Privacy policy

Thank you for visiting our website. Compliance with data protection regulations is of particular importance to us. The purpose of this Privacy Policy is to inform you, as a user of this website, about the nature, scope and purpose of the processing of personal data, as well as the rights to which you are entitled if you are a data subject within the meaning of Art. 4(1) of the General Data Protection Regulation (GDPR).

1. Controller

This website and the associated services are operated by:

Sörensen Hydraulik GmbH
Osterrade 3
21031 Hamburg
Germany

Phone: +49 (0) 40 / 739 606 0
Email: info@soerensen.de

2. Data Protection Officer

We have appointed a Data Protection Officer:

Herold Unternehmensberatung GmbH
Mr. Philipp Herold
Hafenstraße 1a
23568 Lübeck
Email: datenschutz@hub24.de

3. General Information

We designed our website to collect as little personal data from you as possible. We ensure that your personal data is processed only on the basis of a legal ground or your consent. We comply with the provisions of the GDPR, which has been applicable since 25 May 2018, as well as the relevant national data protection laws, such as the German Federal Data Protection Act (BDSG), the Telecommunications and Telemedia Data Protection Act (TDDDG), or other specific data protection regulations.

4. Purpose and Legal Basis of Processing Personal Data

We process your personal data strictly for specified purposes.

In summary, we process your personal data for the following purposes:

To technically operate our website and provide the information contained therein (e.g., IP address, cookies, browser information).
To send newsletters with information on our services and updates (e.g., name, email address).
To enter into and fulfil contracts for our services (e.g., purchase contracts via our online shop).
To provide you with additional information within various login areas.
To receive and process your job applications.

Legal basis for processing:

For the execution of contracts or pre-contractual measures (Art. 6(1)(b) GDPR).
Based on your consent (Art. 6(1)(a) GDPR).
For the protection of our legitimate interests, provided that your interests or fundamental rights do not override ours (Art. 6(1)(f) GDPR).
When we use external service providers acting as processors, processing is carried out under Art. 28 GDPR.

5. Collection of Personal Data When Visiting Our Website

When using our website solely for informational purposes, we only collect the personal data your browser transmits to our server. This data is necessary for displaying our website and ensuring stability and security (legal basis: Art. 6(1)(f) GDPR):

IP address
Date and time of the request
Time zone difference to GMT
Content of the request (specific page)
Access status/HTTP status code
Amount of data transmitted
Website from which the request originates
Browser
Operating system and interface
Language and version of the browser software

Hosting

This website is hosted by an external service provider:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen

We have concluded a Data Processing Agreement (DPA) with Hetzner in accordance with Art. 28 GDPR.

Cookies are also stored on your device when using our website. For further information, please refer to the “Cookies” section and our consent management tool.

6. Integration of Third-Party Services

We use content and services from third-party providers, such as tools that analyse website visits. For such services to display data in your browser, your IP address must be transmitted.

We strive to use providers that process IP addresses only for content delivery or use anonymised IP addresses. However, we cannot influence whether the IP address may be stored.

Google Analytics

Nature and scope of processing
We use Google Analytics 4 (Google Ireland Limited, Dublin) to statistically analyse website use. This includes page views, time spent, browser type, and interactions. Google Analytics uses cookies, scripts, pixels, and machine-learning-based algorithms.

Legal basis
Processing is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG.
Data may be transferred to the United States under the adequacy decision for the EU–U.S. Data Privacy Framework (DPF) (Art. 45 GDPR).

Storage period
Data storage is determined exclusively by Google. See Google’s privacy policy: https://policies.google.com/privacy.

Mapbox Maps

Mapbox (Mapbox, Inc., Washington, DC, USA) is used for route descriptions. When accessing the map, your IP address and possibly browser data are transmitted to Mapbox servers.

Processing is based on your consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG.
Data transfers to the U.S. follow the EU–U.S. DPF adequacy decision.

Mapbox’s privacy policy: https://www.mapbox.com/legal/privacy/.

7. Cookies

Cookies are small text files stored on your device that contain settings and details necessary for communication with our systems.

Cookies allow us to:

Recognise your device upon return.
Store your preferences.
Improve website performance and speed.

We also use cookies from third-party providers. Details can be found in the consent tool and the providers’ notices.

If you block cookies, some functionalities may not be available.

8. Contact

When you contact us via email, we store the data you provide in order to process your request.

Legal basis:

Art. 6(1)(b) GDPR (pre-contractual measures), or
Art. 6(1)(f) GDPR (legitimate interest), or
Art. 6(1)(a) GDPR (consent), if applicable.

9. Online Shop

To place orders, you must provide the personal data required to process the purchase. This may include sharing payment data with financial institutions.

Customer account registration requires:

Name
Delivery/invoice address
Bank details
Email address
Password

Data must be retained for 10 years under commercial and tax law.

Order processes are encrypted via TLS.

We use service providers for shipping, payment processing, and credit checks (legal basis: Art. 6(1)(b) GDPR).

10. Application Process

Applications are processed exclusively for recruitment purposes, based on § 26(1) and (2) BDSG.

If your application is rejected, your data is deleted after 6 months unless you consent to further storage.

If employment results, data becomes part of the personnel file.

Email applications are transmitted unencrypted.

11. Social Media Presence

We operate profiles on social networks, particularly LinkedIn, to communicate with users and present our services.

Data may be processed outside the EU, where equivalent data protection levels may not exist.

Profile operators and the platform provider act as joint controllers under Art. 26 GDPR for insights/analytics data.

Plattform	Responsible body	Data protection information from the platform operators
LinkedIN	LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland	https://de.linkedin.com/legal/privacy-policy?

We process only:

Usernames
Comment content
Messages sent via platform
Public profile information

12. Newsletter

Newsletter subscription uses a double opt‑in procedure. Required data: email address.

Legal basis: Art. 6(1)(a) GDPR.

You may withdraw consent at any time.

Tracking
Newsletters contain tracking pixels to analyse user behaviour. You may opt out at any time.

13. Intranet Login Area

The intranet is used internally for offers, customer orders and information.
Legal bases: Art. 6(1)(b) and Art. 6(1)(f) GDPR.

14. Supplier Portal

Suppliers log in to access orders and documents. This requires personal login credentials.

Legal basis: Art. 6(1)(b) GDPR.

15. Warranty Portal

Registered customers may submit warranty claims. Processing requires personal and product-related data.

Legal basis: Art. 6(1)(b) GDPR.

16. Data Subject Rights

You have the following rights under GDPR:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to withdraw consent (Art. 7(3) GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Right to Object (Art. 21 GDPR)

You may object to processing based on legitimate interests or for direct marketing purposes.

To exercise your rights, send an email to: dsb@soerensen.de

17. Disclosure of Personal Data

Data is disclosed only when legally required, for contract fulfilment, or within the scope of commissioned processing under Art. 28 GDPR.

Transfers to non‑EU countries occur only under adequate safeguards (e.g., EU Standard Contractual Clauses, Binding Corporate Rules, or adequacy decisions).

18. Data Security

We secure our website using technical and organisational measures, including SSL/TLS encryption.

19. Storage Period

Personal data is deleted when it is no longer needed for its original purpose and no legal retention periods apply.

20. References and Links

External websites linked from ours are not covered by this Privacy Policy. Please refer to the privacy policies of those third‑party sites.