Data Protection Statement
HAKRO is a medium-sized textiles company. Quality has always been the key characteristic of our products and a value-oriented approach that of our business operations. Our success in the marketplace confirms these convictions.
The family-owned business was founded in 1987 as a limited liability company and has its origins in the textile and retailing company founded in 1969 in Schrozberg by businessman Harry Kroll (HaKro). The business activity of the HAKRO company is the product design, product development, manufacture and marketing of the HAKRO® brand of apparel. The brand is positioned in the high-end segment of the market for corporate fashion and apparel for work, sport and leisure. Our guiding principle as a company is to offer first-class clothing in traditional forms and colours and characterised by proper fit, perfect manufacture, first-quality materials, high durability and long service life. Through our sustainability strategy, we intend to make HAKRO one of the leading sustainable suppliers of corporate fashion in the next few years.
The HAKRO collection includes T-shirts, polo shirts, shirts, blouses, sweatshirts, cardigans and outdoor jackets for ladies, gentlemen and children as well as a special collection for occupational and leasing wear, which is marketed as the "Performance" collection. The garments are worn as Corporate Fashion in occupational use, in merchandising, as uniforms for teams and associations or as leisurewear. Sales are made exclusively through specialist outlets authorised by us in the segments: occupational and leasing apparel, sport and fashion as well as selected advertising retailers and textile finishers. The group of end-users includes virtually all well-known companies in industry, commerce and the trades as well as large organisations in Germany and Europe.
In addition, we manufacture apparel for the own-brands (private label) of other trading corporations and custom-made products to meet special customer requirements as well as offering logistics services to our trading partners.
The HAKRO limited company takes the privacy of your personal data very seriously. We handle your personal data in strict confidence and in accordance with statutory provisions and with this data protection statement.
This data protection statement is to inform you about the type, extent and purpose of data processing. The terms used correspond to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Oberstettener Straße 41
Types of data processed
- Contact data (e.g. christian name/surname, telephone number)
- Contractual and payment data (e.g. address, forms of payment)
- Usage data (e.g. web pages accessed, interests in respect of content, access times)
- Communications data (e.g. IP address, browser version)
Categories of affected persons
Users of this website, e.g. customers, interested parties, employees and suppliers.
Purpose of the processing
- Provision of company information
- Provision of contact possibilities
- Security measures for the protection of the website
- Marketing and analysis of user behavior
Personal data is all information relating to an identified or identifiable natural person (referred to in the following as 'data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Relevant legal framework
The basis of data protection law is the right of an individual to informational self-determination. Pursuant to Article 13 GDPR, we inform you here about the legal bases for our data processing. The legal basis for obtaining consent is Article 6(1a) and Article 7 GDPR, the legal basis for processing in respect of fulfillment of performance and execution of contractual measures as well as for responding to requests is Article 6(1b) GDPR, the legal basis for processing in respect of fulfillment of our legal obligations is Article 6(1c) GDPR and the legal basis for processing in respect of the protection of our legitimate interests is Article 6(1f) GDPR. In the event that the vital interests of the data subject or of another natural person make the processing of personal data necessary, the provisions of Article 6(1d) GDPR shall apply.
Cooperation with third parties or contract processors
In the event that we disclose data to third party individuals or companies (third parties), transmit data to same or otherwise grant them access to data, this shall occur only on the basis of a lawful permission to do so granted by you, when a legal obligation requires this or on the basis of our legitimate interests.
If we charge third parties with the processing of data as contract processors, this shall occur on the basis of Article 28 GDPR.
Transfers to third countries
In the event that we process data in third countries or that such occurs within the framework of our use of third party services or through disclosure or transmission to third parties, this shall occur only where necessary in fulfillment of our contractual or pre-contractual obligations, where you have granted permission or on the basis of our legitimate interests. Given a permissible processing, this will proceed on the basis of specific guarantees, such as, for example, that of a data protection level officially sanctioned as corresponding to EU requirements or in compliance with officially recognised, special contractual obligations.
Rights of data subjects
Right of access (Article 15 GDPR)
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. Where that is the case, he or she shall have the right of access to the personal data and to the information, inter alia: purposes of processing, their origin and recipients and the duration of storage as well as a statement of his or her rights.
Rectification (Article 16 GDPR)
The data subject has the right to demand the rectification or completion of inaccurate personal data.
Erasure (Article 17 GDPR)
Data subjects have the right to demand erasure of their data – for example, when the data is no longer necessary for the purpose for which it was originally collected or processed or when the permission to collect/process has been recinded. As a particular form of the right to erasure, there is now a "right to be forgotten" when the controller has made public the data to be erased. In such case the controller must undertake all reasonable measures to inform all agents processing the data that the data subject demands erasure of all links to the data, all copies and all replications.
Restriction of processing (Article 18 GDPR)
In particular circumstances the data subject can also demand restriction of processing. For example: when the data subject has objected to processing of the data and it has yet to be verified whether the legitimate grounds of the controller override those of the data subject.
Right to data portability (Article 20 GDPR)
Under certain conditions the right to data transfer entitles a data subject to a copy of his/her personal data in a commonly used and machine-readable format.
Complaints (Article 77 GDPR)
Data subjects have the right to lodge a complaint with the responsible supervisory authority.
Withdrawal of consent (Article 7(3) GDPR)
Data subjects have the right to withdraw consent, effective in the future.
Right to object (Article 21 GDPR)
Data subjects can object to the future processing of their data at any time. In particular the objection can be raised against processing for direct marketing purposes.
Erasure of datat
Data processed by us will be erased or subjected to restricted processing in accordance with Articles 17 and 18 GDPR. Unless otherwise explicitly indicated in this data protection statement, data stored by us will be erased as soon as it is no longer necessary for its intended purpose provided, however, that the erasure is not in breach of statutory retention requirements. In the event that the data is not erased because it is required for other, lawful purposes, processing of it will be restricted. This applies, for example, for data which must be retained pursuant to commercial or tax law.
Collection of access data and log files
Based on our legitimate interests (Article 5(1f) GDPR) in ensuring the availability of our web server, we store data about every access to it. The access data includes the name of the page accessed, file name, date and time of the access, data volume, status information, browser type including version, operating system of the user, IP address and, if appropriate, further technical information.
Log files are stored for reasons of security for a period of not more than seven (7) days and then deleted. Data required for evidence is excluded from deletion until final clarification of the incident.
When making initial contact with us (by email, contact form, telephone), specifications made by the user are processed in the course of handling the request and taking the steps necessary for its resolution. The user-supplied data may be stored in software for customer management or a comparable system.
We delete the data stored in conjunction with the request when it is no longer required and there is no statutory requirement to retain it.
Cookies and right of objection in direct marketing
Cookies are small files stored on the user's computer. A variety of information can be stored in cookies. A cookie can be used to store information about a user (such as browser version or the user's interests) not only during a session but also after his/her visit to the website. Cookies can be stored temporarily or permanently.
Data protection statement – Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc, (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, 'Google'). Usage includes the mode 'Universal Analytics', which allows dates, sessions and interactions on multiple machines to be correlated to a pseudonymous user-ID, thus enabling a device-independent analysis of the user's activity. This data protection statement was made available by www.intersoft-consulting.de.
Google Analytics uses so-called cookies, text files which are stored on your computer and which make possible an analysis of your use of the website. The information in the cookie concerning your use of this website will normally be transmitted to a Google server in the USA and stored there. In the case where IP anonymising is activated on this website, your IP address will be truncated prior to transmission by Google from within the member countries of the EU or other signatory countries to the Agreement on the European Economic Area. Only in exceptional circumstances will the complete IP address be transmitted to a Google server in the USA and truncated there. The IP address provided by your browser in the Google Analytics context will not be combined with other Google data. Acting on behalf of the provider of this website, Google will use this information to evaluate the use of the website, to prepare reports about activity on the website and to provide other services to the provider in conjunction with use of the website and use of the Internet. These purposes constitute also our legimate interests in the data processing. The legal basis for the use of Google Analytics services is §15(3) German Telemedia Act and Article 6(1f) GDPR. Data linked to cookies, login names (e.g. user ID) or advertising ID's transmitted by us is deleted automatically after 14 months. The deletion of data which has reached the end of its retention period is performed automatically once a month. More information regarding conditions of usage and data protection is available at www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de
You can inhibit the storage of cookies by a corresponding setting in your browser software; we would advise, however, that in this case you may not be able to make full use of all the functionality provided by this website. In addition, you can prevent transmission to Google of the data generated by the cookie relating to your use of the website (including the IP address) as well as processing of this data by Google by downloading and installing the browser add-on.
Opt-Out cookies will inhibit collection of your data when visiting this website. To inhibit collection by Universal Analytics across multiple devices, Opt-Out must be activated on all systems used. Clicking on the link installs the Opt-Out cookie.
Data protection statement – Imgix
We make use of imgix, which is a service for optimising graphics in real time. For this purpose your IP address is transmitted to imgix (imgix Inc., 423 Tehama St, San Francisco, CA 94103, USA). The service has committed itself to abiding by the European data protection guidelines and is also a party to the Privacy Shield Agreement. Questions on data protection issues will be answered at firstname.lastname@example.org.
Data protection statement – TypeKit
For display of the website offering, the font "Concorde" from the Adobe Typekit service is used. In the course of Typekit service provision, no cookies are generated or used in order to make the font available.
When providing the Typekit service, Adobe can collect data about the fonts (here "Concorde") made available on the server. The data is used for accounting purposes and to monitor adherence to regulations and may include the following: available fonts, font ID, account ID, service providing the fonts (e.g. Typekit oder Edge Web Fonts), application requesting the font (e.g. Adobe Muse), server making the font available (e.g. Typekit server or Enterprise CDN), hostname of the page into which the font is loaded. If the Do-Not-Track flag is set in the browser, no external webfonts will be loaded without permission but rather alternative fonts will be used.
Officer responsible for data protection
In case of questions, you can also approach our officer responsible for data protection directly: