Privacy Policy

1. Introduction and Controller 

This Privacy Policy clarifies the nature, scope, and purpose of the processing of personal data (hereinafter briefly "data") within our online offering and the associated websites, functions, and content (hereinafter collectively referred to as "online offering"). The controller in terms of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is: Hofer Photonics GmbH

Roßberg 19, 22089 Hamburg

Managing Director: Layla Raig 

+49 162 9493988 

Email: info@hofer-photonics.com

2. Definitions 

Personal Data: Any information relating to an identified or identifiable natural person (e.g., name, email address, IP address).

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means (e.g., collection, recording, storage, alteration, transmission).

Data Subject: Any identified or identifiable natural person whose personal data is processed by the controller.

3. Types of Data Processed 

In principle, we process the following types of data within our online offering:

• Contact data (e.g., email addresses, phone numbers), provided you voluntarily make them available to us (e.g., by email).

• Usage data (e.g., visited websites, access times, device-related information), which are automatically collected when you use our online offering.

• Meta/communication data (e.g., IP addresses), which are technically generated with every access to websites.

4. Purposes of Processing 

We process your data for the following purposes:

• To provide the online offering and its content.

• To respond to contact inquiries and communicate with users.

• To ensure the security and stability of our online offering.

5. Legal Basis for Processing 

The processing of your data is based on the following legal grounds:

• Art. 6 para. 1 lit. b GDPR: For answering your inquiries or for carrying out pre-contractual measures, for example, if you contact us by email.

• Art. 6 para. 1 lit. f GDPR: For safeguarding our legitimate interests, which lie in the operation, analysis, and optimization of our online offering and ensuring system security.

6. Data Deletion and Storage Period

The data processed by us will be deleted or their processing restricted as soon as the purposes for which they were collected cease to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject.

7. Your Rights as a Data Subject 

You have the right at any time to:

• Right of Access (Art. 15 GDPR): You can request information about your personal data processed by us.

• Right to Rectification (Art. 16 GDPR): You can request the correction of inaccurate or completion of your personal data stored by us.

• Right to Erasure (Art. 17 GDPR): You can request the deletion of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.

• Right to Restriction of Processing (Art. 18 GDPR): You can request the restriction of the processing of your personal data.

• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format or to request its transmission to another controller.

• Right to Object (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. f GDPR.

• Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is:  

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI)

Ludwig-Erhard-Str. 22, 7. OG 20459 Hamburg

Tel.: 040 / 428 54 - 4040

Fax: 040 / 428 54 - 4000

Email: mailbox@datenschutz.hamburg.de

8. Hosting and Website Service via Google Sites 

Our website is created and hosted using the "Google Sites" service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit our website, Google processes personal data to provide and secure the service. This includes:

• IP address

• Date and time of access

• Browser type and version

• Operating system used

• Referrer URL (the previously visited page)

• Information about your device

The legal basis for this processing is our legitimate interest in a secure, stable, and professional presentation of our online offering pursuant to Art. 6 para. 1 lit. f GDPR.

8.1. Cookies and Data Analysis by Google As indicated in the cookie banner displayed when you first visit our site, Google uses cookies. These cookies serve two main purposes:

1. Service Delivery: Some cookies are technically necessary to deliver the website content correctly and ensure basic functionalities (e.g., load balancing). The storage of this information is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in conjunction with § 25 Abs. 2 Nr. 2 TDDDG.

2. Traffic Analysis: Google also processes data to analyze website traffic for its own purposes. Information about your use of this site is shared with Google. This processing allows Google to improve its own services. This processing is carried out by Google under its own responsibility.

You can find more information about Google's data processing in Google's privacy policy: https://policies.google.com/privacy

8.2. Data Transfer to the USA By using Google Sites, data is inevitably processed on servers of Google LLC in the USA. The USA is considered a "third country" under the GDPR, which does not have a level of data protection equivalent to that of the EU.

The legal basis for this data transfer is the EU Commission's adequacy decision of July 10, 2023, for the EU-U.S. Data Privacy Framework (DPF). Google LLC is certified under the DPF, thereby providing an adequate level of data protection for the transfer of personal data from the EU to the USA.

9. Changes to this Privacy Policy We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy. The new Privacy Policy will then apply for your next visit.

Status: June 2025