for the website
of Heidelberg Engineering GmbH
13th May 2020
Table of contents
- Your rights
- Data Collected when you visit our website
- Further functions and offers on our website
- Online orders
- Online applications
- Right of withdrawal or objection
- Convenience functions
- Social Media
- Google Analytics
- Google Tag Manager
- Integration of Google Maps
- Integration of YouTube-Videos
- Integration of Survicate
- Integration of Google reCaptcha
- Information in section Publisher / Imprint
- Further Information
We appreciate your interest in our website and our company.
Below we inform you about personal data collected when you visit this website. Personal data is factual or personal information about a specific or specifically identifiable person, for example name, address, email address and user behavior.
Representative in accordance with Article 4 paragraph 7 European General Data Protection Regulation (GDPR):
Heidelberg Engineering GmbH
(for further contact information please refer to the section Publisher).
You can contact our Privacy Officer at HeidelbergEngineering[at]compliance-datenschutz.de or:
CL Compliance und Datenschutz GmbH & Co KG
Douglasstraße 11 – 15
Phone: +49 721 91250880
You can send an inquiry by using the provided email addresses or the general contact form.
The personal data you provide within this inquiry will be stored to process your concern. Data collected in this context will be deleted as soon as its storage is not necessary any more or processing will be limited in case of legal storage obligations. Your personal information will not be forwarded to third parties or otherwise transferred. (Legal basis is Article 6 paragraph 1 S. 1 lit. b GDPR)
3 Your rights
You have the following rights regarding your personal data:
- Right of information,
- Right of rectification and erasure,
- Right of restriction of processing,
- Right of objection to processing,
- Right to data portability.
You have also the right to lodge complain with a data protection authority against processing of your data by us.
4 Data Collected when you visit our website
We solely collect those personal data your browser transmits to our server when you use our website for informational purposes only, without registering or transmitting information to us.
Every visit to our website and each request for data from the website are logged by the IP address of the requesting computer. This information is saved for display of our website, stability and safety purposes (Legal basis is Article 6 paragraph 1 S. 1 lit. c GDPR in connection with Article 32 paragraph 1 GDPR and Article 13 paragraph 7 TMG (Telemediengesetz, German Telecommunications Act).
The following information is logged:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (concrete page)
- Access status/http status code
- Amount of data transferred with each request
- The requesting domain
- Operating system and its surface
- Language and version of browser software.
These data with complete and possibly personal IP addresses are collected for technical security purposes, for example for protection against attacks on our server, and will be anonymized/deleted within 7 days at the latest.
When you are viewing one of our Heidelberg Engineering websites, small amounts of data are stored on your computer in the form of a “cookie.” Cookies are typically small text files that websites link to your browser and save on your computer to provide the cookie owner (in this case us) with information related to your use of that website and the device you are using.
Cookies are not able to run programs or to transfer a virus to your device. They only serve to optimize user experience and site usability.
This website uses the types of cookies we describe below:
- Transient Cookies
Transient cookies will be deleted automatically when you close your browser. In particular this includes session cookies which save the so-called session ID. This ID allows to link different requests send by your browser to this one session. This ways we can recognize your device when you return to our website. These session cookies will be deleted automatically if you log out or close your browser.
- Persistent Cookies
Persistent cookies will be deleted automatically after a specified period, which can vary for each cookie. You have the possibility to delete cookies in your browser settings any time.
You can configure your browser settings depending on your personal needs, for example to accept third party cookies or to disable cookies in general. Please be aware that if you choose to disable cookies, some areas of our website may not function properly.
For further information about cookies please refer to: Cookies Policy
5 Further functions and offers on our website
In addition to the purely informational content of our website, we offer several services you are able to use in case of interest. In some cases you have to provide us with additional personal data we need for performing our services. For this additional data, the principles of data processing as mentioned above apply.
In some cases we involve external service providers to process your data. These providers have been thoroughly chosen and authorized by us. They have committed to our instructions and will be monitored regularly.
If the registered office of our service providers and partners is outside of the European Economic Area (EEA), we inform you about the consequences of these circumstances in the description of the offer.
Prior registration is necessary in order to use our portals such as the Business Lounge or the Academy. For this a form of address, a first and last name, an email address, a password of your choice, and a country are required.
In order to access the portal as a registered user, a login using an email address and a password of your choice is required before each use. Within the areas designated by registration you can manage and process your personal data.
In addition, you have the option of contacting the Sales and Support departments via the form available under the “Contact” tab.
Your country will be identified by your IP address and your message is sent to the relevant contact in your country. These contacts are partners of Heidelberg Engineering GmbH, and process data in compliance with data protection law regulations.
5.4 Technical support
We offer registered users technical support. Here users are able to upload files in any format via the “File Exchange” which will be forwarded to a predefined support email address. Furthermore, “Remote Support” includes the option of allowing members of the technical support team to access a user’s PC with the previous consent of the user.
In “File Exchange” the uploaded data is deleted after 30 days.
6 Online orders
6.1 Online payment
In order to process payments, we pass on the necessary payment data to the credit institution commissioned with the payment or to the payment service provider selected by you in the order process.
For the payment method credit card we use the payment service provider Ingenico e-Commerce Solutions, Woluwedal 102, 1200 Brussels, Belgium.
In this case, we will forward the order number and the payment amount to the payment service provider when accepting your order. Your payment details are only collected by the payment service provider, who confirms receipt of your payment and forwards the payment to us. In this case, no payment data (eg credit card number) will be forwarded to us. (Legal basis is Art. 6 (1) (1) (b) GDPR)
Further information about the payment service provider Ingenico can be found at: https://www.ingenico.com/privacy-policy
If your order involves a delivery with a shipping company, we will pass your data on to the shipping company responsible for the delivery, if this is necessary for the delivery of the goods. (Legal basis is Art. 6 (1) (1) (b) GDPR)
6.3 Processing of book orders
For the processing of book orders including invoicing and delivery, we use the fulfillment provider CFG Circle Fulfillment GmbH, Heinrich Lanz-Str. 7, 68723 Plankstadt, Germany (https://cfg-direktmarketing.de/). If you order a book from our website, we will forward the data entered by you in the online order form, the order number, the article description of the goods ordered and the payment amount to CFG Circle Fulfillment GmbH when accepting your order. We do not collect your payment details. After receipt of your order CFG Circle Fulfillment GmbH will send you an invoice. After receipt of your payment CFG Circle Fulfillment GmbH will ship the ordered goods to the delivery address specified by you.
7 Online applications
In the section “Careers” you will find our current job offers and also have the opportunity to send us an unsolicited application. If you apply online, we will first collect your contact details (title, first name, last name, e-mail address and telephone number) and, if applicable, the job offer you have selected. In addition, we offer you the opportunity to submit your application documents in the form of PDF documents. All data will be securely encrypted and sent to us by your browser (HTTPS). We use the application data provided by you only to process your application. After completing the application process, your application data will be kept for up to three months for clarification of queries and then deleted. (Legal basis is Article 88 in connection with § 26 BDSG in the new version)
8 Right of withdrawal or objection
You may object to the processing of your personal data with immediate effect at any time by withdrawing your consent. This withdrawal affects the legitimacy of processing your personal data as soon as you have expressed it.
You may object to the processing of your personal data if the processing is based on weighing of interests. This applies especially if data is not needed for contract fulfillment which we will explain in the following description of functions. If you decide to object to the collection of your personal data, we kindly ask you to submit reasons why we are not allowed to process your personal data according to our procedures. In case of a reasonable objection, we will examine the situation and will either stop or adjust the processing of your personal data or demonstrate compelling legitimate reasons for continuing the processing.
9 Convenience functions
10 Social Media
This website contains links to websites operated by social media platforms, for example facebook. You can to identify them by their logos. When you visit our websites no personal data will be transferred to the social media platforms. If you click on a link you will be forwarded to the platform, where personal data may be transferred. By using the link you leave our website and we are not able to influence the collection or processing of data, the amount of collected data or storage periods.
If you click on a social media link, the social media platforms receive information about the page of our website visited by you. In addition, we transmit the data listed in the section “ Data Collected when you visit our website”. This will happen regardless of you already having a social media account or being logged into an account. If you are logged into your personal social media account during your visit to our site, the platform will link data collected during your visit to the site of your account.
The social media provider stores personal data as user profiles and uses them for the purpose of advertisement, market statistics and individual website design. This analysis is used to provide the users with individual advertisements and to inform other users of this social media platform about your activities. You have the right to object to the creation of user profiles. To do so, please contact the provider of the respective social media platform.
a) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.
b) YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, https://policies.google.com/privacy?hl=en
With your consent, you can subscribe to our various newsletters, with which we inform you regularly about current topics and interesting offers. For subscription to our newsletter, we use the so-called double-opt-in process. This means that after you have registered, we will send you an email to the specified email address. In this email we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within four weeks, your data collected up to this point will be deleted. In addition to data provided by you during the subscription, we store the times of your registration and confirmation as well as the corresponding IP addresses. The purpose of this process is to prove that you have registered and, if necessary, to clarify a possible misuse of your personal data.
Only your email address is mandatory information for sending the newsletter. Specifying additional data in respectively marked fields is voluntary but will allow to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. (Legal basis is Art. 6 (1) (1) (a) GDPR.)
You can revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. To do so, click on the link provided in each newsletter email, send an email to Newsletter@HeidelbergEngineering.com or send a message to the contact details given in the imprint.
Please note that we analyze your user behavior with our newsletter. For this analysis, the newsletter emails include so-called web beacons or tracking pixels which are one-pixel image files. We link the data mentioned in the section “Data Collected when you visit our website” and the web beacons with your email address and an individual ID. The links included in the newsletter also contain this ID. With the data obtained this way, we create a user profile to tailor the newsletters to your individual interests. We record when you read our newsletters, which links you click and conclude your personal interests. We link this data to your activities on our website.
Such tracking is not possible if you have turned off image viewing by default in your email client. In this case, the newsletter will not be displayed completely and you may not be able to use all the features. If you enable the displaying of the images manually, the above mentioned tracking is performed. To deliver our newsletter service, we use Salesforce’s Marketing Automation Solution, which we explain in the “Pardot” section.
On this website we use Pardot, the marketing automation solution from Salesforce.com, Inc. The Landmark at One Market, Suite 300, San Francisco, CA 94105, United States. Pardot uses Amazon Web Services, Inc. as a third-party hosting provider.
Pardot places cookies on our newsletter registration pages. This includes a permanent cookie, unless a Pardot cookie already exists on your device. If you have already used a website that uses Pardot, you may already have a Pardot cookie. Emails sent with the help of Pardot’s marketing automation solution use tracking technologies. We use data collected this way to find out which topics match your interests. We can see if the newsletters we send to you are opened and which links have been clicked. This information is used to improve the newsletters for you and the content we provide on the website. (Legal basis is Art. 6 (1) (1) (f) GDPR if you receive a newsletter from us Art. 6 (1) sentence 1 (a) of the GDPR)
The Pardot Service sets cookies (see also the section “Data Collected when you visit our website”). The cookie set is a “visitor cookie“. Via this “visitor cookie” an identification number is generated, which is used to recognize the browser of the website visitor. The identification number is a generated number code that has no meaning outside of Pardot Services. All cookies receive only the generated number code.
If you want to prevent the tracking by Pardot, you can ensure this by configuring your browser settings accordingly, or by using an appropriate browser extension.
For more information on salesforce.com, please visit: https://www.salesforce.com/company/privacy/
13 Google Analytics
This website uses Google Analytics, a web analytics tool provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files saved on your computer, to help the website to analyze how you use the site. The information generated by the cookie and regarding your behavior when using the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. If the the IP anonymization is activated, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area before transferring data. Only in exceptional cases, the full IP address is sent to Google servers in the USA and then shortened.
On behalf of the website provider, Google will use this information for the purpose of analyzing your behavior when you are using the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider. Google will not link your IP address to any other data stored by Google.
You may disable cookies by selecting the appropriate settings in your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can object to forwarding the data collected with cookies when you visit this website (including the IP address) to Google and prevent Google from processing of data by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en-GB.
You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when you visit this website:
Please be aware that if you choose to disable all cookies, also opt-out cookies will be disabled as well.
This website uses Google Analytics with the extension „_anonymizeIp()“. With this extension, all IP addresses will be shortened what makes it impossible to link data to a particular individual. If for some reason data can be linked to a specific individual this link will be directly excluded and personal data will be deleted.
With Google Analytics, we do not collect any personal data that would allow us to identify a user. The collected data only serve to optimize user experience and site usability. (Legal basis for the use of Google Analytics is Article 6 paragraph 1 S. 1 lit. f GDPR)
14 Google Tag Manager
We additionally use the Google Tag Manager. With this service we are able to manage website tags. The Google Tag Manager only sets up tags. Tags are code that is used to measure traffic and visitor behavior. The tags are provided by other services - in our case Google Analytics. The Google Tag Manager only manages these tags, does not set cookies and does not collect any personal data. If tracking is deactivated, this also applies to all tracking tags managed by the Google Tag Manager.
For more information about Google Tag Manager, please visit: https://www.google.com/analytics/terms/tag-manager/
15 Integration of Google Maps
On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website, allowing you to conveniently use the map feature. (Legal basis is Art. 6 (1) (1) (f) GDPR)
By visiting the website Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in the section entitled “Data Collected when you visit our website” of this Declaration will be transmitted. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or custom design of its website. Such an evaluation is done in particular (even for non-logged in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the formation of these user profiles, and you must comply with this to Google.
16 Integration of YouTube videos
We have included YouTube videos in our online offering, which are stored on http://www.YouTube.com and are directly playable from our website. These are all integrated in the “extended privacy mode”, which means that if you do not play the videos, you will not transfer any data about you as a user to YouTube. Only when you play the videos, the following data will be transmitted. We have no influence on this data transfer. (Legal basis is Art. 6 (1) (1) (f) DS-GVO)
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in the section entitled “Data Collected when you visit our website” of this Declaration will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to associate with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is done in particular (even for non-logged in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these User Profiles, and you must be directed to YouTube to use them.
17 Integration of Survicate
On this website we use the offer of Survicate. This allows us to display interactive surveys directly on the website and allows you to participate. (Legal basis is Art. 6 (1) (1) (f) DS-GVO)
When you visit our website, Survicate receives information that you have accessed the appropriate page on our website. In addition, the information specified in the "Collection of personal data for informational use" section of this statement will be transmitted.
Survicate stores your data as usage profiles and uses them for market research purposes. Such evaluation is carried out to provide advertising and information tailored to your needs.
Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the provider's data protection declarations. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://help.survicate.com/en/articles/3943207-terms-of-service-privacy-policy-gdpr-and-dpa .
18 Integration of Google reCaptcha
On this website we use the service "reCAPTCHA" of the company Google Inc. ("Google"). We use this service to detect abusive, automated machine processing ("bots") when entering information into our online forms. User behavior - such as mouse movements, IP addresses, or queries performed - is evaluated by Google reCaptcha to help differentiate individuals from bots. (Legal basis is Article 6 paragraph 1 S. 1 lit. c GDPR in connection with Article 32 paragraph 1 GDPR)
Information on the third party: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.google.com/recaptcha/.
19 Information in section Publisher / Imprint
We expressly object to the use of the contact data we publish in the section Publisher as long as third parties use them to provide us with not explicitly requested advertisement or information material. In case of violation we reserve the right to take legal action, for example in case of receiving spam emails.
21 Further Information
Personal data processed in association with the provision of this website will be disclosed to the following recipient groups:
- technical service providers (e.g. data center)
Automated decision-making which produces legal effects concerning you or similarly significantly affects you, will not be used in association to you using this website.