Go to homepage
€0.00*

Privacy Policy

The following privacy notice informs you about the nature, scope, and purposes of the processing of your personal data in connection with our online store.

This information fulfills our transparency obligations under Articles 12 and 13 of the European General Data Protection Regulation (GDPR).

Data Controller

The data controller within the meaning of the GDPR, the Federal Data Protection Act (BDSG), and other data protection regulations for this website is

Harz AG – Initiative Wachstumsregion
Dornbergsweg 2
38855 Wernigerode
Email: hc@harz-ag.de
Phone: +49 (0)3943 - 935800

Further information about our company and contact details are available in our Legal Notice.

Hosting

Hosting of Our Website and Log Files

Description and Scope of Data Processing

Our website is hosted by a service provider. We have entered into a data processing agreement with the web host.

Each time you visit our website, the web server automatically collects the following information from your system:

  • Website visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/referrer from which you accessed the page
  • Browser used
  • Operating system used
  • IP address

Legal Basis for Data Processing

The legal basis for the temporary storage of the aforementioned data and its recording in so-called log files is our legitimate interest as a website operator, pursuant to Article 6(1)(f) of the GDPR in conjunction with Section 25(2)(2) of the TDDDG, in ensuring the optimal provision of our online services.

Purpose of data processing

The temporary storage of your IP address by the web server is necessary to deliver the website to your computer. For this purpose, your IP address must remain stored for the duration of your visit to the website.

The storage of data in log files serves to ensure the security of our IT systems (e.g., for attack detection). This data is not analyzed for marketing purposes.

Duration of storage

The aforementioned data is deleted as soon as it is no longer required to fulfill the stated purpose. For data processing related to the provision of the website, this occurs upon the conclusion of your visit to the website.

Data stored in log files is deleted after 14 days at the latest. Storage beyond this period may occur. In this case, your IP address is anonymized so that it can no longer be linked to a specific individual.

Use of Cookies and Consent Services

Cookies

Description and Scope of Data Processing

We use cookies on our website. Cookies are text files that are stored on your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain on your device until you delete them yourself or your web browser deletes them automatically.

Legal basis for data processing

The legal basis for the use of technically necessary cookies is our legitimate interest as the website operator pursuant to Art. 6(1)(f) GDPR in conjunction with §25(2)(2) TDDDG.

The legal basis for setting third-party cookies, which are not technically necessary but serve our convenience features, is based on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with §25(1) TDDDG. You may revoke this consent at any time. The lawfulness of the data processing carried out prior to revocation remains unaffected.

Purpose of Data Processing

Technically necessary cookies enable us to provide our website in a flawless and user-friendly manner.

Non-technically necessary cookies perform so-called convenience functions on our website, such as providing additional content and services.

Storage Duration and Right to Object

Please refer to the cookie settings for the storage duration of individual cookies.

You can delete stored cookies at any time in your browser settings or via the settings in the cookie consent section. In addition, you can configure individual preferences in your browser by generally objecting to the setting of cookies by websites or third-party providers. Please note that by disabling cookies, you may not be able to use our website to its full extent.

Cookie Consent

Description and Scope of Data Processing

This website uses cookie consent technologies to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies, and to document this in compliance with data protection regulations. When you interact with our cookie banner, the following personal data is processed:

  • Your consent(s) or the revocation of your consent(s)
  • Your anonymized IP address
  • Information about your browser
  • Information about your device
  • The time of your visit to the website

The cookie consent technologies may store a cookie in your browser to associate the consents you have given or their revocation with you. The data collected in this way is stored until you delete the cookie yourself, the cookie’s expiration date is reached, or the purpose for data storage no longer applies.

Legal basis for data processing

Your consent is documented to fulfill our accountability obligations. The legal basis is Art. 6(1)(c) GDPR in conjunction with Art. 5(2) GDPR.

Contact Options

Contacting Us via Email

Description and Scope of Data Processing

You can contact us using the email addresses provided on our website. When you contact us, we will process the personal data associated with your inquiry.

Legal Basis for Data Processing

The legal basis for processing your inquiry and the associated data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

If your inquiry is aimed at entering into a contract, the legal basis for this data processing is the initiation or performance of a contract pursuant to Art. 6(1)(b) GDPR.

Purpose of data processing

The processing of your data serves exclusively to handle your inquiry.

Retention Period

Your data will be deleted as soon as it is no longer necessary for the stated purpose. For personal data that you have sent us via email, this is the case once the relevant conversation with you has ended. The conversation is considered ended when it is clear from the circumstances that the matter in question has been conclusively resolved.

If your contact is aimed at concluding a contract, the legal retention periods apply.

Right to Object

You have the right to object to this data processing at any time. You may send your objection to the following email address: hc@harz-ag.de

Personal data stored in the course of your contact will be deleted in this case.

Shop Features

Data Processing for Orders

Description and Scope of Data Processing

Our online store allows you to order the HarzCard either as a registered user or as a guest. In doing so, we process your personal information and payment details that you provide to us during the ordering process. Data is only transferred to third parties, e.g., credit institutions, delivery services, etc., to the extent necessary for the fulfillment of the contract. Your data is not shared with third parties for advertising purposes.

Legal basis for data processing

Data processing is permitted for the initiation or fulfillment of a contract pursuant to Art. 6(1)(b) GDPR.

Purpose of data processing

The processing of the aforementioned personal data serves exclusively for the purpose of contract processing and fulfillment.

Duration of storage

The aforementioned data will be deleted or anonymized upon fulfillment of the purpose, in compliance with statutory retention periods.

Registration and Login

Description and Scope of Data Processing

We offer you the option to register by providing personal data. The data requested in the input fields is transmitted to us and stored.

The following data is collected during registration on our website:

  • Salutation (optional)
  • Title (optional)
  • Last name
  • Email address
  • Password
  • Address

The following data is processed when you log in to our website:

  • Email address
  • Password

The following data is also stored at the time of login:

  • Your IP address
  • Date and time of your login

Legal basis for data processing

Since you can order our products without creating a user account, registration is voluntary. The processing of your user data is therefore based on your consent pursuant to Art. 6(1)(a) GDPR.

If your user data is processed in connection with an order, Art. 6(1)(b) GDPR forms the legal basis for processing for the purpose of contract fulfillment.

Purpose of data processing

Registration serves the purpose of centrally providing our online shop functions and completed orders to our customers and simplifying the shopping experience.

Duration of Storage

The data mentioned above will be deleted as soon as it is no longer necessary for the stated purpose or you request the deletion of your user account. Even after the contract has ended, it may still be necessary to continue storing your personal data in order to comply with our contractual or legal obligations (e.g., tax retention requirements).

Right to Withdraw Consent

As a registered user, you have the option to cancel your registration at any time. To do so, please contact us at the following address, specifying your request: hc@harz-ag.de

You also have the option to change the data stored in your profile at any time.

Payment Options

Payment Processing via PayPal

Description and Scope of Data Processing

We use PayPal for payment processing in our online store. To do so, we rely on the technical services provided by PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). If you have selected PayPal as your payment method, the payment details you provide will be transmitted to PayPal. In doing so, PayPal also collects, among other things, information about the transaction, the amount, and details regarding the payment methods.

Legal basis for data processing

The transmission of your data for payment processing is carried out for the purpose of fulfilling the contract in accordance with Art. 6(1)(b) GDPR.

Further information on data processing

PayPal (Europe) S.à r.l. et Cie, S.C.A. is responsible for further data processing. Further information on security and data protection at PayPal (Europe) S.à r.l. et Cie, S.C.A. can be found at the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Secure Payment Transactions

If you provide us with your payment details—such as account holder name, account information, etc.—for the purpose of processing the contract, these details will be used and processed solely for payment processing. Payment transactions are conducted via an encrypted SSL or TLS connection. You can recognize that such a certificate is in use by the web address https:// or by a closed padlock icon next to the web address.

Your Rights as a Data Subject

If your personal data is processed in your capacity as a user or customer, you are considered a data subject under the GDPR. Data subjects have the following rights vis-à-vis the controller:

  • Right of access (Art. 15 GDPR)
  • Right to rectification or erasure of personal data (Art. 16, 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to notification regarding the rectification or erasure of your personal data or the restriction of processing (Art. 19 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent. The lawfulness of the data processing carried out prior to withdrawal remains unaffected due to the consent valid up to that point. (Art. 7(3) GDPR)
  • Right to lodge a complaint with the supervisory authority (Art. 77 GDPR)
  • Right to object to data processing in specific cases (Art. 21(1) GDPR): If data processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation. If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.
  • Right to object to direct marketing (Art. 21(2) GDPR): If your personal data is processed for the purpose of direct marketing, you have the right to object to this processing at any time. Once you have objected, your personal data will no longer be used for the purpose of direct marketing.

External Links

Our website may contain links to third-party websites. If you click on these links and thereby allow third parties to process your personal data (e.g., your IP address), we have no influence over such processing and therefore cannot accept any responsibility for it. We indicate redirects to other digital service providers at the relevant points using symbols or text.

Security

The protection of your privacy is a serious concern for us. Therefore, we take appropriate technical and organizational measures to protect your personal data from misuse, alteration, and loss.

Your data is protected during transmission on our website by means of an SSL or TLS certificate. You can recognize that such a certificate is in use by the web address starting with https:// or by a closed padlock symbol next to the web address.

Despite carefully selected security measures, we would like to point out that 100% protection cannot be guaranteed, particularly when data is transmitted via email or our web forms.

Updates to Our Privacy Policy

Our website is subject to technological advancements associated with the operation and functionality of online services. We therefore reserve the right to update our Privacy Policy in line with changes to our security and data protection measures, as well as any expanded data processing activities, and to make the current version available to you here.


Effective as of: June 1, 2025

This website uses cookies to ensure the best experience possible. More information...