1 General information
1.1 Responsible body
The responsible body is Carl Hanser Verlag GmbH & Co. KG, Kolbergerstrasse 22, D-81679 Munich, Tel.: +49 (0)89 99830-0, Fax: +49 (0)89 984809, Email: firstname.lastname@example.org, Court of Registry Munich HRA 49621, hereinafter referred to as "we" or "us".
1.2 Categories of processed personal data
Personal data is any information that relates to an identified or identifiable natural person. We process the following data in our online services:
- Master data, e.g. name, address
- Communication data such as telephone, fax, email
- Order and contract data such as book orders, journal orders, booking of participation in events
- Billing data such as bank details, means of payment
- Purchase history such as products and services that you have purchased from us in the past
- Usage data such as visited websites, interest in content, access times
- Metadata such as device information, IP addresses.
No special categories of data (Article 9 (1) GDPR) are processed.
1.3 Categories of data subjects
In our online services we process data related to the following groups of people:
- Customers and prospects
- Visitors and users of the online services.
In the following, we also refer to the persons affected as "users".
1.4 Purpose of processing
We process your personal data for the following purposes in accordance with the following relevant legal bases:
- providing the online services, its contents and functions
- Provision of contractual services (possibly in connection with registration), service and customer care
- Answering contact requests and communicating with users
- Marketing, advertising and market research
- Safety measures
1.5 Relevant legal bases
2 Security measures
We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the enjoyment of data subject rights, data erasure and data vulnerability response. Security measures include the encrypted transfer of data between your browser and our server.
3 Disclosure of data to third parties and order processing
If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (e.g. when a transmission of the data to third parties, such as delivery service providers, is required pursuant to Art. 6 (1) lit. b GDPR to fulfill the contract), if you have consented to this, if a legal obligation requires this or on the basis of our legitimate interests (e.g. when using web analysis and range measurement).
4 Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure or transmission of data to third parties, this is done only if it fulfils our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special conditions of Art. 44 et seq. GDPR apply. This means, for example, that the processing is based on special guarantees such as the officially recognized level of data protection which corresponds to EU standards (e.g. through the "Privacy Shield" in the USA) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
5 Rights of data subjects
As the data subject you have a right to information about stored data (Art. 15 GDPR) and under certain conditions to correction (Art. 16 GDPR), cancellation (Art. 17 GDPR), limitation of processing (Art. 18 GDPR), objection to processing (Art. 21 GDPR) and data portability (Art. 20 GDPR).
If you have given us consent to the processing of your data, you can revoke this at any time with effect for the future, the legality of the processing of your data until the revocation remains unaffected.
5.2 Right of objection
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes. This also applies to the profiling, as far as it is associated with such direct advertising. Furthermore, there is a right to object to the processing on the basis of Art. 6 (1) lit. f GDPR (legitimate interests). We will then cease processing your data unless we can demonstrate compelling, legitimate reasons for further processing that outweigh your interests, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
5.3 Cookies and right to object to direct advertising
5.4 Right of complaint
According to Art. 77 GDPR, you have the right to file a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or the supervisory authority responsible for us. This is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
5.5 Deletion of data
According to legal requirements, the storage takes place for six years in accordance with § 257 (1) HGB [German Commercial Code] (such as trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents) and for 10 years in accordance with § 147 (1) AO [German Fiscal Code] (such as books, records, management reports, accounting records, commercial and business letters, documents relevant to taxation).
6 Provision of contractual services
We process master data (such as name, addresses), communication data (such as telephone, fax, email) as well as contract, order and billing data (such as used services or products) for the purpose of fulfilling our contractual obligations and services acc. to Art. 6 (1) lit. b GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract. The deletion takes place after expiration of legal guarantee and comparable obligations, the necessity of the storage of the data is checked regularly; in the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (six years) and tax law (10 years) retention obligation); information in the user account remains until it is deleted.
Users can create a user account, depending on the functional range provided, for example, to create shopping lists, to display content available for download or to manage contents. As part of the registration, the required mandatory information will be communicated to the users. If users have terminated their user account, their data will be deleted with respect to the user account, unless their retention is necessary for commercial or tax law reasons under Art. 6 (1) lit. c GDPR. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.
As part of the registration and re-registration and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c GDPR.
We process usage data (e.g. the visited web pages of our online services, interest in our products) and master, communication, order and contract data (e.g. existing orders) for advertising purposes in a user profile in order to provide users with e.g. product references based on the products and services they have previously purchased.
When contacting us by contact form, email or by mail, we process the information of the user to complete the contact request as per Art. 6 (1) lit. b GDPR.
If no contractual relationship is established, personal data will be deleted after processing the contact request, if this is no longer required. This also applies to unsolicited manuscripts sent to the publisher. In the case of legal archiving obligations, the deletion takes place after its expiration.
In the case of the transmission of application documents the data are processed on the basis of § 26 (1) sentence 1 of the new BDSG [German Data Protection Act]. The provision of the personal data is necessary for the assessment of the suitability for the vacancy and thus for a possible conclusion of the contract. Failure to provide the data would mean that the application for the vacancy cannot be considered. The personal data is transferred to the following recipients:
- The responsible employees in the human resources department
- The supervisor(s) of the position you are applying for
- The works council as per § 99 BetrVG [German Works Council Constitution Act]
The data is stored until the application process is completed and beyond that for six months.
With the following information we inform you about the content of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.
Content of the newsletter: We send newsletters, emails and other electronic notifications with editorial or promotional information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. Insofar as the contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally, our newsletters may also contain information about our products, offers, promotions and our company.
Credentials: In order to register for the newsletter, it is sufficient to enter your email address. Optionally, we ask for a salutation and a name in order to address you personally in the newsletter.
Double opt-in and logging: Registration for our newsletter takes place via a so-called "double opt-in procedure". This means you will receive an email after logging in to ask for confirmation of your registration. This confirmation is necessary so that nobody can register using somebody else’s email address. The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the email service provider will be logged.
Emailing service: The newsletter is sent by emarsys suite, a product of Emarsys eMarketing Systems GmbH, Hans-Fischer-Straße 10, D-80339 Munich.
Measuring success: Each newsletter sent includes a so-called "web beacon", i.e. a pixel-sized file, which is retrieved from the server of the email service provider when the newsletter is opened. This will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can in fact be assigned to the individual newsletter recipients. However, it is neither our endeavor nor that of the email service provider to observe individual users. The evaluations serve us rather to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The dispatch of the newsletter and the success measurement are made on the basis of a consent of the recipients as per Art. 6 (1) lit. a, Art. 7 GDPR in conjunction with § 7 (2) no. 3 UWG [Law Against Unfair Competition] or on the basis of the statutory permission pursuant to Art. § 7 (3) UWG.
The logging of the registration process is based on our legitimate interests in accordance with Art. 6 (1) lit. f GDPR and serves as proof of consent to the receipt of the newsletter.
Termination/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent at any time with effect for the future. A link to cancel the newsletter can be found at the end of each newsletter.
9 Download materials and request for review copies
9.1 Download materials
As part of our online services, we offer you the free download of materials such as white papers, free e-books, book covers or selected subject dissertations. In some cases, registration may be required. For this it is necessary that you set up a user account. As part of the registration, the required mandatory information will be communicated to the users. If users have terminated their user account, their data will be deleted with respect to the user account, unless their retention is necessary for commercial or tax law reasons under Art. 6 (1) lit. c GDPR. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.
As part of the use of the downloads, we save the IP address and the time of each user action; if you are registered as a customer, we also save information about the use made in your user account. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c GDPR or you have given us your consent in accordance with Art. 6 (1) lit. a GDPR.
9.2 Request for review copies
When we are contacted for the request of review copies by contact form, email or by post, we process the information of the user to process the request in accordance with Art. 6 (1) lit. b GDPR.
If we refrain from providing review copies, personal data will be deleted after processing the contact request, if these are no longer required. In the case of legal archiving obligations, the deletion takes place after its expiration.
In certain cases (lecturer portal), a user account can be created for the administration of review copy requests and additional materials. As part of the registration, the required mandatory information will be communicated to the users. If users have terminated their user account, their data will be deleted with respect to the user account, unless their retention is necessary for commercial or tax law reasons under Art. 6 (1) lit. c GDPR. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.
10 Online presence in social media
We maintain an online presence within social networks and platforms in order to communicate with customers, prospects and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.
11 Comments and posts
If users leave comments or other posts, their IP addresses are saved for ninety days based on our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR. This is for our security if unlawful content is posted in comments and posts (such as insults or prohibited political propaganda). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
12 Collection of access data and log files
We save data on every access to the server on which this service is located (so-called "server log files") based on our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR. The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Logfile information is stored for security purposes (e.g. to investigate abusive or fraudulent activities) for a maximum of ninety days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.
We use so-called cookies on our website. Cookies are small text files that are stored on the user's computer.
We use both our own cookies and third-party cookies. The cookies are used to
- offer you functions such as a registration or a cross-site shopping cart display and ensure the optimal presentation of our web pages.
- evaluate the usage behavior anonymously with the support of analysis tools and further develop our user-oriented web pages.
- include advertising on our website with an AdServer.
13.1 Which cookies we use
We use session cookies and persistent cookies. For example, the session cookies allow us to identify and authorize you after a successful login in a secure area for the entire duration of your visit or to offer you a cross-site shopping cart and notepad in a webshop. The session cookies are deleted when the browser is closed. Persistent cookies allow us, for example, to store your credentials. This means that when you return to a page, you can return to your entered data and settings. Persistent cookies are stored for a limited period of time.
13.2 Usage-based online advertising
Usage-based online advertising serves the purpose of displaying optimized online advertising to site visitors by analyzing anonymized or pseudonymized data regarding the use of a website based on their possible preferences and interests. Cookies are also used for this purpose. These cookies are mainly used to track the preferences of the site visitors with regard to usage-based online advertising, which can be used to optimize the design of the website.
Thus, the content of a website can be tailored to the needs of individual visitors, improving our online services. The corresponding data are pseudonymous or anonymous – which means we and the individual third-party companies do not require separate consent to use-based online advertising (§ 15 (3) Telemedia Act).
13.3 Pixel tags / web beacons on banner ads
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) lit. f GDPR), we make it possible for the advertising company or its agency to use so-called pixel tags (invisible graphics, also referred to as "web beacons") in the banner advertising on our online services for statistical or marketing purposes.
Through the "pixel tags", information can be evaluated directly by the advertising company or its agency – for example, how often the banner is clicked. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online services. The corresponding data is pseudonymous in nature, which means that we and the individual advertising companies do not require separate consent to usage-based online advertising (§ 15 (3) Telemedia Act).
13.4 Deactivation of cookies
14 Analysis and reach measurement
In order to develop the offer on our website even more optimally, make your visit as interesting as possible, as well as carry out reach measurements, we use technical aids for the recognition and interpretation of user behavior. In the following, we explain what these means are and how they handle your personal data.
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) lit. f GDPR) we use the analysis service "etracker" of etracker GmbH, Erste Brunnenstraße 1, D-20459 Hamburg.
From the data processed by etracker, user profiles can be created under a pseudonym. Cookies can be used for this purpose. The cookies make it possible to recognize your browser. The data collected with the etracker technologies will not be used without the separate consent of the person concerned to personally identify visitors to our website and will not be combined with personal data about the bearer of the pseudonym. Furthermore, the personal data will only be processed for us, i.e. not combined with personal data collected within other online services.
Data collection and storage by this application may be objected to at any time with future effect. Link: http://www.etracker.de/privacy?et=aSVrFs
14.2 Google Ad Manager
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) lit. f GDPR) we use Google „Ad Manager“of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
This web analytics service allows us to measure and optimize the delivery of advertising on this website, e.g. the number of clicks on an advertisement or how often an advertisement was delivered to a single site visitor.
Data collection and storage by this application may be objected to at any time with future effect. Link: https://www.youronlinechoices.com/en/your-ad-choices/
You can also opt out of interest-based advertising through Google Marketing Services by adjusting Google's settings and opt-out options: https://adssettings.google.com/authenticated.
15 Integration of services and contents of third parties
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) lit. f GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, such as embedded videos or links to their offers (hereinafter referred to collectively as "content"), within our online services. For this purpose, the third-party providers of this content need to perceive the IP address of the users, since otherwise they cannot send the content to their browser. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online services, and may be combined with such information from other sources.
15.1 Payment services
If our customers use the payment services of third parties (e.g. PayPal), the terms and conditions and the privacy notices of the respective third-party providers apply, which are available within the respective websites or transaction applications.
15.2 Acquisition of reprint permits
15.3 Facebook social plugins
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) f GDPR) we use social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook"). The plugins can represent interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white "f" on blue tile, the term "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user activates a feature of these online services that includes such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by it into the online services. In the process, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and therefore inform the users according to our knowledge.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online services. If the user is logged in to Facebook, Facebook can assign the page visit to the user’s Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will retrieve and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany.
Users who are Facebook members and do not want Facebook to collect data about them via these online services and link it to their member data stored on Facebook, they must log out of Facebook and delete their cookies before using our online services. Additional settings and objections regarding the use of data for promotional purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US-American site https://www.aboutads.info/choices/ or the EU site https://www.youronlinechoices.com/de/praferenzmanagement/ . The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
15.8 Hanser eSolutions
Our online services include the use of our Hanser eSolutions. The Hanser eSolutions offer thematic organization, searchability and text editing. We offer its use in demo mode, test mode or at cost. Data may be collected on the basis of a sales contract in demo or test mode for purposes of first sales, always compliant with Art. 6 (1) lit. b GDPR. We offer support and will answer your questions justified by our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We will also obtain feedback on your user experience, based on our user contract with you or for pre-contractual purposes: Art. 6 (1) lit. b GDPR.
Nature and purpose of the data
Hanser eSolutions will process and store any personal data you may enter after your registration as a user or any data that may automatically accrue in the course of your use. We use such data to provide the content you request and process. The following data will be collected for the above purposes: master data such as surname, first name, e-mail, capacity/position in the company. Any processing you may perform in Hanser eSolutions, such as hit lists, searches, marked text sections, comments and notes, compilation of text.
Any information of a general nature will be automatically collected when you access Hanser eSolutions. Such information may, for instance, include your type of web browser, operating system, IP address and the like. These data must be processed to allow perfect use of the learning platform and to ensure system security. We will not use your data to garner information about your person. We may evaluate information of this kind statistically to optimize Hanser eSolutions and its underlying technology.
Processing will be compliant with Art. 6 (1) lit. f GDPR as justified by our legitimate interest in improving the stability and functionality of our learning platform.
We are using service providers based within the EU to operate our Hanser eSolutions; serving as processors as defined in Art. 28 GDPR. The companies are innoversum Betriebsoptimierungs GmbH, Dr.-Stichl-Weg 12/1. 8043 Graz, Austria and Michael Stienemann, Kantstraße 27, 48565 Steinfurt.
The above access data will be deleted after 3 months. This excludes data we may require to trace issues related to security. Such data will be deleted after 6 months at most.
Prescribed or mandatory provisioning
Provisioning of the aforementioned personal data is not mandatory or required under the contract. The service and functionality of Hanser eSolutions cannot, however, be guaranteed without these data. This is why we cannot accept objections.
Cookies are small text files that your browser stores on your computer. Cookies are not harmful to your computer and contain no viruses. Cookies are designed to make our offer more user-friendly, more effective and more secure. Our functional cookies are necessary to run the Hanser eSolutions and allow us to fulfill the contract between us. Cookies will be automatically deleted when you end your visit, yet no later than after one month.
On our website, we use the LamaPoll application from the provider Lamano GmbH & Co. KG, Frankfurter Allee 69, 10247 Berlin, Germany. With the assistance of the survey tool LamaPool, online forms for surveys can be created and the surveys can be executed without further personal information. Information: https://www.lamapoll.de/Support/Datenschutz.
16 Contact and Data Protection Officer
For inquiries about the handling, extent or origin of your personal data, or for the purpose of deletion (as far as possible according to legal requirements), blocking or modification, please contact our Data Protection Officer:
Carl Hanser Verlag GmbH & Co. KG
Tel: +49 89 99830-0
Fax: +49 89 984809
As of: October 20, 2022