Legal

Privacy Policy

As of May 2026

This privacy policy describes what personal data we process on this website and for what purpose. It applies to the website at www.hs-maschinentechnik.de.

1. Responsible entity

Responsible for data processing on this website is:

H&S Maschinentechnik GmbH
represented by the managing director Rüdiger Heise
Kranichborner Str. 12
99195 Großrudestedt
Germany

Phone: +49 (0) 36204 / 7100-14
Email: info@hs-maschinentechnik.de

The responsible entity decides alone or jointly with others on the purposes and means of processing personal data.

2. Overview of data processing

On this website we use:

  • Hosting with server log files (STRATO)
  • Contact form with email delivery via PHP
  • locally hosted fonts (Inter, self-hosted)
  • Google Maps (embedded map on the contact page, only with consent)
  • technically necessary session cookies for CSRF protection of the contact form
  • Google Ads conversion tracking to measure advertising enquiries (leads) – only with consent
  • consent banner to control optional services

Optional services (Google Maps, Google Ads) are only loaded after your consent via the cookie banner. Fonts are provided locally from our server. We do not use Google Analytics, no embedded YouTube videos and no social media plugins. In the footer we only link to our profiles on YouTube, Facebook and Instagram.

3. Your rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent given (Art. 7 para. 3 GDPR)

To exercise your rights, an informal message to info@hs-maschinentechnik.de is sufficient. If you have given consent, you may withdraw it at any time with effect for the future. The lawfulness of processing carried out until withdrawal remains unaffected.

Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority. For our company, the following authority is particularly responsible:

Thuringian State Commissioner for Data Protection and Freedom of Information
Höppelsberg 1
99084 Erfurt

https://www.lda.thueringen.de

4. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. Data you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the “https://” address in your browser’s address bar and by the padlock symbol in the browser bar.

5. Hosting and server log files

This website is hosted by STRATO AG, Pascalstraße 10, 10587 Berlin, Germany. When you visit our website, the hosting provider automatically collects information in so-called server log files transmitted by your browser. This may include:

  • page or file accessed
  • date and time of the request
  • browser type and version
  • operating system used
  • referrer URL
  • hostname of the accessing computer
  • IP address

Processing is carried out to ensure trouble-free operation of the website and to defend against attacks (Art. 6 para. 1 lit. f GDPR). Log data is stored only as long as necessary for the respective purpose and is not merged with other data sources.

6. Contact form

If you send us a message via the contact form at contact, we process the data you enter:

  • Name (required)
  • Company (optional)
  • Email address (required)
  • Phone number (optional)
  • Message (required)
  • Confirmation of the privacy policy (required)

The data is transmitted by email to an internal recipient at our company and used to process your enquiry. Data is not passed on to third parties unless you have expressly consented or we are legally obliged to do so.

The legal basis is your consent by activating the checkbox in the contact form and by submitting the enquiry (Art. 6 para. 1 lit. a GDPR). In addition, processing may be necessary for pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

To protect against misuse we use a honeypot field (invisible to humans), CSRF protection via a technically necessary session, and IP-based rate limiting. The session is used exclusively to secure the form.

We retain the data until your enquiry has been fully processed, you request deletion, you withdraw your consent, or storage is no longer required for legitimate business reasons. Statutory retention periods remain unaffected.

7. Fonts (self-hosted)

For a consistent presentation we use the Inter typeface. The font files (WOFF2) are loaded directly from our web server at assets/fonts/ and not from external providers such as Google Fonts.

No data is transmitted to third parties when the page is loaded and no separate cookie consent is required for the fonts. The legal basis is our legitimate interest in a consistent and professional presentation of our website (Art. 6 para. 1 lit. f GDPR).

8. Google Maps

On our contact page we embed a map from Google Maps to show you our location. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The map is only embedded after you accept external content in the cookie banner. A connection to Google servers is then established and your IP address and other technical data may be transmitted to Google. The legal basis is your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG).

If you do not wish to load the map, select “Only necessary” or use the contact details given in the imprint. Further information on data processing by Google Maps:

https://policies.google.com/privacy?hl=en

9. Links to social media profiles

On our website we link to our profiles on YouTube, Facebook and Instagram. These are simple links only. When you merely visit our website, no content from these networks is embedded and no automatic data transmission to the respective providers takes place.

The privacy policies of the respective provider apply only when you click a link and visit the external site.

10. Cookies, local storage and consent banner

On your first visit we show a privacy banner with the options “Only necessary” and “Accept all”. We store your choice locally in the browser (localStorage, key hs_consent_v1) so we do not have to ask you on every visit.

Technically necessary session cookies are used for CSRF protection of the contact form when you use the form or call contact.php. These cookies are deleted at the end of your browser session. The legal basis is Art. 6 para. 1 lit. f GDPR (protection against misuse) or Art. 6 para. 1 lit. b GDPR.

Marketing and statistics cookies from Google Ads are only set after your consent via “Accept all”. Without consent the Google tag is not loaded.

You may withdraw your consent at any time with future effect by reopening the privacy settings and selecting “Only necessary” or deleting website data in your browser.

11. Google Ads and conversion tracking

If you select “Accept all” in the cookie banner, we use Google Ads (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, USA) to measure the effectiveness of our advertisements. The Google tag (gtag.js) with ID AW-1056355232 is then loaded.

Google may set cookies or use similar technologies and, among other things, process your IP address, information about the device/browser used and your on-site behaviour.

A conversion is counted in particular when, after submitting the contact form, you visit our confirmation page (thank you). This allows us to measure whether specific contact enquiries (“website lead”) arise from advertising contacts.

The legal basis is your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG). Personal data may be transferred to the USA. Google relies on appropriate safeguards pursuant to Art. 46 GDPR. We also use Google Consent Mode with storage denied by default until you agree.

You can prevent Google from storing cookies by adjusting your browser settings. You can also disable interest-based advertising from Google at https://adssettings.google.com . Further information: https://policies.google.com/privacy?hl=en

12. No separate web analytics tool

Regardless of Google Ads, we do not use a separate analytics tool such as Google Analytics.

13. Changes to this privacy policy

We reserve the right to amend this privacy policy if our website, the services used or legal requirements change. The current version is always available on this page.

Note: This privacy policy has been adapted to the current state of the website. For a binding legal review we recommend review by a lawyer specialising in data protection law.