Data Privacy Statement

General note and mandatory information

The protection of data privacy of individuals in the internet is decisive for the future of business transactions in the internet and the development towards a true internet economy. By this statement, Hilliges Gipswerk GmbH & Co. KG wish to underline their commitment to secure and trustworthy trading in the internet and the protection of privacy and personality rights of each individual person.

Designation of the responsible entity

Responsible entity for data processing on this website is:

Hilliges Gipswerk GmbH & Co. KG
Hüttenweg 1
37520 Osterode am Harz

The responsible entity shall, either individually or in cooperation with third parties, decide about the purposes and means of processing personally identifiable information (e.g. names, contact details etc.).

Withdrawal of your consent to data processing

Certain data processing procedures shall only be possible with your explicit agreement. You may withdraw your previously granted consent any time. For such a withdrawal, an informal information by e-mail will be sufficient. The legality of data processing carried out until such withdrawal shall not be affected by such withdrawal.

Right to complain to the competent supervisory authority

You as a person concerned have a right to appeal to the responsible supervisory authority in the event of any infringement of data privacy law. The responsible supervisory authority with regard to issues of data privacy is the Landesdatenschutzbeauftragte (Commissioner for Data Protection) of the Federal State, where our company has its registered office. At the following link, a list of the Data Protection Commissioners and their contact details is provided:

Right to data portability

You are entitled to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or a third party. This provision will be carried out in a machine-readable format. Should you demand direct transmission of the data to another responsible entity, this will only be carried out to the extent that it is technically feasible.

Right to information, correction, blocking, deletion

Within the framework of valid legal provisions, you are entitled at all times to receive information - free of charge - on your personally identifiable information that has been stored, the origin of such data, their recipients and the purpose of data processing, if applicable, you are also entitled to have such data corrected, blocked or deleted. Regarding this and also regarding any other questions on the topic of personally identifiable information, you may contact us any time via the contact options listed in our legal notice.

SSL- and/or TLS-encoding

For safety reasons and to protect the transmission of confidential contents which you may send to us in our role as website operators, our website is using SSL- and/or TLS-encoding. This ensures that third parties will not be able to read data transmitted by you via this website. An encoded connection is indicated by the “https://“-address line of your browser and the lock symbol in the browser line.

Data privacy officer

We have appointed a data privacy officer.
If you have questions regarding personally identifiable information, please do not hesitate to contact us and our data privacy officer any time at



Hilliges Gipswerk GmbH & Co. KG
Hüttenweg 1
37520 Osterode am Harz

an uns und unseren Datenschutzbeauftragten wenden.

Server log files

The provider of our website will automatically collect and store information which was automatically transmitted to us by your browser in server log files. This information concerns:

  • Type and version of the browser
  • The operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server query
  • IP-address

These data cannot be traced back to specific persons. These data will not be combined with other data sources. The basis for data processing is Article 6(1) b of the General Data Protection Regulation, which allows processing of data for the purpose of fulfilling a contract or pre-contractual measures.

Duties to inform data subjects relating to the homepage of Hilliges Gipswerk GmbH & Co. KG

We, Hilliges Gipswerk GmbH & Co. KG, Hüttenweg 1 in 37520 Osterode am Harz, are glad to provide you with detailed information on the processing of your personal data (called “data” hereafter) according to Art. 13 of the General Data Protection Regulation of the European Union (GDPR).

The GDPR imposed on us and all other data controllers a number of duties serving the purpose of ensuring the protection of your data and the data of all data subjects during data processing. In goes without saying that these duties are fulfilled by us.

Below, we explain which of your data we process for which purposes and what rights you have in this context.

We process your data, which we, as a rule, receive from you and third parties within the framework of business relations. This concerns in particular contact details (name, first name, address, telephone numbers and e-mail address). When required for business transactions, banking data like bank name, account details, note to payee and, if required, credit card information will be used. Also information from accessible sources like information data bases and inquiry agencies (this may concern the internet, commercial registers etc.) will be used. In the end, we will also use other data which you make available to us on a voluntary basis within the framework of executing a project, a contractual relationship or its initiation.

Purposes of processing

Data processing is exclusively performed within the framework of legal provisions; in particular, we observe the rules of the GDPR and the Federal data protection law (DBSG).

We process your data for the following purposes:

  1. According to Art. 6 (1) (b) of the GDPR on the basis of the contract concluded with you and/or within the framework of contract initiation. This may e. g. concern the provision of contractual services and payment processing as well as the communication with business partners required in this context (contract negotiations, answering enquires about products and services etc.).
    The data will be processed for the purpose of supplying products and services which may have been ordered under a contract. In this context, your address data may be transmitted to logistics companies for the purpose of delivering the goods.

  2. Under Art. 6 (1) (a) of the GDPR, newsletters and advertisements will be mailed to you on the basis of your consent.

  3. On the basis of Ar. 6 (1) (c) of the GDPR, we may be required by legal provisions to store your data e.g. according to specifications under trade or tax law or to forward them in order to fulfil duties of reporting or disclosure towards public authorities.

  4. In some cases, our legitimate interest under Art. 6 (1) (f) GDPR may form the basis for us to process your data. This may e. g. apply to measures concerning IT-security and to ensure smooth business operations, to maintain our property rights, to be able to assert legal claims or to defend against such claims.

Disclosure of data to third parties

Data shall only be disclosed to third parties within the framework of legal provision. We shall only disclose user data to third parties, when this is necessary e. g. on the basis of Art. 6 (1) (b) of the GDPR for contractual purposes or on the basis of legitimate interests in an efficient and effective operation of our business activities under Art. 6 (1) (f) GDPR. Such third parties may be external service providers under Art. 28 GDPR.

To the extent that subcontractors are commissioned to provide our services, we shall take appropriate legal measures as well as suitable technical and organisational measures to ensure the protection of personal data in compliance with relevant rules and regulations.

Duration of processing

We shall process your data only for that period of time which is required for fulfilling our contract or applicable legal provisions as well as maintaining our relationship with you.

Business documents shall be archived for a maximum of 6 and/or 10 years as required by the Commercial Code and the Fiscal Code.

Unless you protest, we will use your data for maintaining and intensifying our trustful business relationship to our mutual benefit.

Should you request deletion of your data, we will delete your data without delay, unless this is prevented by statutory retention requirements.

Your rights as data subject

Under the GDPR, you have the following rights:

  1. Right of access (Art. 15 GDPR)
    The data subject shall have the right to obtain a confirmation as to whether or not personal data concerning him or her are being processed. Where that is the case, he or she has a right of access to these person al data and information laid down in Art. 15 GDPR.

  2. Right to rectification (Art. 16 GDPR)
    The data subject shall have the right to obtain without undue delay the rectification of inaccurate personal data concerning him or her and to have incomplete personal data completed if required.

  3. Right to erasure (Art. 17 GDPR)
    The data subject shall have the right to obtain the erasure of personal data concerning him or her without undue delay, where one of the grounds listed in Art. 17 GDPR applies:

    • the personal data are no longer necessary in relation to the purpose;
    • withdrawal of the relevant consent by the data subject and lack of other legal grounds for the processing;
    • objection to the processing pursuant to Article 21 GDPR by the data subject and lack of overriding legitimate grounds for the processing;
    • unlawful processing of personal data;
    • legal obligation of the controller to erase the data;
    • unlawful data collection under Art. 8 GDPR;

  4. Right to restriction of processing (Art. 18 GDPR)
    The data subject shall have the right to obtain restriction of processing where one of the conditions laid down in Art. 18 GDPR applies, e. g. when the data subject has objected to processing;

  5. Right to object (Art. 21 GDPR)
    The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The personal data shall then not be processed any longer, unless compelling legitimate grounds for the processing can be demonstrated which override the interests, rights and freedoms of the data subject or when the processing serves purposes of the establishment, exercise or defence of legal claims.

  6. Right to data portability (Art. 20 GDPR)
    Under the conditions laid down in Art. 20 GDPR, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided, in a structured, commonly used and machine-readable format or to have those data transmitted to another controller;

  7. Right of withdrawal of a given consent with effect for the future
    The data subject shall have the right to withdraw his or her consent at any time (Art. 7 GDPR), which shall however not affect the lawfulness of processing up to that time.

  8. Right to lodge a complaint with a supervisory authority
    The competent supervisory authority shall be the one responsible for the place of residence of the data subject.
    Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject may assert this right with a supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement.

We hope that we have been of assistance with the exercise of your rights by providing this information. Should you require more detailed information on the data protection regulations, please read our data privacy statement or enquire with the supervisory authority.
Our data privacy officer will be available under datenschutz[at] to answer any further enquiries you may have.

Osterode am Harz, 24 May 2018

Supported by: Data privacy protection configurator of