Privacy policy of Carl Hanser Verlag GmbH & Co. KG

1.   General information

This privacy policy explains the nature, scope and purpose of the processing of personal data (hereinafter referred to as "data") on our online services and the related websites, functions and content as well as external online presence, such as our social media profiles (hereinafter referred to collectively as "online services"). With regard to the terms used, including "personal data" or their "processing", we refer to the definitions in Article 4 of the EU General Data Protection Regulation (GDPR).

1.1   Responsible body

The responsible body is Carl Hanser Verlag GmbH & Co. KG, Kolbergerstrasse 22, D-81679 Munich, Tel.: +49 (0)89 99830-0, Fax: +49 (0)89 984809, Email: info@hanser.de, Court of Registry Munich HRA 49621, hereinafter referred to as "we" or "us".

1.2   Categories of processed personal data

Personal data is any information that relates to an identified or identifiable natural person. We process the following data in our online services:

  • Master data, e.g. name, address
  • Communication data such as telephone, fax, email
  • Order and contract data such as book orders, journal orders, booking of participation in events
  • Billing data such as bank details, means of payment
  • Purchase history such as products and services that you have purchased from us in the past
  • Usage data such as visited websites, interest in content, access times
  • Metadata such as device information, IP addresses

No special categories of data (Article 9 (1) GDPR) are processed.

1.3    Categories of data subjects

In our online services we process data related to the following groups of people:

  • Customers and prospects
  • Visitors and users of the online services

In the following, we also refer to the persons affected as "users".

1.4   Purpose of processing

We process your personal data for the following purposes in accordance with the following relevant legal bases:

  • Providing the online services, its contents and functions
  • Provision of contractual services (possibly in connection with registration), service and customer care
  • Answering contact requests and communicating with users
  • Marketing, advertising and market research
  • Safety measures

1.5   Relevant legal bases

In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. Unless the legal basis in the privacy policy is explicitly stated, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR; the legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 (1) lit. b GDPR; the legal basis for processing in order to fulfil our legal obligations is Art. 6 (1) lit. c GDPR; and the legal basis for processing for the protection of our legitimate interests is Art. 6 (1) lit. f GDPR. ​​​​

2.   Security measures

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the enjoyment of data subject rights, data erasure and data vulnerability response. Security measures include the encrypted transfer of data between your browser and our server.

3.   Disclosure of data to third parties and order processing

If, in the context of our processing, we disclose data to other persons and companies (contract processors or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (e.g. when a transmission of the data to third parties, such as delivery service providers, is required pursuant to Art. 6 (1) lit. b GDPR to fulfill the contract), if you have consented to this, if a legal obligation requires this or on the basis of our legitimate interests (e.g. when using web analysis and range measurement).

4.   Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure or transmission of data to third parties, this is done only if it fulfils our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special conditions of Art. 44 et seq. GDPR apply. This means, for example, that the processing is based on special guarantees such as the officially recognized level of data protection which corresponds to EU standards (e.g. through the "Privacy Shield" in the USA) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

5.   Rights of data subjects

As the data subject you have a right to information about stored data (Art. 15 GDPR) and under certain conditions to correction (Art. 16 GDPR), cancellation (Art. 17 GDPR), limitation of processing (Art. 18 GDPR), objection to processing (Art. 21 GDPR) and data portability (Art. 20 GDPR).
In order to exercise your rights, please use the information provided under the contact section in this Privacy Policy and make sure that we can clearly identify your person.

5.1   Withdrawal​​​​​​​

If you have given us consent to the processing of your data, you can revoke this at any time with effect for the future, the legality of the processing of your data until the revocation remains unaffected.

5.2   Right of objection​​​​​​​

You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against processing for direct marketing purposes. This also applies to the profiling, as far as it is associated with such direct advertising. Furthermore, there is a right to object to the processing on the basis of Art. 6 (1) lit. f GDPR (legitimate interests). We will then cease processing your data unless we can demonstrate compelling, legitimate reasons for further processing that outweigh your interests, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

5.3   Cookies and right to object to direct advertising​​​​​​​

We use temporary and permanent cookies, i.e. small files stored on users' devices (for an explanation of the term and function, see the last section of this privacy policy). In part, the cookies are used for security or to operate our online services (e.g. for the presentation of the website) or to save the user decision in the confirmation of the cookie banner. In addition, we or our technology partners use cookies for measuring reach and for marketing purposes, which users are informed about in the course of the privacy policy.

A general objection to the use of cookies used for online marketing purposes can be found in a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices or the EU site http://www.youronlinechoices.com/preferencemanagement. Furthermore, you can prevent the storage of cookies by blocking them in the settings of your browser. Please note that not all features of these online services may be used.

5.4   Right of complaint​​​​​​​

According to Art. 77 GDPR, you have the right to file a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or the supervisory authority responsible for us. This is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
D-91522 Ansbach
poststelle@lda.bayern.de

5.5   Deletion of data​​​​​​​

The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other and legitimate purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.

According to legal requirements, the storage takes place for six years in accordance with § 257 (1) HGB [German Commercial Code] (such as trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents) and for 10 years in accordance with § 147 (1) AO [German Fiscal Code] (such as books, records, management reports, accounting records, commercial and business letters, documents relevant to taxation).

 

6.   Provision of contractual services

We process master data (such as name, addresses), communication data (such as telephone, fax, email) as well as contract, order and billing data (such as used services or products) for the purpose of fulfilling our contractual obligations and services acc. to Art. 6 (1) lit. b GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract. The deletion takes place after expiration of legal guarantee and comparable obligations, the necessity of the storage of the data is checked regularly; in the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (six years) and tax law (10 years) retention obligation); information in the user account remains until it is deleted.

Users can create a user account, depending on the functional range provided, for example, to create shopping lists, to display content available for download or to manage contents. As part of the registration, the required mandatory information will be communicated to the users. If users have terminated their user account, their data will be deleted with respect to the user account, unless their retention is necessary for commercial or tax law reasons under Art. 6 (1) lit. c GDPR. It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the contract period.

As part of the registration and re-registration and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c GDPR.

We process usage data (e.g. the visited web pages of our online services, interest in our products) and master, communication, order and contract data (e.g. existing orders) for advertising purposes in a user profile in order to provide users with e.g. product references based on the products and services they have previously purchased.

If you are our customer, we inform you within the applicable legal limits about offers from us and other companies that are similar to the services you use. Legal basis: Safeguarding legitimate interests according to Art. 6 (1) lit. f GDPR. If you do not wish to receive such offers, you may object to the use of your data for promotional purposes at any time with future effect. Please use the information in the contact section of this privacy policy.

7.   Contact

When contacting us by contact form, email or by mail, we process the information of the user to complete the contact request as per Art. 6 (1) lit. b GDPR.

If no contractual relationship is established, personal data will be deleted after processing the contact request, if this is no longer required. This also applies to unsolicited manuscripts sent to the publisher. In the case of legal archiving obligations, the deletion takes place after its expiration.

In the case of the transmission of application documents the data are processed on the basis of § 26 (1) sentence 1 of the new BDSG [German Data Protection Act]. The provision of the personal data is necessary for the assessment of the suitability for the vacancy and thus for a possible conclusion of the contract. Failure to provide the data would mean that the application for the vacancy cannot be considered. The personal data is transferred to the following recipients:

  • The responsible employees in the human resources department
  • The supervisor(s) of the position you are applying for
  • The works council as per § 99 BetrVG [German Works Council Constitution Act]

The data is stored until the application process is completed and beyond that for six months.

8.   Newsletter

With the following information we inform you about the content of our newsletter as well as the registration, dispatch and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.

Content of the newsletter: We send newsletters, emails and other electronic notifications with editorial or promotional information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. Insofar as the contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally, our newsletters may also contain information about our products, offers, promotions and our company.

Credentials: In order to register for the newsletter, it is sufficient to enter your email address. Optionally, we ask for a salutation and a name in order to address you personally in the newsletter.

Double opt-in and logging: Registration for our newsletter takes place via a so-called "double opt-in procedure". This means you will receive an email after logging in to ask for confirmation of your registration. This confirmation is necessary so that nobody can register using somebody else’s email address. The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the email service provider will be logged.

Emailing service: The newsletter is sent by emarsys suite, a product of Emarsys eMarketing Systems AG, Hans-Fischer-Straße 10, D-80339 Munich.

Measuring success: Each newsletter sent includes a so-called "web beacon", i.e. a pixel-sized file, which is retrieved from the server of the email service provider when the newsletter is opened. This will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can in fact be assigned to the individual newsletter recipients. However, it is neither our endeavor nor that of the email service provider to observe individual users. The evaluations serve us rather to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The dispatch of the newsletter and the success measurement are made on the basis of a consent of the recipients as per Art. 6 (1) lit. a, Art. 7 GDPR in conjunction with § 7 (2) no. 3 UWG [Law Against Unfair Competition] or on the basis of the statutory permission pursuant to Art. § 7 (3) UWG.

The logging of the registration process is based on our legitimate interests in accordance with Art. 6 (1) lit. f GDPR and serves as proof of consent to the receipt of the newsletter.

Termination/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent at any time with effect for the future. A link to cancel the newsletter can be found at the end of each newsletter.

9.   Download materials

As part of the use of the downloads, we save the IP address and the time of each user action; if you are registered as a customer, we also save information about the use made in your user account. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. A transfer of these data to third parties does not take place, unless it is necessary for the prosecution of our claims or there is a legal obligation in accordance with Art. 6 (1) lit. c GDPR or you have given us your consent in accordance with Art. 6 (1) lit. a GDPR.

10.   Online presence in social media

We maintain an online presence within social networks and platforms in order to communicate with customers, prospects and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.

Unless otherwise stated in our privacy policy, we process the users' data as far as they communicate with us on social networks and platforms, e.g. write posts on our online presence or send us messages.

11.   Collection of access data and log files

We save data on every access to the server on which this service is located (so-called "server log files") based on our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR. The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Logfile information is stored for security purposes (e.g. to investigate abusive or fraudulent activities) for a maximum of ninety days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.

​​​​​​12.   Cookies

We use so-called cookies on our website. Cookies are small text files that are stored on the user's computer.

We use both our own cookies and third-party cookies. The cookies are used to

  • offer you functions such as a registration or a cross-site shopping cart display and ensure the optimal presentation of our web pages.
  • evaluate the usage behavior anonymously with the support of analysis tools and further develop our user-oriented web pages.
  • include advertising on our website with an AdServer.

By accepting the use of cookies you enable us to make the use of our internet pages as pleasant and efficient as possible.

12.1   Which cookies we use

We use session cookies and persistent cookies. For example, the session cookies allow us to identify and authorize you after a successful login in a secure area for the entire duration of your visit or to offer you a cross-site shopping cart and notepad in a webshop. The session cookies are deleted when the browser is closed. Persistent cookies allow us, for example, to store your credentials. This means that when you return to a page, you can return to your entered data and settings. Persistent cookies are stored for a limited period of time.

12.2   Usage-based online advertising

Usage-based online advertising serves the purpose of displaying optimized online advertising to site visitors by analyzing anonymized or pseudonymized data regarding the use of a website based on their possible preferences and interests. Cookies are also used for this purpose. These cookies are mainly used to track the preferences of the site visitors with regard to usage-based online advertising, which can be used to optimize the design of the website.

Thus, the content of a website can be tailored to the needs of individual visitors, improving our online services. The corresponding data are pseudonymous or anonymous – which means we and the individual third-party companies do not require separate consent to use-based online advertising (§ 15 (3) Telemedia Act).

12.3   Pixel-Tags / web beacons on banner ads

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) lit. f GDPR), we make it possible for the advertising company or its agency to use so-called pixel tags (invisible graphics, also referred to as "web beacons") in the banner advertising on our online services for statistical or marketing purposes.

Through the "pixel tags", information can be evaluated directly by the advertising company or its agency – for example, how often the banner is clicked. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online services. The corresponding data is pseudonymous in nature, which means that we and the individual advertising companies do not require separate consent to usage-based online advertising (§ 15 (3) Telemedia Act).

12.4   Deactivation of cookies​​​​​​​

Of course, you can prevent the use of our cookies and third-party cookies at any time, by preventing the storage of cookies with the corresponding settings of your browser software. For details, please refer to the help function of your browser. We would like to point out, however, that we cannot rule out that in this case some features of our website are not or not fully usable. You may object to the use of cookies for reach measurement and promotional purposes through the deactivation page of the Network Advertising Initiative http://optout.networkadvertising.org and additionally the US website http://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/en/your-ad-choices/.

13.   Analysis and reach measurement

In order to develop the offer on our website even more optimally, make your visit as interesting as possible, as well as carry out reach measurements, we use technical aids for the recognition and interpretation of user behavior. In the following, we explain what these means are and how they handle your personal data.

13.1   etracker

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) lit. f GDPR) we use the analysis service "etracker" of etracker GmbH, Erste Brunnenstraße 1, D-20459 Hamburg.

From the data processed by etracker, user profiles can be created under a pseudonym. Cookies can be used for this purpose. The cookies make it possible to recognize your browser. The data collected with the etracker technologies will not be used without the separate consent of the person concerned to personally identify visitors to our website and will not be combined with personal data about the bearer of the pseudonym. Furthermore, the personal data will only be processed for us, i.e. not combined with personal data collected within other online services.

Data collection and storage by this application may be objected to at any time with future effect. Link: http://www.etracker.de/privacy?et=no9Zl3

The opt-out sets an opt-out cookie with the name "cntcookie" by etracker. Please do not delete this cookie as long as you want to maintain your objection. For more information, see the etracker privacy policy: http://www.etracker.com/en/data-privacy.html.

14.   Integration of services and contents of third parties

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online services within the meaning of Art. 6 (1) lit. f GDPR), we make use of content or services offered by third-party providers in order to provide their content and services, such as embedded videos or links to their offers (hereinafter referred to collectively as "content"), within our online services. For this purpose, the third-party providers of this content need to perceive the IP address of the users, since otherwise they cannot send the content to their browser. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring web pages, visit time, and other information regarding the use of our online services, and may be combined with such information from other sources.

14.1   reCAPTCHA

Within our online services we use the reCAPTCHA service of the third party provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use reCAPTCHA to recognise bots during data input, e.g. in online forms, on the legal bases of our legitimate interest in accordance with Art. 6 paragraph 1f GDPR. reCAPTCHA collects hardware and software information for analysis purposes, e.g. device and application data such as IP address, duration of the website visit or the mouse movements carried out by the user and sends these to Google. The information that is collected during use of the service is utilised by Google to improve reCAPTCHA and for general security purposes. Google does not use it for personalised advertising. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

15.   Contact and Data Protection Officer

For inquiries about the handling, extent or origin of your personal data, or for the purpose of deletion (as far as possible according to legal requirements), blocking or modification, please contact our Data Protection Officer:

Carl Hanser Verlag GmbH & Co. KG
Kolbergerstraße 22
D-81679 Munich
+49 89 99830-0
+49 89 984809
datenschutz@hanser.de

16.   Changes to the privacy policy

Due to the dynamic development of our Internet services, we may from time to time make changes to our privacy policy.
Please note the current version of our privacy policy.

As of: March 18, 2019