Privacy Policy

HG Baunach GmbH & Co. KG takes the protection of your data very seriously. As a German company, we are particularly bound by the General Data Protection Regulation (GDPR) . This privacy policy informs you about the nature, scope and purpose of the processing of personal data within our online services and the associated websites, apps, functions and content, as well as external online presences such as social networks (hereinafter collectively referred to as the “offer”).

In the following, we use terms such as “personal data” or its “processing” in accordance with their definitions in Article 4 of the GDPR.

The controller responsible for data processing is In the following, we use terms such as “personal data” or its “processing” in accordance with their definitions in Article 4 of the GDPR.

The controller responsible for data processing within the meaning of the GDPR is:

Rheinstraße 7
D-41836 Hückelhoven
Telephone: +49 (0)2433 / 970-210
Fax: +49 (0)2433 / 970-219
Email: [email protected]

Mönchengladbach Local Court HRA 4731
General partner: HG Baunach GmbH
Mönchengladbach Local Court HRB 9037
Managing Director: Hans-Georg Baunach

Our data protection officer is:

Peter Nolte
Rheinstraße 7
D-41836 Hückelhoven
Telephone: +49 (0)2433 / 970-210
Email: [email protected]

We only process personal data in compliance with the applicable data protection regulations. The data processed as part of our offering includes inventory and contact data (e.g. the email addresses of registered users users), content data (e.g. project data), contract data (e.g. quotations and orders) as well as usage and communication data (e.g. log files with IP addresses).

The categories of persons affected by the processing include customers as well as visitors and users of our services, whom we refer to collectively as “users” below. The purpose of the processing is to provide the services, perform contractual services, service and customer care, respond to contact enquiries and communicate with users, and implement security measures. The purpose of the processing is to provide the service, perform contractual services, provide service and customer care, respond to contact enquiries and communicate with users, implement security measures, and for marketing and advertising purposes.

If you wish to object to the collection, processing or use of your data by HG Baunach GmbH & Co. KG in accordance with the data protection regulations as a whole or for individual measures, please send your objection by letter to the following contact details: data protection provisions in general or for individual measures, please send your objection by letter to the following contact details:

Rheinstraße 7
Haus 2.5 im GSZH
D-41836 Hückelhoven

1. Legal basis

In accordance with Art. 13 GDPR, we hereby inform you of the legal basis for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the fulfilment of our services and the implementation of contractual measures as well as responding to enquiries is Art. 6(1)(b) GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

2. Changes and updates to the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require action on your part (e.g. consent) or other individual notification.

3. Security measures

3.1 In accordance with Art. 32 GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk. This is done taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the the varying likelihood and severity of the risk to the rights and freedoms of natural persons. The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to it, input, disclosure, security of availability and separation. We have also established procedures to ensure the exercise of data subjects’ rights, the deletion of data and the response to data breaches. Furthermore, we take into account the nature, scope, context and purposes of processing. availability and their separation. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, the deletion of data and the response to data breaches. We also take the protection of personal data into account at the design stage, during development and when selecting hardware and software – in accordance with the principle of “data protection through technology design and privacy-friendly default settings” (Art. 25 GDPR).

The security measures include, in particular, the fully encrypted transmission of data between your browser and our servers on all pages using HTTPS and HSTS , the use of dedicated servers located in Germany, and the regular installation of software updates.

3.2 For security and fraud protection reasons, we store IP addresses and user agents for contact enquiries, double opt-in confirmations, registration attempts and logins.

3.2 For security and fraud protection reasons, we store IP addresses and user agents for contact enquiries, double opt-in confirmations, login attempts and security-related events such as password reset or email reset functionality.

All personal data collected here, such as your IP address, will be deleted after 6 months at the latest. All personal data collected here, such as your IP address, will be deleted after 6 months at the latest. 3.3 For all forms, we use Cloudflare Turnstile as a captcha system to protect against automated

3.3 For all forms, we use Cloudflare Turnstile as a captcha system to protect against automated requests. This function is provided by Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA.

4. Cooperation with processors and third parties

4.1 If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b GDPR), if you have given your consent, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using server providers, etc.).

4.2 If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

4.3 If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this is only done in accordance with the legal requirements.

Subject to express consent or legal or contractual permissions, we only process or have data processed in a third country if the requirements of Art. 44 et seq. GDPR are met. Subject to express consent or legal or contractual permissions, we only process or have the data processed in a third country if the requirements of Art. 44 ff. GDPR are met. This means that processing only takes place in third countries with a recognised level of data protection, with contractual obligations through so-called standard data protection clauses, if certifications or binding internal data protection regulations are in place. obligation through so-called standard data protection clauses, in the presence of certifications or binding internal data protection regulations.

5. Collection of access data and log files

5.1 We collect data about every access to our offer. Here you will find a list of the data collected:

Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in analysing and optimising our offering and ensuring the stability, functionality and security of our offering and our servers.

5.2 We delete this data after 180 days at the latest.

5.3 This data will not be passed on to third parties unless we are legally obliged to do so in accordance with Art. 6 (1) (c) GDPR or this is absolutely necessary for the assertion and pursuit of our claims.

6. Web analysis services

6.1 We use a web analysis system developed in-house to improve our online offering and for statistical analysis of page usage. Only the following information is collected anonymously or under a pseudonym:

This data is not merged with other personal data. The session ID is used exclusively for temporary session allocation and does not enable user tracking across sessions or devices.

No link is made to personal data. Processing is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR to provide our services in a stable, secure and user-friendly manner.

The processing is based on Art. 6 (1) lit. f GDPR and our legitimate interest in improving the stability, security and user-friendliness of our website. The data will not be passed on to third parties.

6.2 In addition, we use

Cloudflare Web Analytics , a privacy-friendly service provided by Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA. Cloudflare Analytics collects aggregated and anonymised usage data without setting cookies or tracking visitors across multiple pages.

Processing is based on Art. 6 (1) (f) GDPR and our legitimate interest in improving the stability, security and user-friendliness of our website. The data is not passed on to third parties.

7. Cookies

7. Cookies

7.1 Cookies are pieces of information sent from our server or third-party servers to your browser and stored there for later retrieval. So-called session cookies are only stored temporarily by your browser and are automatically deleted when you close your browser; other cookies remain even after you close your browser. Our website uses only technically necessary cookies. These are required for the proper functioning of the website and cannot be deactivated. Our website only uses cookies that are technically necessary. These are required for the proper functioning of the website and cannot be deactivated.

7.2 To use our service without a user account, a so-called session ID is automatically generated. This is stored in a temporary session cookie, which is used exclusively for technical session management and anonymous reach measurement within a session. The cookie does not contain any personal data, does not enable user identification and is automatically deleted when the browser is closed. Consent is not required for this in accordance with Section 25 (2) No. 2 TTDSG. 7.3 Cookies are essential for using our website with a user account so that you can remain logged in across multiple page views.

7.3 Cookies are essential for using our service with a user account so that you can remain logged in across multiple page views. The following cookies are set for this purpose:

7.4 If you activate the Instagram feed on our website, the cookie ’ instagram-embed-enabled ’ is set. This cookie is automatically deleted when the feed is deactivated.

7.5 If you activate the Google Maps embed on our website, the cookie ’ gmaps-embed-enabled ’ is set. This cookie is automatically deleted when the embed is deactivated.

7.6 The use of cookies and processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the performance of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of our offer and customer-friendly use by you. 7.7 In addition, you can configure your browser to completely reject cookies. Please note, however, that you will then not be able to use all the functions of our offer. 7.8 You can also configure your browser to completely reject cookies. Please note, however, that you will then not be able to use all the functions of our offer. 7.9 You can also configure your browser to completely reject cookies. Please note, however, that you will then not be able to use all the functions of our offer.

7.7 In addition, you can configure your browser to completely reject cookies. Please note, however, that you will then not be able to use all the functions of our website. For information on how to delete cookies that have already been stored, please refer to the documentation for your browser: Chrome, Edge, Firefox, Internet Explorer, Safari (iOS, Mac).

8. Embedded content from third-party providers

8.1 On individual pages (e.g. on the home page), we use so-called “embeds”, i.e. we integrate content from third-party providers directly into our website. These embeds are inactive by default and must be explicitly activated by you, i.e. we obtain your consent in accordance with Art. 6 para. 1 lit. a GDPR. These embeds are inactive by default and must be explicitly activated by you, i.e. we obtain your consent in accordance with Art. 6 (1) (a) GDPR. In doing so, it is technically unavoidable that the respective third-party provider learns your IP address so that it can deliver the content directly to you.

8.3 Below, we list which third-party providers’ embeds are integrated into individual pages of our website.

9. Use of a user account (B2B)

9.1 With a user account, you as a specialist partner gain access to our extended download and product

area, as well as the opportunity to manage your projects and coordinate with us for the best possible advice.

9.2 We process inventory data (e.g. your email address) and contract data for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 (1) (b) GDPR. The storage of the content you publish and its provision is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR.

9.3 Registration is required to use our B2B services. During registration, the mandatory information required is taken from the form displayed.

9.3 Registration is required to use our B2B services. When registering, the necessary mandatory information, which is reduced to a minimum, is taken from the form displayed.

During the registration process, we will send you an email asking you to confirm your email address by clicking on a link. This confirmation is necessary to ensure that no one can register with someone else’s email address. a link. This confirmation is necessary so that no one can register with someone else’s email address. (so-called double opt-in procedure ). We must log the time of the double opt-in and the IP address used for this purpose due to legal requirements based on Art. 6 (1) (c) GDPR in order to be able to prove the double opt-in.

The following data is collected during registration:

9.4 The data collected during the double opt-in procedure at , such as your IP address, are stored for 6 months for security and fraud protection reasons.

9.5 After registration, you can create projects and store the following data:

If you send us enquiries via the system registration form or in the specialist partner area, your details from the enquiry form, including the contact and project data you have provided there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We will not pass on this data without your consent.

10. Contacting us

10.1 When you contact us by e-mail, your details will be processed for the purpose of handling the contact enquiry and its processing in accordance with Art. 6 (1) lit. b GDPR. If your contact serves to conclude a contract or if you have questions about an existing contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

10.2 When you contact us via our contact form, we collect the following data:

10.3 Our email provider for our online services is the German company all-inkl.com.

11. Download tracking

To protect our business model, we track downloads of our hydraulic plans. The user ID is linked to the download to prevent misuse.

12. Newsletter data

12. Newsletter data

If you would like to receive the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected. We use this data exclusively for sending the requested information and do not pass it on to third parties. We use this data exclusively for sending the requested information and do not pass it on to third parties.

We use rapidmail to send our newsletter. Your data will therefore be transmitted to rapidmail GmbH. . rapidmail GmbH is prohibited from using your data for any purpose other than sending the newsletter. rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider that has been carefully selected in accordance with the requirements of the GDPR and the BDSG. You can revoke your consent to the storage of your data, your email address and its use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter or by sending a message.

You can revoke your consent to the storage of your data, your e-mail address and its use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter or by sending us a message. You can find the contact details for this in our legal notice.

13. External services and third-party providers

13.1 We use Cloudflare to protect our website and infrastructure. In addition to its function as a content delivery network (CDN), we also use other security services at the network level, such as DDoS protection, rate limiting and web application firewall. Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA

13.2 For smooth web analytics tracking, we use Amazon Web Services (AWS) exclusively in the Frankfurt (eu-central-1) region. Amazon Web Services Inc., 410 Terry St, San Francisco, CA 94107, USA

13.2 For smooth web analytics tracking, we use Amazon Web Services (AWS) exclusively in the Frankfurt region (eu-central-1). Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, USA

13.3 Our servers are hosted by the German company Hetzner in Germany and Finland. Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

13.3 Our servers are hosted by the German company Hetzner in Germany and Finland. Hetzner

Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

13.4 We use All-Inkl.com to send emails for our online services. ALL-INKL.COM - Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany

13.5 We use S3-compatible services from Amazon AWS S3, Hetzner Object Storage and Cloudflare R2 for data storage and provision.

14. Processing of data (customer and contract data)

We collect, process and use personal data only to the extent that it is necessary for the establishment, content or modification of the legal relationship (inventory data). We collect, process and use personal data about the use of our websites (usage data) only to the extent that this is necessary to enable the user to use the service or to bill for it.

15. Data transfer upon conclusion of a contract for online shops, retailers and goods dispatch

We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to companies entrusted with the delivery of goods or the credit institution responsible for payment processing. No further transfer of data takes place, or only if you have expressly consented to the transfer. explicitly consented to the transfer. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes.

16. Information, deletion, blocking

You have the right to receive information about your stored personal data, its origin and recipients, and the purpose of data processing, free of charge at any time, as well as the right to correct, block or delete this data. You can contact us at any time with any further questions you may have about personal data. origin and recipients, and the purpose of data processing, as well as a right to correction, blocking or deletion of this data. You can contact us at any time at the above address with any questions you may have on this subject or on the subject of personal data.

17. Changes to this privacy policy

We reserve the right to change this privacy policy in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies to statements regarding data processing. If the user’s consent is required or if the privacy policy contains provisions regarding the contractual relationship with users, the changes will only be made with the user’s consent. contain provisions of the contractual relationship with users, the changes will only be made with the consent of the users.

Status: 26 July 2025