Privacy Statement

Harro Höfliger thanks you for your visit to our website and the interest you have shown in our company and products. The protection of your personal data is very important for us. Harro Höfliger Verpackungsmaschinen GmbH (hereafter referred to as “Harro Höfliger GmbH”, “we”, or “us”) values the safety of users’ data, as well as compliance with legal provisions related to data protection.

Harro Höfliger GmbH websites may contain links to the websites of other providers not covered by this Privacy Statement. The data that operators of these sites may collect is beyond our knowledge and ability to influence. You can obtain information from the privacy notice of the respective site.

In the following document, we will inform you in detail about how we handle your data.


The Privacy Statement is based on the terminology used in the General Data Protection Regulation (GDPR).

  • Personal data” are all information that relate to an identified or identifiable individual (hereafter referred to as a “data subject”) (Article 4(1) GDPR). Your personal data include information such as your basic information (first and last name, address and date of birth), your contact information (telephone number, email address), billing data (bank account information), and much more.


  • Processing” is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


  • The “data subject” is any identified or identifiable individual whose personal data are processed by the controller.


  • The “controller” is the individual or legal entity, public authority, agency or other body that, either alone or jointly with others, decides on the purposes and means of the processing of personal data. If the objectives and means of this processing are prescribed by European Union or Member State law, the controller or the specific criteria for their nomination may be provided for under Union or Member State law.


  • The “processor” is an individual or legal entity, public authority, agency or other body that processes personal data on behalf of the controller.


  • The “recipient” is an individual or legal entity, public authority, agency or other body, to which the personal data are disclosed, whether it is a third party or not. However, public authorities that may receive personal data in the context of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.


  • A “third party” is an individual or legal entity, public authority, agency or body other than the data subject, controller, processor or persons who, under the direct authority of the controller or processor, are authorized to process personal data.


  • Consent” is any informed and unambiguous indication of the data subject’s wishes given voluntarily by the data subject for the specific case in the form of a statement or by a clear affirmative action, by which the data subject signifies that he or she agrees to the processing of personal data relating to him or her.

Collection and processing of personal data

In principle, it is possible to use our website without providing any personal data. To the extent that you wish to make use of certain services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and no legal basis exists for such processing, we generally obtain consent from the data subject.

Anonymous data collection (server log files)

You can visit our site without actively giving information about your person. However, we do store access data every time the website is accessed (server log files), which include the name of your Internet service provider, the operating system used, the website from which you visit us and the duration of your visit or the name of the file requested. For security reasons (e.g. recognizing attacks on our websites), we also store the IP address of the computer used for a period of 60 days. These data are assessed exclusively for the improvement of our service and do not permit any inferences about your person. These data are not combined with other data sources. The legal basis for data processing is Article 6(1) GDPR. We process and use the data for the following purposes: 1. Providing the Harro Höfliger GmbH website, 2. Improving our website and 3. Preventing and detecting errors/malfunctions, as well as misuse of the website. This kind of data processing is undertaken either in fulfillment of the agreement regarding the use of the Harro Höfliger GmbH website, or because we are pursuing a legitimate interest in the functionality and error-free operation of the Harro Höfliger GmbH website, as well as customizing this website to user requirements.

Use of cookie tracking

In order to display our website in an attractive manner and facilitate the use of certain functions, we use cookies on our website. This is a standard Internet technology for storing and accessing login and other usage information for all visitors to the Harro Höfliger GmbH website. Cookies are small text files that are stored on your end device. They make it possible, among other things, for us to store user settings so that our website can be displayed in a customized manner on your device. Some of the cookies we use are erased after the browser session ends – that is, after you close your browser (session cookies). Other cookies remain on your device and allow us or our partner companies to recognize your browser on your next visit (persistent cookies).

You can configure your browser so that you are informed about the setting of cookies and decide on an individual basis whether to accept them, or bar the acceptance of cookies for certain cases or in general. Furthermore, cookies can be erased afterwards in order to remove data that websites have stored on your computer. You can easily find instructions on how to do this online. Deactivating cookies can lead to some limitations in the functionality of the Harro Höfliger GmbH websites.

Use of Google Analytics

This website uses features of the Google Analytics web analytics service. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies”, which are text files that are saved on your computer and enable the analysis of your use of the website. The information generated by the cookies about your use of this website (including your IP address) is transmitted to Google’s server in the USA and saved there. Google will use this information to evaluate your use of the website, compile reports about website activity for website operators and provide additional services associated with website usage and Internet usage. Google may also transfer this information to third parties, provided this is required by law or if third parties process this data on behalf of Google.


Preventing the storage of cookies

You can prevent cookies from being stored by selecting the corresponding setting in your browser software. However, we advise against this because then you may not be able to fully utilize all of the functions of this website. By using this website, you agree to Google processing the data collected about you in the manner and for the purposes set out above.


IP anonymization

We have activated the IP anonymization feature on this website. This means that your IP address is shortened by Google within Member States of the European Union or in other states that are parties to the Treaty of the European Economic Area before being transferred to the USA.


Objecting to data collection

If you do not want Google to receive data from your browser when you access the site, the opt out solution for Google Analytics can be found here:, This plugin prevents the browser from requesting the analytics code, meaning that Google receives no data when you access the site. The plugin is only available for Internet Explorer 7 and 8, Firefox 3.x and Chrome. According to Google, the browser blocks the Google Analytics script after installation. You can find more information on usage conditions and data protection at and


Please note that Google Analytics has been extended using the code “gat.anonymizeIp” on this website, in order to ensure the anonymized collection of IP addresses (IP masking).


Demographics with Google Analytics

This website uses the “Demographics” feature of Google Analytics. This allows the preparation of reports that contain statements on the age, sex and interests of visitors to the page. These data come from interest-based advertisements from Google as well as visitor data from third-party providers. These data cannot be assigned to any person in particular. You can deactivate this feature at any time using the display settings in your Google account, or forbid the collection of your data by Google Analytics on a general basis, as shown in the “Objecting to data collection” section.

Use of etracker

Our website uses the etracker analysis service. The provider is etracker GmbH, Erste Brunnenstrasse 1, 20459 Hamburg, Germany. Web analysis is the collection, compilation and evaluation of data about the behavior of website users. Among other things, a web analysis service collects data on the websites from which a data subject has come to the website (referrers), which subpages are accessed, or how often and for how long a subpage is viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of web advertising.

A usage profile can be created from the data using a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are locally stored in your browser’s cache. Cookies allow your browser to be recognized. The data collected using etracker technology are not used to identify visitors to our website personally, and are not combined with personal data about the bearer of the pseudonym without separate permission from the data subject.

You can object to the collection and storage of data at any time, which will take effect for the future. To object to the future collection and storage of your visitor data, you can obtain an opt-out cookie from etracker using the following link. This ensures that no visitor data will be collected and stored from your browser by etracker in the future. This sets a cookie from etracker with the name “cntcookie”. Please do not delete this cookie as long as you wish to maintain your objection. You can find further information in the etracker privacy provisions:

Order data processing

We have a contract with Google for the order processing of data, and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Use of Facebook

The features of the Facebook service are integrated into our website. The provider is Facebook Inc., 1 Hacker Way, Menlo Park CA 94025, USA. If you visit our website, the link creates a direct connection between your browser and the Facebook server. Facebook then receives the information that you have visited our website using your IP address. If you click on the Facebook “Like Button” while logged in to your Facebook account, the content of our website may be linked to your Facebook profile. Facebook can thus associate your visit to our website with your user account. Please note that, as the provider of the website, we do not receive any knowledge of the content of the transferred data or the use of this data by Facebook. More information can be found in Facebook’s Privacy Statement at

If you do not want Facebook to be able to associate your visit to our website with your Facebook user account, please log out of your Facebook user account.

Facebook Pixel, Custom Audiences and Facebook Conversion

As part of our online offerings, we use the Facebook pixel based on our legitimate interest in analysis, optimization and the economic operation of our online offerings. The Facebook pixel belongs to the Facebook social network, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park CA 94025, USA, or, if you are a resident of the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (hereafter “Facebook”).

Facebook is certified under the Privacy Shield Agreement, which guarantees compliance with European data protection legislation (

By using the Facebook pixel, it is possible for Facebook to identify visitors to our online offerings as a target group for displaying advertisements (“Facebook Ads”). Accordingly, we use the Facebook pixel to display the Facebook ads we place only to Facebook users who have shown interest in our online offerings or certain features (e.g. interest in certain subjects or products as determined by the websites visited), which we submit to Facebook (“custom audiences”). Thanks to the Facebook pixel, we would also like to ensure that our Facebook ads match users’ potential interests, and are not annoying. We use the Facebook pixel to further understand the effectiveness of Facebook advertisements for statistical and market development purposes, as we see whether users were transferred to our website after clicking on a Facebook ad (“conversion”).

The processing of data by Facebook is carried out in accordance with Facebook’s Data Use Policy. Accordingly, general information on the displaying of Facebook ads is available from Facebook’s Data Use Policy: You can find special information and details on the Facebook pixel and its functioning in Facebook’s help section:

You can object to the collection of your data by the Facebook pixel and its use to display Facebook ads. To configure the kinds of advertisements that are shown to you on Facebook, you can access the Facebook site set up and follow the instructions on configuring user-specific advertisements: The settings are platform-neutral, meaning that they will be adopted by all devices, including desktop computers and mobile devices.

You can further object to the use of cookies used to measure reach and advertising objectives through the opt-out site of the Network Advertising Initiative (, as well as the US website ( or the European website (

Use of Google+

Our site uses features of Google+. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Collection and forwarding of information: By using the Google+ button, you can publish information around the world. The Google+ button provides you and other users with personalized content from Google and our partners. Google stores the information for whose content you gave a +1, as well as the information on the site that you were viewing when you clicked the +1. Your +1s can be shown as references, along with your profile name and photo, on Google services, such as in search results or on your Google profile, or in other places on websites and online advertisements. Google records information about your +1s to improve Google services for you and for others. To be able to use a Google+ button, you need a globally visible, public Google profile, which must at least contain the name chosen for the profile. This name is used in all Google services. In some cases, this name can also

replace another name that you have used for parts of content on your Google Account. The identity of your Google profile can be displayed to users who know your email address or have other identifying information on you. Use of the information collected: Alongside the intended uses stated above, the information you provide is used in accordance with the applicable Google data protection provisions. Google may publish summary statistics about a user’s +1 history and pass this along to users and partners, including partners, advertisers or affiliated websites.

More information can be found in Google’s Privacy Policy at

Use of LinkedIn

Our website uses features of the LinkedIn network. The provider is the LinkedIn Corporation., 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time one of our pages containing LinkedIn features are accessed, a connection is established to the LinkedIn servers. LinkedIn is thereby informed that you have visited our website using your IP address. If you click the LinkedIn “Recommend” button while logged in to your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. Please note that, as the provider of the website, we do not receive any knowledge of the content of the transferred data or the use of this data by LinkedIn.

More information can be found in LinkedIn’s Privacy Policy at .

Use of YouTube

Our website uses features of the Google-operated site, YouTube. The operator of the site is YouTube LLC, 901 Cherry Ave., San Bruno CA 94066, USA. When you use one of our sites with YouTube features, a connection is established to the YouTube servers. This tells YouTube which of our pages you visited.

If you are logged into your YouTube account, you allow YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

More information about the handling of user data can be found in YouTube’s Privacy Policy at

Contact form / Queries

On our site, you can to send us queries using a contact form. In this form, your information from the contact form (the content of your query) is stored by us, along with the contact information you provide on the form (name, company, telephone, email and state) for the purpose of processing your query and for follow-up questions. We do not disclose these data without your consent. The legal basis for the collection and processing of data is Article 6(1) GDPR.

The information you enter in the contact form is retained by us until you ask us to erase it, revoke your consent to its storage or if the purpose of the data storage is no longer applicable (e.g. after the processing of your query has been completed). Mandatory legal provisions – in particular, retention periods – are not affected.

Email contact

When you send us queries or information by email, your information (email address, content of your email, subject and date of your email) are stored by us, including the contact data given (first name, last name; where appropriate, telephone number and address) for the purpose of processing the query and for follow-up questions. We do not disclose these data without your consent. The legal basis for the collection and processing of data is Article 6(1) GDPR.

The user is advised that emails can be read or changed without authorization and without being noticed during transfer. Harro Höfliger GmbH uses software that filters undesirable email messages (spam filter). Email messages can be rejected by a spam filter if they are falsely identified as spam due to certain characteristics.

The information you enter is retained by us until you ask us to erase it, revoke your consent to its storage or if the purpose of the data storage is no longer applicable (e.g. after the processing of your query has been completed). Mandatory legal provisions – in particular, retention periods – are not affected.

Subscription to our newsletter

On our website, you can subscribe to our company’s newsletter. We use the newsletter to inform our clients and business partners about our company’s offerings on a regular basis. To do this, we require a valid email address from you, as well as information that allows us to check that you are the owner of the email address entered and have agreed to receive the newsletter. Other information is not collected, or is only collected on a voluntary basis. For legal reasons, a confirmation email is sent to the email address entered for a data subject the first time it is entered, as part of a double opt-in procedure. We use these data exclusively to send the newsletter and do not disclose them to third parties. The legal basis for the collection and processing of data is Article 6(1) GDPR.

During the newsletter registration, we also store the IP address provided by the Internet service provider (ISP) of the computer used by the data subject at the time of registration, as well as the date and time of registration. Collecting these data is necessary as part of our safeguards to trace the (possible) misuse of a data subject’s email address at a later point.

You can revoke your consent to the storage of the data and email address, as well as the use of this information to send the newsletter, at any time, for example, by clicking the “unsubscribe” link in every newsletter. Alternatively, you are welcome to send your unsubscribe request by email at any time to The legality of the data-processing operations is unaffected by the revocation.

We store the data you have deposited with us for the purposes of subscribing to the newsletter until your removal, and erase them after you have unsubscribed from the newsletter.

Career area / Online application

On our website, you can use the career area and/or send applications by email. The personal data (basic information, contact information, attachments such as cover letters, resumes, references, etc.) from candidates are collected and processed for the purposes of carrying out the application procedure. The processing can also be performed electronically. This occurs, in particular, when a candidate sends the pertinent application documents, for instance, by email or via a web form on the site to the controller. If the controller concludes an employment contract with a candidate, the data transmitted for the purpose of entering into the employment relationship are stored in accordance with legal provisions. If the controller does not conclude an employment contract with the candidate, the application documents are automatically erased six months after notification of the decision to reject, as long as no other legitimate interests on the part of the controller prevent this. In such a case, other legitimate interests, would include the burden of proof in a process under the General Act on Equal Treatment (AGG). The legal basis for the collection and processing of data is Article 6(1) GDPR.

Web fonts

For the uniform presentation of fonts, this site uses web fonts that have been prepared by When accessing a site, your browser loads the necessary web fonts in a cache in order to display the text and fonts correctly.

The browser you use must establish a connection to the servers for this purpose. This informs the provider that your IP address was used to access our website. Web fonts are used in the interest of displaying our online offerings in a consistent and attractive manner. This represents a legitimate interest within the meaning of Article 6(1)(f) GDPR.

If your browser does not support web fonts, a standard font will be used from your computer.

You can find more information about web fonts at and in the Privacy Statement at:



Duration of retention

In principle, we store your data for as long as it is necessary for the delivery of our online offerings and the related services, or as long as provided by the European regulatory authorities or another legislative authority in laws or provisions to which the controller is subject. In all other cases, we erase personal data after their purpose has been fulfilled, with the exception of such data as we must continue to store to meet legal obligations (for example, we are obliged by retention periods under tax and commercial law to retain documents such as contracts and invoices for a certain period).

Disclosure to third parties

We disclose your data to certain third parties that provide external services for us (processors) for the purpose of being able to provide applications and services. These include newsletter services, IT providers, etc. Disclosure to other third parties may occur in order to fulfill our obligations (authorities, banks, social insurance agencies, etc.). Third parties process the data according to our instructions; furthermore, they are prohibited from using these data for their own commercial purposes that do not correspond to the agreed-upon purposes.

We must disclose personal data when we are obliged to do so in ongoing court proceedings, on the basis of a decree, or by law (Article 6(1)(f) GDPR).

We only disclose your personal data to third parties if

  • you have communicated your explicit consent to this under Article 6(1)(a) GDPR,
  • the disclosure is necessary under Article 6(1)(f) GDPR on assertion, exercise or defense of legal rights and there is no reason to believe that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • a legal obligation to disclose exists under Article 6(1)(c) GDPR, and
  • this is permitted by law and required for the processing of contractual relationships with you in accordance with Article 6(1)(b) GDPR.

If the processing of your data takes place outside of Europe, e.g. in India, Brazil, China, Switzerland, Singapore or in the USA, this transfer occurs in compliance with all current data protection laws, and especially with Article 44(f) GDPR.

Technical security

Harro Höfliger GmbH employs technical and organizational security measures to protect your data administered by us against accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously being improved in accordance with technological development.

This site uses SSL (secure socket layer) encryption with the highest level of encryption supported by your browser for the purpose of the security and protection of transfers of confidential content such as queries you send to us as a website operator. You can tell if an individual page on our website is being transmitted using encryption if the browser’s address line changes from “http://” to “https://”, and the lock symbol is shown in the address bar.

When SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Please note that the transfer of data over the Internet (e.g. by email) may be vulnerable to security breaches. It is not possible to completely protect data from being accessed by third parties.

Legal basis for processing

Article 6(1)(a) GDPR serves as a legal basis for our company’s data processing operations, under which we obtain consent for a specific processing objective. If the processing of personal data is necessary for the fulfillment of a contract to which the data subject is a party, as may be the case for data processing operations that are necessary for the delivery of goods or the provision of a particular service or contribution, the processing is based on Article 6(1)(b) GDPR. The same applies to data processing operations that are necessary to carry out pre-contractual measures, for example in the event of queries regarding out products or services. If our company is subject to a legal obligation that necessitates the processing of personal data, such as the fulfillment of tax obligations, then processing is based on Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary in order to protect the vital interests of the data subject or another individual. This would be the case, for example, if a visitor to our business were to be injured and their name, age and health insurance data or other vital information has to be disclosed to a doctor, hospital or other third party. In that case, processing would be based on Article 6(1)(d) GDPR. Finally, data processing operations could be based on Article 6(1)(f) GDPR. Data processing operations that are not covered by any of the legal bases indicated above are supported by this legal basis if the processing is necessary to safeguard a legitimate interest of a company or a third party, as long as it does not override the interests and fundamental rights and freedoms of the data subject. If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is carrying out our business activities in the interest of the well-being of all of our employees and customers.

Legal or contractual provisions on the provision of personal data, necessity for the conclusion of the contract, obligation of the data subject to provide personal data, possible consequences of non-provision

You should be aware that the provision of personal data is sometimes legally required (e.g. tax provisions) or can come about as a result of contractual provisions (e.g. Information on the contractual partner). From time to time, it can be necessary for the conclusion of a contract for a data subject to make personal data available to us that subsequently have to be processed by us. The data subject may be obliged to provide us with personal data when our company concludes a contract with them. The consequence of not providing personal data is that the contract cannot be concluded with the data subject. Before the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will make the data subject aware, on a case-by-case basis, of whether the provision of personal data is legally or contractually required, or necessary for the conclusion of the contract, and whether there is an obligation to provide personal data, and what consequences the failure to provide personal data would have.

Notice for underage persons

This online offering is not aimed at children younger than 16. Persons who have not yet reached the age of 16 may not send any personal data to Harro Höfliger GmbH without the consent of their legal guardians.

Rights of the data subject

You have the right to information regarding the data stored by us, the duration of the data retention, the reason and legal basis for the storage and the origin and recipients of disclosures. Inaccurate data must be corrected, data that is unlawfully stored or no longer required must be erased. In addition, the data subject has the right of objection, a right to restriction of processing and the right to data portability.

This information will be prepared at your request. This information is free of charge.

You also have the right to file a complaint with a supervisory authority.

Revocation of consent to data processing

Certain data processing operations are only possible with your explicit consent. You can revoke consent at any point after granting it. An informal email notification to suffices for this purpose. The legality of the data-processing carried out until the revocation is unaffected by the revocation.


Responsible authority and contact information of the external data protection officer

Responsible authority:

Harro Höfliger Verpackungsmaschinen GmbH

Helmholtzstraße 4

71573 Allmersbach im Tal

Tel.: +49 7191 501 0



Contact information of the external data protection officer:

Steffen Zimmer

Zimmer EDV GmbH

Tel.: +49 7127 928 94 0