the future col­lec­tion and storage of your vis­itor data, you can obtain an opt-out cookie from etracker using the fol­lowing link. This ensures that no vis­itor data will be col­lected and stored from your browser by etracker in the future. This sets a cookie from etracker with the name “cnt­cookie”. Please do not delete this cookie as long as you wish to main­tain your objec­tion. You can find fur­ther infor­ma­tion in the etracker pri­vacy pro­vi­sions:

Order data pro­cessing

We have a con­tract with Google for the order pro­cessing of data, and fully imple­ment the strict require­ments of the German data pro­tec­tion author­i­ties when using Google Ana­lytics.

Our offers on social media plat­forms (Social Media Links)

On var­ious social media plat­forms, we make offers (for example fan pages) avail­able online that pro­vide infor­ma­tion about Harro Höfliger Ver­pack­ungs­maschinen GmbH and give us the oppor­tu­nity to get in touch with you. We point out that we have no influ­ence on the pro­cessing of your per­sonal data on these plat­forms and only the respec­tive oper­ator of the plat­form has full knowl­edge of the con­tent of the trans­mitted data and their use.

As a rule, cookies are stored in your browser when you visit the respec­tive plat­form.

You may be affected by this data col­lec­tion even if you are not reg­is­tered on the respec­tive plat­form. It is beyond our knowl­edge whether the data reaches out­side the Euro­pean Eco­nomic Area.

The pro­cessing of per­sonal data on the plat­forms by us is based on Art. 6 para. 1 lit. f DSGVO. Our legit­i­mate interest lies in being able to por­tray Harro Höfliger Ver­pack­ungs­maschinen GmbH in a variety of ways to the out­side world and to use the pos­si­bility of com­mu­ni­ca­tion with our cus­tomers as effec­tively as pos­sible.

In addi­tion, con­sent to data pro­cessing pur­suant to Art. 6 para. 1 lit. a DSGVO legal basis if you have given them to the plat­form oper­ator.

You will receive detailed infor­ma­tion about the data pro­cessing of the plat­form oper­a­tors regarding the respec­tive objec­tion pos­si­bil­i­ties, the rights of access as well as spe­cific infor­ma­tion about the respec­tive plat­forms via the fol­lowing data pro­tec­tion instruc­tions of the respec­tive oper­a­tors:

Use of Face­book

Provider: Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dublin 2, Irland Pri­vacy State­ment:


The fea­tures of the Face­book ser­vice are inte­grated into our web­site. If you visit our web­site, the link cre­ates a direct con­nec­tion between your browser and the Face­book server. Face­book then receives the infor­ma­tion that you have vis­ited our web­site using your IP address. If you click on the Face­book “Like Button” while logged in to your Face­book account, the con­tent of our web­site may be linked to your Face­book pro­file. Face­book can thus asso­ciate your visit to our web­site with your user account. Please note that, as the provider of the web­site, we do not receive any knowl­edge of the con­tent of the trans­ferred data or the use of this data by Face­book.

Spe­cific infor­ma­tion on Face­book fan pages: When vis­iting our Face­book fan page, Face­book processes your per­sonal data (Face­book Insights). These data are trans­mitted to us by Face­book in the con­text of Face­book Insights anonymized. This anony­mous data is sta­tis­tical infor­ma­tion about our fan page sub­scribers.

In addi­tion, we receive from Face­book pro­file data from you, if you interact with us or our site, for example, like or com­ment on posts or write us via Face­book or follow our page.

If you do not want Face­book to be able to asso­ciate your visit to our web­site with your Face­book user account, please log out of your Face­book user account.

Face­book Pixel, Custom Audi­ences and Face­book Con­ver­sion

As part of our online offer­ings, we use the Face­book pixel based on our legit­i­mate interest in analysis, opti­miza­tion and the eco­nomic oper­a­tion of our online offer­ings. The Face­book pixel belongs to the Face­book social net­work, which is oper­ated by Face­book Inc, 1 Hacker Way, Menlo Park CA 94025, USA, or, if you are a res­i­dent of the EU, Face­book Ire­land Ltd., 4 Grand Canal Square, Dublin 2, Ire­land (here­after “Face­book”).

Face­book is cer­ti­fied under the Pri­vacy Shield Agree­ment, which guar­an­tees com­pli­ance with Euro­pean data pro­tec­tion leg­is­la­tion (

By using the Face­book pixel, it is pos­sible for Face­book to iden­tify vis­i­tors to our online offer­ings as a target group for dis­playing adver­tise­ments (“Face­book Ads”). Accord­ingly, we use the Face­book pixel to dis­play the Face­book ads we place only to Face­book users who have shown interest in our online offer­ings or cer­tain fea­tures (e.g. interest in cer­tain sub­jects or prod­ucts as deter­mined by the web­sites vis­ited), which we submit to Face­book (“custom audi­ences”). Thanks to the Face­book pixel, we would also like to ensure that our Face­book ads match users’ poten­tial inter­ests, and are not annoying. We use the Face­book pixel to fur­ther under­stand the effec­tive­ness of Face­book adver­tise­ments for sta­tis­tical and market devel­op­ment pur­poses, as we see whether users were trans­ferred to our web­site after clicking on a Face­book ad (“con­ver­sion”).

The pro­cessing of data by Face­book is car­ried out in accor­dance with Face­book’s Data Use Policy. Accord­ingly, gen­eral infor­ma­tion on the dis­playing of Face­book ads is avail­able from Face­book’s Data Use Policy: You can find spe­cial infor­ma­tion and details on the Face­book pixel and its func­tioning in Facebook’s help sec­tion:

You can object to the col­lec­tion of your data by the Face­book pixel and its use to dis­play Face­book ads. To con­figure the kinds of adver­tise­ments that are shown to you on Face­book, you can access the Face­book site set up and follow the instruc­tions on con­fig­uring user-spe­cific adver­tise­ments: The set­tings are plat­form-neu­tral, meaning that they will be adopted by all devices, including desktop com­puters and mobile devices.

You can fur­ther object to the use of cookies used to mea­sure reach and adver­tising objec­tives through the opt-out site of the Net­work Adver­tising Ini­tia­tive (, as well as the US web­site ( or the Euro­pean web­site (

Use of LinkedIn

Provider: LinkedIn Cor­po­ra­tion., 2029 Stierlin Court, Moun­tain View, CA 94043, USA. Pri­vacy State­ment:

Our web­site uses fea­tures of the LinkedIn net­work. Every time one of our pages con­taining LinkedIn fea­tures are accessed, a con­nec­tion is estab­lished to the LinkedIn servers. LinkedIn is thereby informed that you have vis­ited our web­site using your IP address. If you click the LinkedIn “Rec­om­mend” button while logged in to your LinkedIn account, LinkedIn is able to assign your visit to our web­site to you and your user account. Please note that, as the provider of the web­site, we do not receive any knowl­edge of the con­tent of the trans­ferred data or the use of this data by LinkedIn.

LinkedIn Spe­cific Infor­ma­tion: When you visit our LinkedIn Cor­po­rate Site, LinkedIn processes your per­sonal infor­ma­tion. This infor­ma­tion is trans­mitted to us through LinkedIn as part of LinkedIn Ana­lytics. These anonymized data are sta­tis­tical data of our fol­lowers. In addi­tion, LinkedIn will tell us your pro­file name when you interact with us or our site, for example, like or com­ment on amounts, or follow our pages.

Use of YouTube

Oper­ator: YouTube LLC, 901 Cherry Ave., San Bruno CA 94066, USA. Pri­vacy State­ment:


Our web­site uses fea­tures of the Google-oper­ated site, YouTube. When you use one of our sites with YouTube fea­tures, a con­nec­tion is estab­lished to the YouTube servers. This tells YouTube which of our pages you vis­ited.

If you are logged into your YouTube account, you allow YouTube to assign your browsing behavior directly to your per­sonal pro­file. You can pre­vent this by log­ging out of your YouTube account.

Spe­cific Infor­ma­tion about Youtube Accounts or Chan­nels: When you visit our Youtube site, Youtube processes your per­sonal infor­ma­tion. These data are trans­mitted to us through Youtube as part of the Youtube STUDIO use anonymized. This anonymized data is sta­tis­tical infor­ma­tion about our channel sub­scribers.

In addi­tion, we’ll let Youtube know your Google+ pro­file user­name when inter­acting with us or our site, like liking or com­menting on videos or sub­scribing to our channel.

Con­tact form / Queries

On our site, you can to send us queries using a con­tact form. In this form, your infor­ma­tion from the con­tact form (the con­tent of your query) is stored by us, along with the con­tact infor­ma­tion you pro­vide on the form (name, com­pany, tele­phone, email and state) for the pur­pose of pro­cessing your query and for follow-up ques­tions. We do not dis­close these data without your con­sent. The legal basis for the col­lec­tion and pro­cessing of data is Article 6(1) GDPR.

The infor­ma­tion you enter in the con­tact form is retained by us until you ask us to erase it, revoke your con­sent to its storage or if the pur­pose of the data storage is no longer applic­able (e.g. after the pro­cessing of your query has been com­pleted). Manda­tory legal pro­vi­sions – in par­tic­ular, reten­tion periods – are not affected.

Email con­tact

When you send us queries or infor­ma­tion by email, your infor­ma­tion (email address, con­tent of your email, sub­ject and date of your email) are stored by us, including the con­tact data given (first name, last name; where appro­priate, tele­phone number and address) for the pur­pose of pro­cessing the query and for follow-up ques­tions. We do not dis­close these data without your con­sent. The legal basis for the col­lec­tion and pro­cessing of data is Article 6(1) GDPR.

The user is advised that emails can be read or changed without autho­riza­tion and without being noticed during transfer. Harro Höfliger GmbH uses soft­ware that fil­ters unde­sir­able email mes­sages (spam filter). Email mes­sages can be rejected by a spam filter if they are falsely iden­ti­fied as spam due to cer­tain char­ac­ter­is­tics.

The infor­ma­tion you enter is retained by us until you ask us to erase it, revoke your con­sent to its storage or if the pur­pose of the data storage is no longer applic­able (e.g. after the pro­cessing of your query has been com­pleted). Manda­tory legal pro­vi­sions – in par­tic­ular, reten­tion periods – are not affected.

Sub­scrip­tion to our newsletter

On our web­site, you can sub­scribe to our com­pa­ny’s newsletter. We use the newsletter to inform our clients and busi­ness part­ners about our com­pa­ny’s offer­ings on a reg­ular basis. To do this, we require a valid email address from you, as well as infor­ma­tion that allows us to check that you are the owner of the email address entered and have agreed to receive the newsletter. Other infor­ma­tion is not col­lected, or is only col­lected on a vol­un­tary basis. For legal rea­sons, a con­fir­ma­tion email is sent to the email address entered for a data sub­ject the first time it is entered, as part of a double opt-in pro­ce­dure. We use these data exclu­sively to send the newsletter and do not dis­close them to third par­ties. The legal basis for the col­lec­tion and pro­cessing of data is Article 6(1) GDPR.

During the newsletter reg­is­tra­tion, we also store the IP address pro­vided by the Internet ser­vice provider (ISP) of the com­puter used by the data sub­ject at the time of reg­is­tra­tion, as well as the date and time of reg­is­tra­tion. Col­lecting these data is nec­es­sary as part of our safe­guards to trace the (pos­sible) misuse of a data sub­ject’s email address at a later point.

You can revoke your con­sent to the storage of the data and email address, as well as the use of this infor­ma­tion to send the newsletter, at any time, for example, by clicking the “unsub­scribe” link in every newsletter. Alter­na­tively, you are wel­come to send your unsub­scribe request by email at any time to The legality of the data-pro­cessing oper­a­tions is unaf­fected by the revo­ca­tion.

We store the data you have deposited with us for the pur­poses of sub­scribing to the newsletter until your removal, and erase them after you have unsub­scribed from the newsletter.

Cus­tomer Mag­a­zine

Our cus­tomer mag­a­zine is pub­lished under the fol­lowing link: The web­site uses Matomo, a cookie-based open-source web ana­lytics soft­ware plat­form, to ana­lyze the usage behavior of vis­i­tors to our web­site. The infor­ma­tion col­lected by the cookie (browser type and browser ver­sion, oper­ating system, your country of origin, date and time of server request, number of visits, your time spent on the web­site, as well as any external links that you have acti­vated) is saved to our server. This infor­ma­tion is used for the pur­pose of opti­mizing our web­site, in which we have a legit­i­mate interest within the meaning of Art. 6 (1) (f) of the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR).

This data is not passed on to any third party. It is stan­dard prac­tice to shorten or anonymize the IP address before saving. By anonymizing the IP address, it is impos­sible to iden­tify the user.

You may object to the anonymized data col­lec­tion by Matomo by des­e­lecting the checkbox. How­ever, we wish to point out that in this case you would then only have restricted use of the web­site as not all func­tions will be avail­able in full.

Deleting your cookies will also delete the Matomo Opt-Out cookie. The opt out must be reac­ti­vated when returning to our web­site.

Sup­plier Col­lab­o­ra­tion Portal

The Sup­plier Col­lab­o­ra­tion Portal is a tool we use to manage our busi­ness rela­tion­ships with sup­pliers. The Sup­plier Col­lab­o­ra­tion Portal man­ages any col­lab­o­ra­tion with poten­tial or existing sup­pliers, for example infor­ma­tion pro­vided by the sup­plier, order pro­cessing, trans­port man­age­ment, etc.

Having a legit­i­mate interest in the effi­ciency of our busi­ness oper­a­tions and the secure run­ning of our sup­plier portal, we process the per­sonal data pro­vided by busi­ness con­tacts or by con­tacts of poten­tial and existing sup­pliers. Per­sonal data is processed for the exe­cu­tion of pre-con­trac­tual mea­sures and for the exe­cu­tion of con­tracts with poten­tial and existing sup­pliers.

The fol­lowing types of per­sonal data are processed when vis­iting or using the sup­plier portal:

  • Access and rights man­age­ment (e.g. user ID, user autho­riza­tions, login his­tory)
  • Con­tact data (e.g. name, email, com­pany)
  • Orga­ni­za­tion data (e.g. supplier’s man­aging director, con­tact person for logis­tics) — Com­mu­ni­ca­tion data (e.g. email for new request, email for offer status)
  • Doc­u­ment data (e.g. con­tact for sup­plier on invoice doc­u­ment)
  • Meta/transaction data (e.g. offer con­firmed on/by, order processed on/by)
  • Meta/communication data (device infor­ma­tion, IP addresses).

Fur­ther data pro­tec­tion infor­ma­tion with regard to the pro­cessing of per­sonal data from con­tact part­ners of poten­tial and existing sup­pliers, such as the length of time for which the data is saved, can be found here:

Career area / Online appli­ca­tion

On our web­site, you can use the career area and/or send appli­ca­tions by email. The per­sonal data (basic infor­ma­tion, con­tact infor­ma­tion, attach­ments such as cover let­ters, resumes, ref­er­ences, etc.) from can­di­dates are col­lected and processed for the pur­poses of car­rying out the appli­ca­tion pro­ce­dure. The pro­cessing can also be per­formed elec­tron­i­cally. This occurs, in par­tic­ular, when a can­di­date sends the per­ti­nent appli­ca­tion doc­u­ments, for instance, by email or via a web form on the site to the con­troller. If the con­troller con­cludes an employ­ment con­tract with a can­di­date, the data trans­mitted for the pur­pose of entering into the employ­ment rela­tion­ship are stored in accor­dance with legal pro­vi­sions. If the con­troller does not con­clude an employ­ment con­tract with the can­di­date, the appli­ca­tion doc­u­ments are auto­mat­i­cally erased six months after noti­fi­ca­tion of the deci­sion to reject, as long as no other legit­i­mate inter­ests on the part of the con­troller pre­vent this. In such a case, other legit­i­mate inter­ests, would include the burden of proof in a process under the Gen­eral Act on Equal Treat­ment (AGG). The legal basis for the col­lec­tion and pro­cessing of data is Article 6(1) GDPR.

Web fonts

For the uni­form pre­sen­ta­tion of fonts, this site uses web fonts that have been pre­pared by When accessing a site, your browser loads the nec­es­sary web fonts in a cache in order to dis­play the text and fonts cor­rectly.

The browser you use must estab­lish a con­nec­tion to the servers for this pur­pose. This informs the provider that your IP address was used to access our web­site. Web fonts are used in the interest of dis­playing our online offer­ings in a con­sis­tent and attrac­tive manner. This rep­re­sents a legit­i­mate interest within the meaning of Article 6(1)(f) GDPR.

If your browser does not sup­port web fonts, a stan­dard font will be used from your com­puter.

You can find more infor­ma­tion about web fonts at and in the Pri­vacy State­ment at: Dura­tion of reten­tion

In prin­ciple, we store your data for as long as it is nec­es­sary for the delivery of our online offer­ings and the related ser­vices, or as long as pro­vided by the Euro­pean reg­u­la­tory author­i­ties or another leg­isla­tive authority in laws or pro­vi­sions to which the con­troller is sub­ject. In all other cases, we erase per­sonal data after their pur­pose has been ful­filled, with the excep­tion of such data as we must con­tinue to store to meet legal oblig­a­tions (for example, we are obliged by reten­tion periods under tax and com­mer­cial law to retain doc­u­ments such as con­tracts and invoices for a cer­tain period).

Dis­clo­sure to third par­ties

We dis­close your data to cer­tain third par­ties that pro­vide external ser­vices for us (proces­sors) for the pur­pose of being able to pro­vide appli­ca­tions and ser­vices. These include newsletter ser­vices, IT providers, etc. Dis­clo­sure to other third par­ties may occur in order to ful­fill our oblig­a­tions (author­i­ties, banks, social insur­ance agen­cies, etc.). Third par­ties process the data according to our instruc­tions; fur­ther­more, they are pro­hib­ited from using these data for their own com­mer­cial pur­poses that do not cor­re­spond to the agreed-upon pur­poses.

We must dis­close per­sonal data when we are obliged to do so in ongoing court pro­ceed­ings, on the basis of a decree, or by law (Article 6(1)(f) GDPR).

We only dis­close your per­sonal data to third par­ties if

  • you have com­mu­ni­cated your explicit con­sent to this under Article 6(1)(a) GDPR,
  • the dis­clo­sure is nec­es­sary under Article 6(1)(f) GDPR on asser­tion, exer­cise or defense of legal rights and there is no reason to believe that you have an over­riding interest worthy of pro­tec­tion in the non-dis­clo­sure of your data,
  • a legal oblig­a­tion to dis­close exists under Article 6(1)© GDPR, and
  • this is per­mitted by law and required for the pro­cessing of con­trac­tual rela­tion­ships with you in

accor­dance with Article 6(1)(b) GDPR.

If the pro­cessing of your data takes place out­side of Europe, e.g. in India, Brazil, China, Switzer­land, Sin­ga­pore or in the USA, this transfer occurs in com­pli­ance with all cur­rent data pro­tec­tion laws, and espe­cially with Article 44(f) GDPR.

Tech­nical secu­rity

Harro Höfliger GmbH employs tech­nical and orga­ni­za­tional secu­rity mea­sures to pro­tect your data admin­is­tered by us against acci­dental or delib­erate manip­u­la­tion, loss, destruc­tion or access by unau­tho­rized per­sons. Our secu­rity mea­sures are con­tin­u­ously being improved in accor­dance with tech­no­log­ical devel­op­ment.

This site uses SSL (secure socket layer) encryp­tion with the highest level of encryp­tion sup­ported by your browser for the pur­pose of the secu­rity and pro­tec­tion of trans­fers of con­fi­den­tial con­tent such as queries you send to us as a web­site oper­ator. You can tell if an indi­vidual page on our web­site is being trans­mitted using encryp­tion if the browser’s address line changes from “http://” to “https://”, and the lock symbol is shown in the address bar.

When SSL encryp­tion is acti­vated, the data you transmit to us cannot be read by third par­ties.

Please note that the transfer of data over the Internet (e.g. by email) may be vul­ner­able to secu­rity breaches. It is not pos­sible to com­pletely pro­tect data from being accessed by third par­ties.

Legal basis for pro­cessing

Article 6(1)(a) GDPR serves as a legal basis for our com­pa­ny’s data pro­cessing oper­a­tions, under which we obtain con­sent for a spe­cific pro­cessing objec­tive. If the pro­cessing of per­sonal data is nec­es­sary for the ful­fill­ment of a con­tract to which the data sub­ject is a party, as may be the case for data pro­cessing oper­a­tions that are nec­es­sary for the delivery of goods or the pro­vi­sion of a par­tic­ular ser­vice or con­tri­bu­tion, the pro­cessing is based on Article 6(1)(b) GDPR. The same applies to data pro­cessing oper­a­tions that are nec­es­sary to carry out pre-con­trac­tual mea­sures, for example in the event of queries regarding out prod­ucts or ser­vices. If our com­pany is sub­ject to a legal oblig­a­tion that neces­si­tates the pro­cessing of per­sonal data, such as the ful­fill­ment of tax oblig­a­tions, then pro­cessing is based on Article 6(1)© GDPR. In rare cases, the pro­cessing of per­sonal data may be nec­es­sary in order to pro­tect the vital inter­ests of the data sub­ject or another indi­vidual. This would be the case, for example, if a vis­itor to our busi­ness were to be injured and their name, age and health insur­ance data or other vital infor­ma­tion has to be dis­closed to a doctor, hos­pital or other third party. In that case, pro­cessing would be based on Article 6(1)(d) GDPR. Finally, data pro­cessing oper­a­tions could be based on Article 6(1)(f) GDPR. Data pro­cessing oper­a­tions that are not cov­ered by any of the legal bases indi­cated above are sup­ported by this legal basis if the pro­cessing is nec­es­sary to safe­guard a legit­i­mate interest of a com­pany or a third party, as long as it does not over­ride the inter­ests and fun­da­mental rights and free­doms of the data sub­ject. If the pro­cessing of per­sonal data is based on Article 6(1)(f) GDPR, our legit­i­mate interest is car­rying out our busi­ness activ­i­ties in the interest of the well-being of all of our employees and cus­tomers.

Legal or con­trac­tual pro­vi­sions on the pro­vi­sion of per­sonal data, neces­sity for the con­clu­sion of the con­tract, oblig­a­tion of the data sub­ject to pro­vide per­sonal data, pos­sible con­se­quences of non-pro­vi­sion

You should be aware that the pro­vi­sion of per­sonal data is some­times legally required (e.g. tax pro­vi­sions) or can come about as a result of con­trac­tual pro­vi­sions (e.g. Infor­ma­tion on the con­trac­tual partner). From time to time, it can be nec­es­sary for the con­clu­sion of a con­tract for a data sub­ject to make per­sonal data avail­able to us that sub­se­quently have to be processed by us. The data sub­ject may be obliged to pro­vide us with per­sonal data when our com­pany con­cludes a con­tract with them. The con­se­quence of not pro­viding per­sonal data is that the con­tract cannot be con­cluded with the data sub­ject. Before the pro­vi­sion of per­sonal data by the data sub­ject, the data sub­ject must con­tact one of our employees. Our employee will make the data sub­ject aware, on a case-by-case basis, of whether the pro­vi­sion of per­sonal data is legally or con­trac­tu­ally required, or nec­es­sary for the con­clu­sion of the con­tract, and whether there is an oblig­a­tion to pro­vide per­sonal data, and what con­se­quences the failure to pro­vide per­sonal data would have.

Notice for underage per­sons

This online offering is not aimed at chil­dren younger than 16. Per­sons who have not yet reached the age of 16 may not send any per­sonal data to Harro Höfliger GmbH without the con­sent of their legal guardians.

Rights of the data sub­ject

You have the right to infor­ma­tion regarding the data stored by us, the dura­tion of the data reten­tion, the reason and legal basis for the storage and the origin and recip­i­ents of dis­clo­sures. Inac­cu­rate data must be cor­rected, data that is unlaw­fully stored or no longer required must be erased. In addi­tion, the data sub­ject has the right of objec­tion, a right to restric­tion of pro­cessing and the right to data porta­bility.

This infor­ma­tion will be pre­pared at your request. This infor­ma­tion is free of charge. You also have the right to file a com­plaint with a super­vi­sory authority.

Revo­ca­tion of con­sent to data pro­cessing

Cer­tain data pro­cessing oper­a­tions are only pos­sible with your explicit con­sent. You can revoke con­sent at any point after granting it. An informal email noti­fi­ca­tion to suf­fices for this pur­pose. The legality of the data-pro­cessing car­ried out until the revo­ca­tion is unaf­fected by the revo­ca­tion.

Respon­sible authority and con­tact infor­ma­tion of the external data pro­tec­tion officer

Respon­sible authority:

Harro Höfliger Ver­pack­ungs­maschinen GmbH
Helmholtzs­traße 4
71573 Allmers­bach im Tal

Tel.: +49 7191 501 0

Con­tact infor­ma­tion of the external data pro­tec­tion officer:

Stefan Fis­cherkeller
Richard-Wagner-Str. 2
88094 Ober­teuringen

Tel.: 07544 904 96 91
E‑Mail: fischerkeller(at)