Skip to content

H2APEX Privacy Policy Our privacy policy

Privacy policy of the H2APEX Group SCA

We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation laws applicable to us. This privacy policy provides you with comprehensive information about the processing of your personal data by H2APEX Group SCA and the rights to which you are entitled.

Personal data is information that makes it possible to identify a natural person. This includes in particular your name, date of birth, address, telephone number, e-mail address, but also your IP address.

Data is anonymous if no personal reference to the user can be established.


Responsible body and data protection officer

H2APEX Group SCA
19, rue de Flaxweiler
6776 Grevenmacher
Luxembourg

Phone: +352 28 38 47 20
Fax: +352 28 38 47 29
E-mail:
Web: www.h2apex.com

Contact of the data protection officer


Your rights as a data subject

First of all, we would like to inform you here about your rights as a data subject. These rights are standardized in Art. 15 – 22 EU GDPR. This includes:

  • The right to information (Art. 15 EU GDPR),
  • The right to erasure (Art. 17 EU GDPR),
  • The right to rectification (Art. 16 EU GDPR),
  • The right to data portability (Art. 20 EU GDPR),
  • The right to restrict data processing (Art. 18 EU GDPR),
  • The right to object to data processing (Art. 21 EU GDPR).

To assert these rights, please contact:

The same applies if you have any questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.


Rights of objection

Please note the following in connection with rights of objection:

If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is associated with direct advertising.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally, if possible to:

In the event that we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

Purposes and legal bases of data processing

When processing your personal data, the provisions of the EU GDPR and all other applicable data protection regulations are complied with. The legal basis for data processing arises in particular from Art. 6 EU GDPR.

We use your data to initiate business, to fulfill contractual and legal obligations, to implement the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.

Your consent also constitutes a data protection authorization provision. We will inform you about the purposes of data processing and your right of withdrawal. If the consent also relates to the processing of special categories of personal data, we will expressly point this out to you in the consent, Art. 88 para. 1 EU GDPR.

Processing of special categories of personal data within the meaning of Art. 9 (1) EU GDPR only takes place if this is required by law and there is no reason to assume that you have an overriding legitimate interest in the exclusion of processing, Art. 88 (1) EU GDPR. 1 EU GDPR.

Disclosure to third parties

We will only pass on your data to third parties within the framework of the statutory provisions or with the appropriate consent. Otherwise, your data will not be passed on to third parties unless we are obliged to do so due to mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).

Recipients of the data / categories of recipients

Within our company and the H2APEX Group, we ensure that only those persons receive your data who need it to fulfill their contractual and legal obligations.

In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection contracts were concluded with all service providers.

Third country transfer / intention to transfer to a third country

Data will only be transferred to third countries (outside the European Union or the European Economic Area) if this is necessary for the performance of the contractual relationship, is required by law or if you have given us your consent to do so.

We transfer your personal data to a service provider or to group companies within the European Economic Area.

Compliance with the level of data protection is ensured by:

  • Conclusion of data protection contracts.

Storage duration of the data

We store your data for as long as it is required for the respective processing purpose. Please note that numerous retention periods mean that data (must) continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. DBG). If there are no further retention obligations, the data will be routinely deleted once the purpose has been achieved.

In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within the scope of statutory limitation periods, the regular limitation period is 10 years.

Secure transfer of your data

We use appropriate technical and organizational security measures to protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.

The exchange of data to and from our website is encrypted. We offer HTTPS as the transmission protocol for our website, using the latest encryption protocols. We also offer our users content encryption for contact forms and applications. Only we are able to decrypt this data. It is also possible to use alternative communication channels (e.g. by post).

Obligation to provide the data

Various personal data are necessary for the establishment, execution and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

We have summarized the details for you in the point above. In certain cases, data must also be collected or made available due to legal provisions. Please note that it is not possible to process your request or execute the underlying contractual relationship without providing this data.

Categories, sources and origin of the data

Which data we process is determined by the respective context: this depends on whether, for example, you place an order online or enter an inquiry in our contact form, whether you send us an application or submit a complaint.

Please note that we may also provide information for special processing situations separately in a suitable place, e.g. when uploading application documents or in the event of a contact request.

We collect and process the following data when you visit our website:

  • Name of the Internet service provider
  • Information about the website from which you are visiting us
  • Web browser and operating system used
  • The IP address assigned by your Internet service provider (anonymized)
  • Requested files, transferred data volume, downloads/file export
  • Information about the websites you visit on our site, including Date and time

For reasons of technical security (in particular to defend against attempted attacks on our web server), this data is processed in accordance with Art. 6 (1) lit. F EU-DS-GVO stored. After 7 days at the latest, anonymization takes place by shortening the IP address so that no reference to the user is established.

We collect and process the following data as part of a contact request:

  • Surname, first name
  • Contact details (telephone number, e-mail address)
  • Salutation
  • Subject and message

We collect and process the following data for newsletters:

  • Surname, first name
  • E-mail address
  • Salutation
  • Analysis data from newsletter evaluation

Contact form / contact by e-mail (Art. 6 para. 1 lit. a, b EU-GDPR)

There is a contact form on our website that can be used to contact us electronically. If you write to us via the contact form, we will process the data you provide in the contact form to contact you and answer your questions and requests.

The principle of data minimization and data avoidance is observed in that you only have to provide the data that we absolutely need to contact you. These are your e-mail address and the message field itself. In addition, your IP address is processed for technical reasons and for legal protection. All other data are voluntary fields and can be entered optionally (e.g. for a more personalized response to your questions).

If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your request.

Newsletter (Art. 6 para. 1 lit. a EU-GDPR)

You can subscribe to a free newsletter on our website. The e-mail address and your name provided when registering for the newsletter will be used to send you the personalized newsletter.

The principle of data minimization and data avoidance is observed here, as only the e-mail address (or name in the case of personalized newsletters) is marked as a mandatory field. For technical reasons and for legal protection, your IP address is also processed when you subscribe to the newsletter

You can of course unsubscribe at any time using the unsubscribe option provided in the newsletter and thus revoke your consent. It is also possible to unsubscribe from the newsletter at any time directly via our website.

This website uses the services of MailChimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service that can be used to organize and analyse the sending of newsletters, among other things. If you enter data for the purpose of subscribing to the newsletter (e.g. e-mail address), it will be stored on MailChimp’s servers in the USA.

MailChimp is certified in accordance with the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA that is intended to ensure compliance with European data protection standards in the USA.

With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (known as a web beacon) connects to MailChimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not wish to be analyzed by MailChimp, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website.

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

For more information, please refer to MailChimp’s privacy policy at: https://mailchimp.com/legal/terms/.

Advertising purposes for existing customers (Art. 6 para. 1 lit. f EU GDPR)

The H2APEX Group SCA is interested in maintaining the customer relationship with you and sending you information and offers about our products/services, invitations to events and trade fairs. We therefore process your data in order to send you relevant information and offers by e-mail.

If you do not wish this, you can object to the use of your personal data for the purpose of direct advertising at any time; this also applies to profiling insofar as it is associated with direct advertising. If you object, we will no longer process your data for this purpose.

The objection can be made free of charge and without giving reasons and should preferably be sent to +352 28 38 47 20, by e-mail to or by post to H2APEX Group SCA, 19 rue de Flaxweiler, 6776 Grevenmacher, Luxembourg.

You can of course send us your application documents at any time without giving reasons with effect for the future by telephone on +352 28 38 47 20, by e-mail to or by post to H2APEX Group SCA, 19 rue de Flaxweiler, 6776 Grevenmacher, Luxembourg The same contact options are available to you if you wish to inform us that we may no longer process your applicant data or if you wish to make use of the rights to which you are entitled as a data subject.

Automated decisions in individual cases

We do not use purely automated processing to reach a decision.

Cookies (Art. 6 para. 1 lit. f EU-GDPR / Art. 6 para. 1 lit. a EU-GDPR with consent)

Our Internet pages use so-called cookies in several places. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard disk).

These cookies enable us to analyze how users use our websites. This enables us to design the website content to meet the needs of visitors. Cookies also enable us to measure the effectiveness of a particular advertisement and to place it according to the thematic interests of the user, for example.

Most of the cookies we use are so-called “session cookies”. These are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer when they expire (usually six months) or you delete them yourself before they expire.

Most web browsers accept cookies automatically. However, you can usually change your browser settings if you prefer not to send the information. You can then still use the offers on our website without restrictions (exception: configurators).

We use cookies to make our website more user-friendly, effective and secure. In addition, we use cookies that enable us to analyze how users use our websites. This allows us to design the content according to visitor needs. Cookies also enable us to measure the effectiveness of a particular advertisement and to place it according to the thematic interests of the user, for example.

Cookies are stored on the user’s computer and transmitted by it to our site. As a user, you therefore also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers.

Please note: If you deactivate the setting of cookies, you may not be able to use all functions of our website to their full extent.

User profiles / web tracking procedure
Google Analytics:

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website: Deactivate Google Analytics.

You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Demographic characteristics in Google Analytics

This website uses the “demographic features” function of Google Analytics. This allows reports to be created that contain information on the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.

Links to other providers

Our website also contains – clearly recognizable – links to the websites of other companies. Where links to websites of other providers are available, we have no influence on their content. Therefore, no guarantee or liability can be assumed for this content. The respective provider or operator of the pages is always responsible for the content of these pages.

The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of an infringement. If we become aware of any legal infringements, such links will be removed immediately.