Section 1: Data Controller
Hanshow is the Data Controller for the Processing of Personal Data in the following situations:
- the Processing of Personal Data in the context of the customer relationship with Hanshow or potential customers with whom Hanshow has made contact or wishes to make contact;
- the Processing of Personal Data of Users of our Website and all underlying and/or linked websites and/or website pages;
- the Processing of Personal Data of recipients of promotions, newsletters and commercial emails from Hanshow;
- the Processing of all other Personal Data relating to persons who contact Hanshow or whose Personal Data Hanshow Processes.
Section 2: Source of Data
Personal Data means any information that, either on its own or jointly with other information, can be used to identify a natural person. Hanshow Processes Personal Data that you have provided to Hanshow yourself and Personal Data generated during your visit to the Website. This includes contact details and information about assignments, such as (company) name, address, telephone number, email address and other Personal Data that you voluntarily provide to us when you contact us or communicate with us. Personal Data obtained through or generated by our Website includes information about your IP address, internet browser, language settings, and information about your use of our Websites. We collect this data by placing cookies.
We may also collect and use non-personally identifiable information (Non-PII). Non-PII is information that cannot be used to identify a particular individual. For example, Hanshow will collect statistical data, such as the numbers, source, location of visits to the Website. We collect this data to understand how Users use our Websites and services so that we can improve our services and better satisfy your needs. Hanshow may collect, use, process, transfer, or disclose non-PII for other purposes at its own discretion.
Section 3: Personal Data of minors
Our Website and/or services are not aimed at persons under the age of 18 and do not intend to collect (Personal) Data from and about Users who are younger than 18 years of age. However, we cannot check whether a User is older than 18 years. If you are under the age of 18 and it appears that our services are offered to you, you may only use them under the supervision and with the permission of your legal representative. If you or your legal representative are convinced that we have collected your (Personal) Data without your/its permission, you or your legal representative can contact us via the email address provided in Section 14 below. We will then delete your Personal Data as soon as possible.
Section 4: Cookies and Similar Technologies
A Cookie is a piece of information in the form of a very small text file that is placed on an internet user's hard drive. It is generated by a web page server, which is basically the computer that operates a website. The information the Cookie contains is set by the server and it can be used by that server whenever the user visits the website. A Cookie can be thought of as an internet user's identification card, which tell a website when the user has returned.
We understand that you as an Internet user may have reservations about cookies. To avoid misconceptions, we would like to clarify with you following points:
- Cookies cannot transmit viruses
- Cookies cannot read e-mail addresses
- Cookies cannot read disk contents
- Cookies cannot transmit the history file
- Cookies cannot send unnoticed e-mails
- Cookies cannot write all over your hard disk or even delete it
Necessary Cookies and similar technologies are essential to enable the core functionality of the website, which cannot be disabled via the function of this site. You can generally reject or manage Cookies and similar technologies through the browser or User selection mechanism. For details, visit e.g. AboutCookies.org. However, please note that if you disable Cookies or similar technologies, we may not be able to provide you with the best service experience, and some services may not work properly.
Section 5: Purposes
Hanshow uses your Personal Data for various purposes, such as:
- the execution of an agreement between you and Hanshow, for which you have commissioned Hanshow to provide our products and /or services;
- compliance with legal obligations;
- maintaining contact with you;
- sending you information you have requested from us;
- improving our product and /or service information;
- creating user statistics of the Website.
Section 6: Legal basis for the Processing of Personal Data of EU Data Subjects
In regard to the Processing of Personal Data of EU Data Subjects or when the Personal Data is Processed within the EU, Hanshow will Process your Personal Data following the requirements of applicable laws on an appropriate legal basis. Hanshow Processes your Personal Data exclusively on the basis of one of the following principles:
- Consent. If we have asked you for your Consent to Process your Personal Data and you have given this Consent, you also have the right to withdraw this Consent at any time;
- Execution of the Agreement. If you commission us to provide you with our products and/or services, we Process Personal Data if and insofar as this is necessary for the execution of the assignment;
- Legal Obligation. In some cases we are legally bind to Process your Personal Data, e.g. for tax obligations;
- Legitimate Interest. This includes our interest in maintaining a (commercial) relationship with you and our commercial interest in gaining more insight into the use of our Website.
Section 7: Retention period
Hanshow does not store Personal Data that it Processes for longer than is necessary for the purpose of the Processing or required by law. The retention period may differ per type of Personal Data.
Personal Data Processed for purposes related to the execution of an agreement between you and Hanshow shall be retained until such agreement has been fully performed. Personal Data Processed for the purposes of legitimate interests shall be retained as long as needed to fulfill such purposes.
We may anonymize Personal Data for statistical purposes and store it on an aggregated level. There is no maximum retention period attached to such.
Section 8: Third Parties and Processors
We may disclose your Personal Data to Hanshow affiliates or a third party authorized to cooperate. We may need to provide certain services to you through some partners. In order to do so, we may need to share some of your Personal Data with our partners. In addition, as a global company, we may share Personal Data within the Hanshow companies.
To comply with applicable laws or respond to valid legal procedures, Hanshow may also disclose your Personal Data to law enforcement or other government agencies. If Hanshow is involved in a restructuring, merger & acquisition, or a bankruptcy or liquidation lawsuit in a given jurisdiction, your Personal Data may be disclosed in connection with the transaction. Hanshow may also disclose your Personal Data when appropriate, for example, to execute Terms and Conditions, when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or when it is in connection with an investigation of suspected or actual illegal activity.
For the Processing of Personal Data, Hanshow engages service providers (Processors) who Process the Personal Data on behalf of Hanshow. Hanshow concludes a Processing Agreement with these Processors that, regarding the Processing of Personal Data of EU Data Subjects and/or Processing of Personal Data within the EU, meets the requirements of the GDPR. For example, Hanshow works with ICT service providers and service providers that offer software or hosting services. Furthermore, there are also ICT service providers who offer us support in keeping our systems safe and stable.
Section 9: International Transfer
The principle is that your Personal Data is processed at our operating offices and in any other place where the parties involved in the Processing are located. Depending on your location, data transfers may involve transferring your Personal Data to a country other than their own.
Section 10: Your rights as an EU Data subject
As an EU Data Subject or when your Personal Data is Processed within the EU, you have a number of rights under the GDPR. You have the right to access your Personal Data (Art. 15 GDPR), the right to rectification of your Personal Data (Art. 16 GDPR), the right to erasure (Art. 17 GDPR) and the right to restriction of Processing (Art. 18 GDPR). Under certain circumstances, you also have the right to request the transfer of your Personal Data (Art. 20 GDPR). Finally, you can object to the use of your Personal Data (Art. 21 GDPR). If the Processing of your Personal Data is based on Consent, you can withdraw it at any time.
Your rights are briefly described below:
- right of access: you may always request an overview of the Personal Data we have collected and request a copy thereof. If we have received your Personal Data not directly from you but from a third party who Processes your Personal Data, we will inform you of the source from which this information was received;
- right to rectification: you may always ask for your Personal Data to be corrected or supplemented if they have been Processed incorrectly and/or incompletely in our administration;
- right to erasure: you may always request that your Personal Data be deleted if you do not want us to retain certain Personal Data about you. This is also called 'the right to be forgotten';
- right to restriction: you can always ask for the Processing of your Personal Data to be temporarily stopped or for the use thereof to be restricted;
- right to transfer: you can always request your Personal Data to be transferred to a third party. This is also called the right to data portability. Your Personal Data will then be sent to you or to the third party designated by you in a readable file;
- right to object: you can (under certain circumstances) object to the (further) Processing of your Personal Data; and
- withdraw your Consent at any time: you have the right to withdraw your Consent where you have previously given your Consent to the Processing of your Personal Data. However, withdrawal does not affect the legitimacy and effectiveness of how we Process your Personal Data based on your Consent before the withdrawal is made; nor does it affect any Personal Data Processing based on another legal basis/justification other than your Consent.
When you claim the said rights, we may require you to submit a written request and may verify your identify. Usually, we do not charge anything for such processes unless your request goes beyond the limit of conventional requirements.
Section 11: Security
We have taken reasonable and practical measures and technical measures to protect your Personal Data we Process. Please note, however, that although we have taken reasonable steps to protect your Personal Data, no website, Internet transmission, computer system or wireless connection is absolutely safe and without defects. Hanshow ensures appropriate security of the Personal Data it holds, in accordance with the applicable requirements and guidelines. The measures we have taken include:
- that all data via the Website is encrypted and transmitted via a secure connection by means of SSL/TLS connections;
- that only the necessary persons have access to personal data, that access to the data is protected and that our security measures are regularly checked;
- that persons who have access to data are aware of the importance we attach to the protection of personal data;
- that persons who have access to data are bound by a confidentiality agreement.
If you have the impression that your Personal Data is not properly secured or there are indications of a Data Breach, please contact us immediately.
Section 12: Obligation to report Data Breaches regarding EU Data Subjects
Despite the fact that we Process your Personal Data with the utmost care and your Personal Data are stored securely, it is possible that a Data Breach occurs. Should such Data Breach occur in regard to Personal Data of an EU Data Subject or the Processing of Personal Data with the EU, we will first check whether and to what extent there may be a high risk to your rights and freedoms. In such a case, we will report this to the relevant DPA within seventy-two (72) hours and we will also report this to you as soon as possible.
In the event of a Data Breach, we will notify you at least of the following:
- the type of breach related to your personal data;
- the likely consequences of the infringement;
- the measures to be taken (and already taken) by us to limit the consequences of the infringement.
Section 13: Alterations
Section 14: Questions or Complaints?
You also have the right to complain to your national / regional data protection authority or the data protection commissioner.