Skip to content

Data protection guidelines HEMA Group

European locations

1. Introduction

HEMA Maschinen- und Apparateschutz GmbH offers HEMA a broad product portfolio all around the production machines. Over 600 employees work in the HEMA Group worldwide at locations in Germany, Italy, Romania, China and the USA. An international network of experienced sales partners ensures close contact with our customers on site.


2. Basics

2.1 Creation, updating and quality assurance

The data protection officer is responsible for creating and updating this data protection policy. As part of quality assurance, the data protection officer checks the accuracy of the content and the organizational timeliness. The data protection guidelines can be adjusted during the year and must be subjected to quality assurance at least every three years..
 

2.2 Management responsibility

The Management bears overall responsibility for compliance with data protection in their company. This includes a visible commitment and a clear commitment to data protection.
The management

  • establishes the strategic data protection guidelines and ensures their enforcement within the scope of validity,
  • implements a data protection organization and names clear responsibilities,
  • provides adequate resources,
  • calls for a role model function at all other management levels,
  • responds consistently to violations.
     
2.3 Scope

The personal data processed by HEMA Group in physical and digital form is processed in compliance with data protection laws and applicable regulations.
 

3. Goal

 Data protection is a matter of course for the HEMA Group when handling personal data and is therefore taken into account in all business processes and is fundamentally based on the 
requirements of the EU General Data Protection Regulation (GDPR).
Relevant national regulations and legislation supplement these basic requirements and are also adhered to by the HEMA Group.


4. Principles of data protection

Data protection is a matter of course for the HEMA Group when handling personal data and is therefore taken into account in all business processes and is fundamentally based on the 
requirements of the EU General Data Protection Regulation (GDPR). Relevant national regulations and legislation supplement these basic requirements and are also adhered to by the HEMA Group.
 

4.1 Lawfulness of data processing

The HEMA Group ensures that personal data is only processed lawfully, i.e. H. that, for example, there is effective consent from the data subject or that the data is processed on another permissible legal basis.
 

4.2 Data processing in good faith

Persons whose personal data are processed by the HEMA Group within the meaning of the GDPR can rely on the HEMA Group only collecting, storing, using and deleting their data in accordance with the GDPR and other relevant legal provisions.
 

4.3 Transparency

Persons whose personal data are processed by the HEMA Group within the meaning of the GDPR will be informed about their rights, the purpose and the responsibilities for the processing in accordance with the GDPR and the other relevant legal provisions when data is collected. When you exercise your right to information, you will receive the information to be provided in written form.

4.4  Purpose limitation

The purposes of data processing are determined by the HEMA Group when personal data is collected. Further processing for other purposes is possible in exceptional cases, provided that the purposes of further processing are not incompatible with the original collection purposes and there is a legal basis for this.
 

4.5 Data Minimization 

The personal data stored and used is appropriate for the purpose and is limited to what is necessary for the purposes of processing
 

4.6 Storage time limitation

Data from those affected is stored by the HEMA Group in such a way that a person can only be identified for as long as it is necessary for the purposes of processing.
 

4.7 Integrity and Confidentiality

Personal data is processed in a manner that ensures appropriate security of the data. This also includes protection against unauthorized and unlawful processing and against accidental loss, destruction or damage to personal data. HEMA ensures appropriate security through a variety of tech-nical and organizational measures.and organizational measures.  These measures are based on the state of the art and the identified necessary protection needs. Risk-based data protection impact assessments lead to effective protection mechanisms, such as access restrictions, access limitations, deletion concepts, secure encryption measures and measures for securing and rapid emergency recovery of data.
 

5. Data protection officer and organization 

The management is responsible for establishing an adequate data protection organization, it has appointed a person responsible for implementing the data protection organization. This person serves as the central contact person for the topic of data protection and is in particular responsible for introducing and maintaining the data protection described in this data protection policy and for ensuring compliance with the regulations set out there in the company.

As part of the performance of his duties, the data protection officer is given the following powers and rights:

  • Conception and draft of the public data protection guidelines and the data protection guidelines for submission to the management of the HEMA Group for resolution.

He decides all other topic-related implementation guidelines on his own authority, if necessary in coordination with other specialists

  • Access rights for justified reasons and at reasonable discretion to all areas relevant to data protection
  • Information and systems
  • Direct access to employees at all levels (including management) on justified grounds and at reasonable discretion regarding data protection-related topics and events.
     

If you have any questions about data protection, you can contact the HEMA Group data protection officer as follows:
HEMA Maschinen- und Apparateschutz GmbH
Sebastian Becker, Data Protection Officer
Am Klinggraben 2
63500 Seligenstadt
E-Mail: sebastian.becker@hema-group.com
Phone: +49(0)6182/773-3040 
 

6. Data Protection Management System (DPMS)

Achieving data protection goals and implementing data protection principles are supported by the introduction and maintenance of a DPMS. This management system ensures that HEMA Group employees have the necessary knowledge of data protection regulations and take the appropriate measures to maintain trust between those affected, the organization and the supervisory authorities.
 

7. Enforcement

A data protection management system is developed and maintained, which ensures that the employees and contractors of the HEMA Group observe data protection regulations and ensure compliance with customers, employees, contractors, service providers and suppliers.

 

Valid: 01.05.2024, V1.0