Privacy Policy

 

We appreciate your interest in our website and in our products and services. The protection of your privacy is just as important to us as our quality standards for our safes and our range of services relating to the subject of safes including the protection of your assets. In designing this website, we are committed to comply with applicable legislation, to the protection of personal data and to data security.

 

General Notes:

The following information provides a simple overview of what happens to your personal data when you visit our website or get in touch with us. Personal data is any data with which you can be personally identified. For detailed information on the subject of data privacy, please refer to our privacy policy listed below this paragraph.

 

Index of contents

1. Obligation to inform data subjects

2. Scope

3. Name and address of the responsible body

4. Data protection officer

5. Definitions

6. Types of business-related data processed

7. Categories of affected persons

8. Purposes of processing

9. Relevant legal basis for processing

10. Handling of contact data

11. Sending e-mails for contact

12. Contact form

13. Data collection at the web server operator

14. Embedded videos

15. Privacy settings

16. Cookies

17. Google Analytics

18. Use of the Google Tag Manager 

19. Use of Google AdSense 

20. Google Web Fonts

21. YouTube

22. Online appearances in social networks

23. Explanations on the use and deployment of Facebook

24. Explanations on the use and deployment of Instagram

25. Content Delivery Network

26. Deletion and blocking of personal data

27. Rights of the data subject

28. Right of withdrawal

29. Right to object

30. Automated decision-making

31. Security / Secure data transmission

32. Updating the privacy policy

33. Claiming the rights of persons concerned

 

 

 

 

Obligation to inform data subjects

With the following text, we inform you in detail about the handling of your data, which you leave behind – knowingly or unknowingly – when you visit our website or contact us via an Internet connection. We would like to inform you of the circumstances in which information is collected from you, how it is handled and to whom it may be made available. We explain to you which data we collect, what we use it for and how and for what purpose this is done. Furthermore, as a data subject, you will be informed of the rights to which you are entitled by this data protection declaration.

 

Scope

This Privacy Policy is intended to inform users of these websites publicly about the nature, scope and purpose of the collection and use of personal data by the website operator [Heindl GmbH, Germany] in accordance with the European General Data Protection Regulation and in accordance with the country-specific data protection regulations and the Telemedia Act. The website operator takes your data protection very seriously and treats your personal data responsibly and in accordance with legal regulations.

We would like to point out that data transmission through public networks (e.g. when communicating via e-mail on the Internet) may have security vulnerabilities. Complete and consistent protection of the data, in particular metadata from access by third parties, is not possible. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone or by post.

 

Name and address of the responsible body

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data privacy nature is:

Heindl GmbH
Eichenring 7
D-90552 Röthenbach
Germany

represented by
Mr. Thomas Heindl

Telephone: +49 (0) 175 574 99 99

E-Mail:   info[at]heindl-germany.com

You can find information about our imprint via the following link www.heindl-germany.com/index.php/en/imprint/.

 

Data protection officer

We have not appointed a data protection officer for our company.
Please address questions about data privacy to the contact details of the responsible body.

 

Definitions

The data protection declaration of the Heindl GmbH is based on the terms used for the adoption of the General Data Protection Regulation (GDPR). For a complete overview of the terminology used, such as “cross-border processing” or “processor”, we refer to the definitions in Art. 4 of the GDPR. Our privacy policy should be easy to read and understand. In order to ensure this, we would like to explain in advance the most important, explicitly used terms.

In this data protection declaration, we use the following terms:

a) personal data

Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) data subject

The data subject is any identified or identifiable natural person whose fundamental rights and freedoms, and in particular their right to the protection of personal data, may be affected by the processing and free movement of such data.

c) processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) controller or authority responsible for the processing

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

e) recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data under a specific investigation mandate under Union or Member State law shall not be regarded as recipients. The processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

f) third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

g) consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

Types of business-related data processed

 – Inventory data (e.g., names, addresses)

 – Contact details (e.g., names, e-mail addresses, telephone numbers)

 – Contract data (e.g., subject matter, duration, customer category)

 – Payment data (e.g., bank details, transaction data)

 – Content data (e.g., text inputs, photographs, videos)

 – Usage data (e.g., websites visited, interest in content, access times)

 – Metadata/communication data (e.g., device information, IP addresses, network logging)

We process this data of our customers, prospective customers and business partners for the purpose of providing contractual services, service and customer care, marketing and advertising.

 

Categories of affected persons

 – Visitors and users of this online offer

 – Interested parties who come into contact with us

 – Existing customers who inform themselves or get in touch with us

(In the context of this privacy policy, the data subjects are collectively referred to as “users”.)

 

Purpose of processing

 – Provision of the online offer, its functions and contents

 – Answering contact requests and communication with users, customers and interested parties

 – Security measures

 – Marketing

We will collect, process and use the personal data you provide online only for the purposes we have informed you about. 

The collection, processing and use may also take place for a purpose that is directly related to the original purpose for which the personal data was collected. 

Furthermore, personal data may be collected on the basis of legal obligations or an administrative or judicial order, or to justify or protect legal claims or to prevent illegal activities.  

We will not sell or market your personal data to third parties or for any other reason.

 

Relevant legal basis for processing

In accordance with the information obligation of Art. 13 GDPR, we inform you of the legal basis of our data processing. 

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in processing operations necessary for the delivery of goods or the provision of any other service or service in return, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. 

The legal basis based on Art. 6 I lit. a and Art. 7 GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. 

In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or of another natural person. For this purpose, Art. 6 I lit. d GDPR would serve as the legal basis for the processing. This would be the case, for example, if a visitor was injured in our office and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third parties.

Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is based on processing operations that are not covered by any of the aforementioned legal bases if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator as a recital. The legislator took the view that a legitimate interest in carrying out the general business could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).  

We would like to point out that as the provider of this website, we could be obliged by public authorities to provide personal data.

 

Handling of contact data

Personal data is collected and stored by us when you provide it to us on your own initiative, for example when you contact us. If this concerns information about communication channels (e.g., e-mail address, telephone number), you also agree that we may also contact you via this communication channel in order to process and answer your request. This information is communicated explicitly on a voluntary basis and with your consent. Of course, we will use the personal data transmitted to us in this way exclusively for the purpose for which you make it available to us when you contact us. Inquiries and related contact data are processed by Dr. Heindl Tresore GmbH & Co. KG, Laufamholzstraße 375, D-90482 Nürnberg, Germany on the basis of a contractual relationship. This data will not be passed on to other third parties.

If you have given us consent to send you occasional e-mails, we will contact you when the opportunity arises to provide you with news from our company.

 

Sending e-mails for contact

If you contact us via the above e-mail contact data of the controller or via the e-mail addresses named on this website, we will also communicate with you by e-mail. The data you provide in the context of this e-mail communication will be processed via the mail servers of the service provider ALL-INKL.COM. The controller for the processing of personal data is ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, D-02742 Friedersdorf, Germany. For further information, please refer to the data protection notice of the service provider ALL-INKL.COM at all-inkl.com/datenschutzinformationen/.  

A transfer to third parties outside our network does not take place. A revocation regarding the use of your e-mail address is possible at any time for the future.

Please note that e-mails sent without additional protective measures are neither secured against third-party knowledge nor against any alteration. This concerns both the communication partners and the content of the e-mail. If you want to provide us with confidential information, we recommend that you use alternative means of transmission, e.g., our contact form. Heindl GmbH will not send you any e-mails unsolicited. Should you receive e-mails with alleged sender address from our company that you cannot assign, it is most likely that they are forgeries (so-called fake e-mails) and you should delete them.

 

Contact form

If you send us inquiries via contact form, the information you provide in the inquiry form, including the contact data you enter there, will be stored by us for the purpose of processing the request and in case of follow-up questions. This data is transmitted via systems of the web server and mail server operator (see information about e-mail dispatch and the web server operator). We will not pass on this data without your consent. The processing of the data entered in the contact form takes place only on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. Your contact details will be stored at least until your request has been completed and then deleted. In the event of a legal provision (e.g., contract of sale), your data will be stored in accordance with this statutory time limit.

The data entered by you in the contact form remains with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g., after your request has been processed). An informal message by e-mail to us is sufficient for the revocation or deletion. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. Mandatory statutory provisions – in particular retention periods – remain unaffected.

This site’s contact form uses the WordPress Plugin “Antispam Bee” to prevent or reduce spam. The plugin checks comment content and IP addresses, generates a location reference and searches spam databases in order to block spam-sending mail addresses. The data obtained can be used to define rules for the intended spam filtering. To find out the location, Antispam Bee sends the IP address in anonymized form to the online service IP2Country. The comments texts are sent to the online service franc via an HTTPS connection, and checked there. The WordPress plugin Antispam Bee is hosted on GitHub. Antispam Bee is provided by pluginkollektiv (pluginkollektiv.org, Simon Kraft, Mittelstraße 14, D-70180 Stuttgart, Germany).

 

Data collection at the web server operator

The web server operator – also called web hosting provider – provides access to the website and the web pages of Heindl GmbH on the Internet. The provider’s IT system automatically collects data about every access to this website (so-called server log files). Every visit to our website is therefore logged.

The data collection with the server operator is carried out with the following purpose limitation:

 – detection of and protection against all kinds of cyberattacks (system security);

 – maintaining the operational state of operation (smooth connection establishment and convenient use of the website);

 – monitoring the functionality of server systems (system stability).

Scope of data collection and storage at the web server operator:

With each access to a page from the website of Heindl GmbH and every time a file is retrieved, the web hosting provider stores data about this process in the server log files. During a retrieval, various information about the data transferred from the server to the user is logged. The server log files also store other information that your browser automatically transmits to the web server for technical reasons.

In particular, these are:

 – name of the retrieved file

 – date and time of retrieval

 – volume of data transferred

 – message if the retrieval was successful

 – browser type, version of the browser software, language of the browser

 – operating system used

 – referrer URL (the previously visited page)

 – host name of the requesting device (IP address)

 – time of server request

The web server operator uses the log data only for statistical evaluations for the purposes mentioned above. However, the web server operator reserves the right to retrospectively check the log data if there is a legitimate suspicion of illegal use based on concrete indications. Personal storage of this data does not take place. This data will not be merged with other data sources. Your IP address will be deleted promptly by the web server operator in accordance with the legal requirements.

We cannot conclude from the IP address you currently use, as this data would not be transmitted to us by your provider on request. We cannot – and do not want – understand which user has retrieved which data. Of course, a transfer to third parties does not take place.

The controller for the processing of personal data is ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, D-02742 Friedersdorf, Germany. For further information, please refer to the privacy policy of the provider ALL-INKL.COM at all-inkl.com/datenschutzinformationen/. 

 

Embedded videos

We integrate videos into our website, which are loaded directly from our web server. These videos are played exclusively via WordPress. We also publish information about our products on YouTube. You can reach our presentations on YouTube via the corresponding link. Information about YouTube can be found in a following section in this privacy statement. 

 

Privacy settings

This website sets cookies and uses external media for various purposes. Every visitor to the website must be informed about this and give a compliant consent depending on the conditions of the cookies and external links. This consent is stored in the form of a cookie. The legal basis for the use of the cookie banner is the Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia (§ 25 para. 1 Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG)) and the European General Data Protection Regulation (Article 6 para. 1 lit. a (consent, GDPR)). Details of the cookies are described in the Cookies section.

In order to meet these requirements, a so-called cookie banner is displayed. This cookie banner is a WordPress cookie plugin distributed by Borlabs – Benjamin A. Bornschein, Rübenkamp 32, D-22305 Hamburg, Germany. Information on the data protection of Borlabs – Benjamin A. Bornschein can be found under the link: de.borlabs.io/datenschutz/. The Borlabs Cookie plugin allows every visitor to this website to select via a checkbox or switch button per cookie and per cookie group, which cookies receive their consent (opt-in). The use of Borlab’s cookie does not collect any personal data by the cookie banner itself.

 

Cookies

Cookies are small text files that are transferred and stored by a website via an Internet browser on a computer system – the user’s device. Numerous websites and servers use cookies. Cookies do not cause damage to your computer and do not contain viruses.

So-called http cookies (also “browser cookies”) have a name and a corresponding value (content) and are assigned to the visited website. These cookies are either deleted automatically when the browser is closed (so-called “transient” cookie) or have a defined expiry date (so-called “persistent cookie”). Many cookies contain a unique identifier as a value. Such cookies contain a so-called cookie ID. The cookie ID consists of a string through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.

This website uses cookies to make the website more user-friendly and functional. Thanks to these files, for example, it is possible to store certain settings and data via your browser for exchange with our system and thus display information tailored to individual interests on one page. By means of information stored in cookies, the loading time of the website can be shortened. Security-relevant functions to protect your privacy are also made possible by the use of cookies. One purpose is therefore to best adapt our offer to your customer’s wishes and to make the use of the page as comfortable as possible. We also use cookies for analysis and reach measurement of our website, for statistical evaluation of the use of our websites and for advertising purposes. In accordance with the GDPR, we are obliged to inform our users about the collection and evaluation of such data. The legality of the processing is already justified in the section “Significant legal basis for processing”, in the present case of cookies this is Art. 6 para. 1 lit. a GDPR (consent).

When visiting the website of Heindl GmbH and especially when visiting further links, various cookies can be placed on your system. The following list shows an overview of the cookies we directly influence, which are displayed in the cookie banner described above or can be selected and unselected.

 

Type of cookies Description Cookie name Name Vendor Zweck Laufzeit
Essential (not deselectable) Essential cookies enable basic functions and are necessary for the proper functioning of the website. borlabs-cookie Borlabs Cookie Owner of this website Saves the settings that a visitor selected in the cookie banner of Borlabs Cookie. approx. 1 year
Statistics Statistics cookies help us understand how our visitors use our website. The statistics information is collected with a partially anonymized IP address.

 

 

 

 

_ga

 

 

 

 

Google analytics

 

Google LLC

These cookies from Google for website analyses contain a randomly generated user ID. With this ID, Google Analytics can recognize recurring users on this website and merge the data from previous visits. approx. 2 years

 

_gid

 

approx. 1 day

 

_gat_gtag…

 

This cookie is used to optimize information forwarding to Google and to reduce the amount of data transmitted. approx. 1 minute
Conversion Linker Mit diesem Tag wird die Messung von Klickdaten unterstützt, damit Conversions effektiv erfasst werden können. _gcl_au Google Tag Manager Google LLC Enthält eine zufallsgenerierte User-ID, über die die Klickdaten des Nutzers mit Webseiten verknüpft werden können. ca. 90 Tage

 

You can set your browser software so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies in certain cases or generally prevent the storage of cookies and activate the automatic deletion of cookies when closing the browser. How this works in detail can be found in the instructions of your browser manufacturer. However, we would like to point out that in this case you may not be able to make full use of all functions of this website. Stored cookies can be deleted in the browser’s system settings.

You can object to the use of cookies, which are used for reach measurement and for advertising purposes, in various ways. You can access the deactivation page of the Network Advertising Initiative (NAI) for opt-out and also use the US website of the Digital Advertising Alliance (DAA) for opt-out or the European website Your Online Choices of the European Interactive Digital Advertising Alliance (EDAA).

 

Google Analytics

This website uses functions of the web analysis service Google Analytics for the analysis and statistical evaluation of the use of our websites (web analysis). The provider of this web analysis is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland, a subsidiary of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Web analysis is the collection, accumulation and evaluation of data about the behavior of visitors to websites. Among other things, Google Analytics collects data about the website from which a user has come to a website (so-called referrer URL), which individual subpages of the website were accessed or how often and for which duration a subpage was viewed. The web analysis is used by us to optimize our Internet pages (and, if necessary, for the cost-benefit analysis of Internet advertising). This allows us to design our website adapted to customer behavior.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and allow an analysis of the use of the website by you. The information generated by cookies about your use of this website is usually transmitted to a Google server and stored there. For more information on how Google Analytics handles user data, please see Google’s privacy policy. General information on data protection at Google can be found at policies.google.com/privacy.

Consent to data processing

Before using Google Analytics, we obtain your permission to process cookies for Google Analytics and to use this analyze service in the displayed consent window. In doing so, we comply with Article 6 para. 1 lit. a of the GDPR and § 25 para. 1 of the TTDSG and implement the German data protection authorities’ requirements for consent when using Google Analytics

Prevention of the storage of cookies

You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to make full use of all functions of this website.

Browser-Plugin to object to data collection

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: tools.google.com/dlpage/gaoptout.

An opt-out cookie is set, which prevents the collection of your data during future visits to this website. Your browser must therefore allow the storage of cookies for this purpose. If you delete your cookies regularly, a new click on the link is required every time you visit this website.

IP anonymization

We use the function “Activation of IP anonymization” on this website. However, this will shorten your IP address by Google beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services related to the use of the website and internet to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Transfer to third countries

This service may forward the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for control and surveillance purposes without you being entitled to appeals. This can be the case for various purposes, such as storing or processing. Under the following link you can revoke the processing on all domains of the data processor: safety.google/privacy/privacy-controls/. At the following link you will find the cookie policy of the data processor: policies.google.com/technologies/cookies.

Use of the Google Tag Manager 

This website uses Google Tag Manager, provided you have consented to the use of Google Analytics. Google Tag Manager is a Google tool for managing and configuring data collection by Google Analytics. These settings are defined in our website. As soon as the Google Tag Manager is running, at least your IP address can be forwarded to Google. The provider in Europe is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. 

The Google Tag Manager itself works without cookies, but uses so-called tags and triggers. Tags are information embedded in a website and evaluated by other services. Triggers are events that trigger the activation of tags, e.g., when a user clicks on an active element or scrolls the website. The Google Tag Manager makes the relevant data available to the analysis tool in an appropriate form. General information about the Google services can be found in Google’s privacy policy, further information on Google Tag Manager can also be found at support.google.com/tagmanager/answer/9323295.

 

Google Web Fonts

This website uses only static web fonts available on our web server. Your browser does not connect to an external server for loading these font files (cascading style sheets).

When accessing one of our websites, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. If your browser does not support web fonts, a default font installed on your computer will be used.

 

YouTube

We use videos made available on YouTube to present and promote our products and present our services. The operator of the YouTube platform is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, which is a subsidiary of Google (see sections above). The company providing the service in the European Economic Area and Switzerland is Google Ireland Limited, established in Gordon House, Barrow Street, Dublin 4, Ireland. References to YouTube’s “related companies” refer to the companies of the Alphabet Inc. group, USA. Information on data protection when using YouTube can be found at www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/.

A Link to our appearance on YouTube on this website leads directly to our video presentations. If you are logged in to your YouTube account, YouTube becomes aware of the video you have accessed. YouTube also allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

 

Online appearances in social networks

Heindl GmbH presents its products and services on so-called social networks and provides basic information about it. These appearances are available on Facebook and Instagram. Details are explained in the following paragraphs. Links are inserted on our website that lead directly to our appearances on the aforementioned social networks. 

A social network is a social meeting place operated on the Internet, an online community that usually allows users to communicate with each other and interact in virtual space. Facebook enables users of the social network, among other things, to create private profiles, upload photos and network via friendship requests. Instagram is an online service for sharing photos and videos that also provides a microblog.

Please note that data processing by social networks can take place outside the European Union. We have no influence on the extent of the data that is collected by the operator of the network when visiting our presence in the social networks. We would like to point out that the information you leave on social networks can be publicly accessible, depending on the configuration, and can be viewed by others.

 

Explanations on the use and deployment of Facebook

Heindl GmbH has an appearance on the social network Facebook. Facebook is a social network. The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 

By visiting our Facebook presence while you are logged into your Facebook account at the same time, the content of our information can be linked to your Facebook profile. As the operator of this appearance, we have no possibility of accessing transmitted data, as well as no knowledge of their content and use by Facebook. We have no influence on the extent of the data collected by the use of Facebook. If you are not a member of the social network, there is still the possibility that the provider will find out and store your IP address.

The purpose and scope of the data collection by the further processing and use of the data by the aforementioned service provider as well as your rights in this regard can be found in the respective data protection provisions of the service provider: www.facebook.com/policy.php.

The data policy published by Facebook, which can be accessed at de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which settings Facebook offers to protect the privacy of the data subject. In addition, different applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by you as a data subject to suppress data transmission to Facebook.

 

Explanations on the use and deployment of Instagram

Heindl GmbH has an appearance on the social network Instagram. Instagram is a service offered by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”), a subsidiary of Facebook. An overview of Instagram’s activities can be found at about.instagram.com.

We have no influence on the data protection regulations and settings in Instagram. Additional information about the responsible body for Instagram can be found in the information about the responsible body for Facebook in the previous section. Information on data protection on Instagram can be found at the following link: instagram.com/legal/privacy/.

If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. We would like to point out that the information you leave on Instagram may be publicly available and any personal information that you post or provide upon registration may be viewed by others. We cannot control how other users of our Instagram channel use this information. In particular, we cannot prevent unwanted messages from being sent to you.

 

Content Delivery Network

Our website uses a so-called Content Delivery Network (CDN). This is a network of powerful servers that cache content in different places around the world. Essentially, a CDN has two tasks: On the one hand, content should be made available in the shortest possible time and, on the other hand, relieve the web host by distributing data traffic.

The legal basis for the use of a CDN and the transmission of your data to it is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The legitimate interest arises from our need for a technically flawless and fast presentation of our website and the relief of our IT infrastructure.

 

Deletion and blocking of personal data

The data processed by us will be deleted, blocked or restricted in accordance with Articles 17 and 18 of the GDPR. As soon as personal data is no longer required for its purpose or a prescribed storage period has expired in accordance with statutory retention obligations, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.  

According to the legal requirements in Germany, the storage takes place for a period of 6 years according to § 257 para 1 HGB (trading books, opening balance sheets, annual accounts, inventories, trade letters, accounting documents, etc.) as well as for a period of 10 years according to § 147 para. 1 AO (books, accounting documents, records, management reports, commercial and business letters, documents relevant for taxation, etc.).

 

Rights of the data subject

As a user, you have the right granted pursuant to Art. 15 GDPR para. 1 on your request free of charge to request confirmation as to whether the data concerning you are being processed. 

In accordance with Art. 15 GDPR, you have the right to obtain information on your request free of charge about the data processed by us as well as further information and a copy of the data. This relates, inter alia, to the following information: 

  the processing purposes;

  the categories of personal data being processed;

  the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organizations;

  if possible, the planned duration for which the personal data is stored, or, if this is not possible, the criteria for determining that period, the existence of a right to rectification or erasure of personal data concerning them or restriction of processing by the controller or a right to object to such processing;

  the existence of a right to lodge a complaint with a supervisory authority if the personal data are not collected from the data subject: All available information on the origin of the data.

In accordance with Art. 16 GDPR, you have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you. 

In accordance with Art. 17 GDPR, you have the right to request that data in question be deleted immediately or alternatively to request a restriction or blocking of the processing of the data in accordance with Art. 18 GDPR. An erasure must be carried out if one of the following reasons applies and processing is not necessary:

  The personal data has been collected for such purposes or otherwise processed for which it is no longer necessary.

  The data subject revokes his consent on which the processing was based in accordance with Article 6 para. 1 lit. a of the GDPR or Article 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.

  The data subject objects to the processing pursuant to Article 21 para. 1 of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 para. 2 of the GDPR.

  The personal data has been processed unlawfully.

  The erasure of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

  The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

The right to rectification and deletion can only be fulfilled in accordance with your request if this does not conflict with a legal obligation to retain data (e.g., commercial requirements). 

You have the right to request the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request their transfer to other controllers.  

In accordance with Article 77 of the GDPR, you also have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of their place of residence, place of work or the place of the alleged infringement, if you, as a data subject, consider that the processing of personal data concerning you violates the GDPR.

 

Right of withdrawal

You have the right to revoke granted consent pursuant to Art. 7 para. 3 GDPR with effect for the future.

 

Right to object

You can object to the future processing of the data concerning you at any time in accordance with Art. 21 GDPR. The objection can be made, in particular, against the processing for direct marketing purposes.

 

Automated decision-making

As a responsible company, we do without automatic decision-making or any profiling.

 

Security / Secure data transmission

We strive to take technical and organizational security measures to protect your personal data and confidential content against unintentional or unlawful deletion, alteration or loss and against unauthorized disclosure or unauthorized access. This website uses an encrypted connection, which you recognize by the fact that the address line of the browser changes from “http://” to “https://” and that a lock icon is displayed in your browser line. As transport encryption, we offer HTTPS with Perfect Forward Secrecy and a current version of the encryption protocol TLS for our website. We recommend that you keep your Internet browser up-to-date, so that your data is transmitted securely by transport.

 

Updating the privacy policy

The ongoing technical development in the area of IT technology and the Internet also requires an adaptation of the existing data protection declaration. We therefore reserve the right to make additions or changes to this privacy policy in compliance with the applicable data protection regulations.

 

Claiming the rights of persons concerned

To claim your rights, you can contact us directly at any time (see contact information of the responsible body in the upper part of this statement).

If you believe that the processing of your data carried out by us violates data protection law or that your data protection claims have otherwise been violated in a way, you can complain to the supervisory authority pursuant to Art. 77 GDPR (in conjunction with § 19 DSAnpUG-EU (BDSG-new)). In Bavaria this is the Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach.

 

 

Current status is March 2022.