Privacy
for the websites
business-lounge.heidelbergengineering.com and
academy.heidelbergengineering.com
of Heidelberg Engineering GmbH
Table of Contents
- Privacy Policy
- Privacy Policy Newsletter
- Data Protection Information for Customers and Prospective Customers
- Data Protection Information for Presenters
Privacy Policy
17th October 2024
Table of contents
1. General
2. Contact
3. Collection of personal data when visiting our website
4. Cookies
5. Registration, login and profile
6. Online orders
7. Online applications
8. Convenience functions
9. Social Media
10. Newsletter
11. Webinars and online events
12. Virtual booth
13. Imaging Atlas Cloud
14. Download tracking
15. Marketing Cloud Account Engagement
16. Google Analytics
17. Google Tag Manager
18. Google DoubleClick for Publishers
19. Integration of YouTube videos
20. Integration of Survicate
21. Integration of Google reCAPTCHA
22. Use of Usercentrics
23. Your rights
24. Right to object
25. Withdrawal of consent
26. Information in the Publisher section
27. Changes to this Privacy Policy
1. General
We appreciate your interest in our website and our company.
Below we inform you about personal data collected when you visit this website. Personal data is factual or personal information about a specific or specifically identifiable person, for example name, address, email address and user behaviour.
Controller in accordance with Article 4 no. 7 EU General Data Protection Regulation (GDPR):
Heidelberg Engineering GmbH
Max-Jarecki-Strasse 8
69115 Heidelberg
Germany
Email: info[at]HeidelbergEngineering.com
For further contact information please refer to the Publisher section.
You can reach our Data Protection Officer at:
CL Compliance und Datenschutz GmbH & Co KG
Douglasstraße 11 – 15
76133 Karlsruhe
Germany
Phone: +49 721 91250880
Email: HeidelbergEngineering[at]compliance-datenschutz.de
2. Contact
You can send us your enquiry to the email addresses we provide or use our general contact form. YThe personal data that you provide to us as part of your enquiry will solely be stored and used by us to respond to your enquiry. We delete this personal data after the storage is no longer necessary or restrict the processing if there are statutory storage obligations.
In addition, you have the option of using a form provided under the “Contact” tab to get in touch with contacts from the Sales and Support departments. Based on your IP address, your country will be determined and your message will be transmitted to the respective contact person in your country. These contacts are partners of Heidelberg Engineering GmbH and process data in compliance with data protection regulations. Your data will be processed and transmitted exclusively for the purpose of answering your questions or comments. Before sending the contact request, you are required to agree to this Privacy Policy.
The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR, when using a contact form also Article 6 paragraph 1 s. 1 lit. a GDPR. If you contact us in connection with an existing contract or a contract you wish to enter into with us, additional legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR.
3. Collection of personal data when visiting our website
When using our website for informational purposes only, without registering or transmitting information to us, we only collect the personal data that your browser transmits to our server. Upon accessing our website, we collect the following data:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (concrete page)
- Access status/http status code
- Amount of data transferred with each request
- The requesting domain
- Browser
- Operating system and its surface
- Language and version of browser software
This data is technically necessary for us to display the website to you and to ensure stability and security. The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
4. Cookies
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your terminal device, assigned to the browser you are using, and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective.
This website uses the following types of cookies, the scope and function of which are explained below:
Transient cookies
Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
Here you will find information about the cookie logoff of the most common browsers:
Depending on their function and purpose, cookies can be divided into the following categories:
Essential Cookies
Essential cookies are required to be able to use the navigation and basic functions of the website.
Marketing Cookies
Marketing cookies are used for the targeted, user-relevant presentation of content. This allows individual advertising to be controlled.
Analytics Cookies
Analytics Cookies enable us to count visits and traffic sources to analyse and improve our websites performance.
Functional Cookies
Functional cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we utilize on our pages. If you do not allow these cookies, some or all of these services may not function properly.
When you access our website, you will be informed about the use of cookies and your consent to the processing of personal data used in this context will be obtained (see the section “Use of Usercentrics” of this Privacy Policy). This also includes a reference to this Privacy Policy.
The legal basis for the processing of personal data using essential cookies is Article 6 paragraph 1 s. 1 lit. f GDPR.
The legal basis for the processing of personal data using cookies that are not required is, if the user has consented to the use, Article 6 paragraph 1 s. 1 lit. a GDPR.
The cookie settings can be adjusted in Usercentrics at any time and consent already granted can be withdrawn(see the section “Use of Usercentrics” of this Privacy Policy). You can reach Usercentrics by clicking on the fingerprint displayed at the bottom left of the screen.
5. Registration, login and profile
In In order to use the full range of services in the Business Lounge or the Academy, pre-registration is necessary. The registration requires a title, first and last name, email address, a password of your choice, and a country.
In order to complete the registration successfully, it is necessary to have read the Privacy Policy and the Terms of Use and to accept them by clicking on the respective checkbox.
In order to be able to access the extended services as a registered user, you must log in before each use using your email address and the password of your choice.
Within the registered area you can manage and edit your personal data in the Profile.
The legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR or Article 6 paragraph 1 s. 1 lit. f GDPR.
6. Online orders
Online payment
In order to process payments, we pass on the necessary payment data to the credit institution commissioned with the payment or to the payment service provider selected by you in the order process.
For credit card payments, we use the payment service provider Ingenico (Head Office: Worldline, River Ouest, 80 Quai Voltaire, 95870 Bezons, France). In this case, we forward the order number and the payment amount to the payment service provider when accepting your order. Your payment data is only collected by the payment service provider, who confirms receipt of your payment and forwards the payment to us. In this case, no payment data (e.g. credit card number) will be forwarded to us. For more information of the payment service provider Ingenico, please visit: https://www.ingenico.com/privacy-policy
The legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR.
Delivery
If your order iinvolves a delivery with a shipping company, we will pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods.
The legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR.
Processing of book orders
For the processing of book orders including invoicing and delivery, we use the fulfilment provider CFG Circle Fulfillment GmbH, Im Klingenbühl 1, 69123 Heidelberg, Germany (https://cfg-direktmarketing.de/). If you order a book from our website, we will forward the data entered by you in the online order form, the order number, the article description of the goods ordered and the payment amount to CFG Circle Fulfillment GmbH when accepting your order. We do not collect your payment details. After receipt of your order CFG Circle Fulfillment GmbH will send you an invoice. After receipt of your payment CFG Circle Fulfillment GmbH will ship the ordered goods to the delivery address specified by you.
The legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR.
7. Online applications
Via the Career link you will find our current job offers and have the option of applying to us online. If you click on the link, you will be redirected to the career site of Heidelberg Engineering GmbH, which we operate on the JobShop platform of talentsconnect AG.
The data protection information for the JobShop of talentsconnect AG can be found at: https://www.talentsconnect.com/privacy
If you apply to us via the application form on the career site, your contact data (title, first name, last name, e-mail address) will be collected and forwarded to us together with the documents you uploaded and the job offer you selected.
To manage the application process, we use the Personio service, a tool provided by Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany. Your personal data is collected, processed and used exclusively for the purpose of processing your application. Personio is strictly geared towards ensuring the security and protection of the data we process. Appropriate technical and organizational measures have been implemented to ensure the protection of your data.
You can find Personio's data protection information at: https://www.personio.com/privacy-policy/
We use the application data provided by you only to process your application. After completion of the application process, your application data will be kept for up to three months for the purpose of clarifying queries and then deleted.
The legal basis is Article 6 paragraph 1 s. 1 lit. a GDPR as well as Article 9 paragraph 2 lit. a GDPR.
8. Convenience functions
For an optimal presentation of our website (e.g. adaptation to different screen sizes, fade-in menu, input control of the contact form) we use techniques such as Javascript and CSS (cascading style sheets). You can disable the use of these techniques by making the appropriate settings in your browser. Please be aware that some areas of our website may not function properly then.
9. Social Media
This website contains links to our appearances on various social media platforms. You can recognise these by the logo of the respective social media provider. When you use our website, no personal data is passed on to the providers of the social media platforms. Only when clicking on these links, you will be forwarded to the platform of the respective social media provider and then the referral URL (the information about the page of our website that you accessed) may be transferred to the provider. We have no influence on this data transfer.The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
By clicking on such a link, you leave our website and we have no influence on the then collected data and data processing procedures, nor are we aware of the full scope of the data collection, the purposes and the storage periods. The respective social media provider processes your data regardless of whether you have an account on this social media platform and are logged in there. If you are logged in, the data collected by the social media provider will be directly assigned to your account. If you do not want the assignment with your social media account, you must log out before clicking on the link.
The social media provider stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-driven design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of demand-driven advertising and to inform other users of the social network about your activities. You have the right to object to the creation of these user profiles, whereby you must contact the respective social media provider to exercise this right.
For more information on the purpose and scope of data collection and processing by the social media provider, please refer to the privacy policies of these providers, which are provided below. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.
Addresses of the providers including URLs of their privacy policy:
- LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA; im Europäischen Wirtschaftsraum (EWR) und der Schweiz: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; http://www.linkedin.com/legal/privacy-policy
- YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA; im Europäischen Wirtschaftsraum (EWR) und der Schweiz: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; https://policies.google.com/privacy?hl=de
- Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; https://www.facebook.com/privacy/explanation
10. Newsletter
With your consent to the collection, processing and use of your data, you can subscribe to our newsletters on various topics, with which we inform you regularly about products, training offers, learning materials, events and news. To subscribe to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an email to the email address you provided, in which we ask you to confirm your newsletter subscription. In order to prove your registration and, if necessary, to be able to clarify a possible misuse of your personal data, we log the subscription to the newsletter. We save the sending of the confirmation mail and the receipt of your hereby requested response as well as the data of the registration and confirmation. The data will be used solely by Heidelberg Engineering and will not be passed on to third parties. If you do not confirm your subscription within three days, we will send you a reminder. If you do not click the confirmation link in the reminder either, we will no longer be able to send you our newsletter. Should your newsletter subscription be the only reason for processing your data, it will be deleted accordingly.
The only mandatory data for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and will be used to address you personally. The legal basis is Article 6 paragraph 1 s. 1 lit. a GDPR.
You can withdraw your consent to the storage of your personal data and its use for sending the newsletter at any time. To do so, click on the link provided in each newsletter, send an email to Newsletter@HeidelbergEngineering.com or send a message to the contact details of the controller as stated in this privacy policy.
Please note that we analyse your user behaviour when sending the newsletter. For this analysis, the emails sent contain tracking pixels, so-called one-pixel image files, and personalised tracking links. We use this data to find out which topics are of interest to you and to improve the content provided. We record whether and when the newsletters we send to you are opened and which links are clicked on. The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
Tracking based on the one-pixel image files is prevented if you have deactivated the display of images in your email program by default. In this case the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will take place. Clicks on personalised tracking links are always logged.
To provide our newsletter service, we use the marketing automation solution Marketing Cloud Account Engagement, which we explain in the “Marketing Cloud Account Engagement” section of this Privacy Policy.
11. Webinars
On this website, we offer various webinars and online events using different services.
Webinars with GoToWebinar
We offer webinars using the "GoToWebinar" service provided by LogMeIn USA, Inc., 320 Summer Street, Boston, MA 02210, USA. In the European Economic Area (EEA) and Switzerland, the service is provided by LogMeIn Ireland Limited, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland ("LogMeIn").
The registration button takes you directly to the appropriate GoToWebinar registration page created by us, where you have to enter your name and email address and, if applicable, further data like zip code, city, country and job title. In several cases, you can optionally enter your GOC number. Once you register for the webinar, you will subsequently receive confirmation, reminder and follow-up emails via the GoToWebinar service. The confirmation email will contain the link to join the GoToWebinar webinar.
We process your personal data collected in connection with the registration for the webinar and during the performance of the webinar for the purpose of fulfilling the contract you have concluded with us for participation in the webinar, in particular for the performance of the webinar as well as for the provision of the teaching materials, the evaluation of the test results and the issuance of the certificate. If you have entered your GOC number it will be transmitted to the General Optical Council for the purpose of crediting you with continuing education points. In addition, we use data entered by you at your request to subsequently answer your open questions. The legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR.
LogMeIn processes your personal data collected in connection with the registration for the webinar and during the performance of the webinar for the purpose of providing and operating the GoToWebinar service. If the processing is directly related to the registration for the webinar and the performance of the webinar, the legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR. For the processing in order to ensure error-free operation and to improve the GoToWebinar service, the legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
Upon registration for one of our webinars, your data will be transferred to Marketing Cloud Account Engagement (see the “Marketing Cloud Account Engagement” section of this Privacy Policy). The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
For more Information on LogMeIn, please visit: https://www.logmeininc.com/legal and https://www.logmein.com/legal/privacy
Webinars with Microsoft Teams
We offer webinars using the "Microsoft Teams" service provided by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. In the European Economic Area (EEA), the United Kingdom, and Switzerland, the service is provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland ("Microsoft").
The registration button takes you to a registration page where you can enter the names and email addresses as well as the country of the desired participants after logging in with your Business Lounge account. If you do not yet have a Business Lounge account, you must create one as part of the registration process in order to register. Once you have registered for the webinar, you and any additional participants will receive confirmation and reminder emails from us. The confirmation email will contain the link to join the Microsoft Teams webinar.
We process your personal data collected in connection with the registration for the webinar and during the performance of the webinar as well as the additionally required data in your Business Lounge account for the purpose of fulfilling the contract that you have concluded with us for participation in the webinar, in particular for the performance of the webinar as well as for the evaluation of the test results and the issuance of the certificate. If applicable, your GOC number will be requested and transmitted to the General Optical Council for the purpose of crediting you with continuing education points. In addition, we use data entered by you at your request to subsequently answer your open questions. The legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR.
Furthermore, we use your data for anonymous evaluation of the use of the online course room. Article 6 paragraph 1 s. 1 lit. f GDPR.
Microsoft processes your personal data collected during the performance of the webinar for the purpose of providing and operating the Microsoft Teams service. If the processing is directly related to the performance of the webinar, the legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR. For the processing in order to ensure error-free operation and to improve the Microsoft Teams service, the legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
Upon registration for one of our webinars, your data will be transferred to Marketing Cloud Account Engagement (see the "Marketing Cloud Account Engagement" section of this Privacy Policy). The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
For more Information on Microsoft, please visit: https://privacy.microsoft.com/en-GB/privacystatement
Online events with Venueless
We offer online events using the streaming platform "Venueless" and the ticketing system "Pretix" of rami.io GmbH, 69126 Heidelberg, Germany ("Rami.io"). The data processing takes place exclusively in the European Union.
The registration button takes you to the corresponding Pretix website, where you can select the event and the number of participants and add them to a shopping cart. Before registering for the event, you must enter your email address and the name, email address, company and postal address for each participant. Once you have registered for the online event, you and any additional attendees will subsequently receive a confirmation email and, if applicable, reminder and follow-up emails via the Pretix service. The confirmation email will contain the link to join the online event, which will be performed via the Venueless platform.
When using the Venueless platform, rami.io collects the following data from you: Browser type and version used, internet service provider, IP address, date and time of access, duration of your access and the times at which you switched between different parts of the event. In addition, the content you have entered, such as the display name you have chosen and, if applicable, a chosen image for communication with other users, chat messages you have sent or content of video calls are processed. A web token is stored in your browser's local memory at the start of platform use. This is used to check whether you are entitled to participate in the event.
We process your personal data collected in connection with the registration for the online event and during the performance of the online event for the purpose of fulfilling the contract that you have concluded with us for participation in the event. The legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR.
Rami.io processes your data for the purpose of providing and operating its services used by us in relation to the event. If the processing is directly related to the registration for the online event and the performance of the online event, the legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR. For the processing in order to ensure error-free operation and to improve the Venueless platform, the legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
Further information from the provider Rami.io about Pretix can be found at: https://pretix.eu/about/en/privacy and https://pretix.eu/about/en/security
12. Virtual booth
On this website we provide you with a virtual booth. For this purpose we use SeekBeak, a software as a service provided by SeekBeak.com, 152 Schooner Close NW, Calgary, AB T3Z 1L1, Canada.
When visiting this virtual booth, no personal data is collected. Only cookies for general analysis purposes are set without any personal reference.
For more information on SeekBeak.com, please visit: https://seekbeak.com/privacy/
13. Imaging Atlas Cloud
With access to our Imaging Atlas Cloud, you can review challenging cases virtually and gain valuable experience. If you request access to the Imaging Atlas Cloud as a registered user, we will provide you after verification with access for a certain period of time. Your access will be linked to your user account in the Business Lounge and we will store your name and email address as well as the access period. The legal basis is Article 6 paragraph 1 s. 1 lit. a GDPR.
We use Parallels to provide the Imaging Atlas Cloud. In order to be able to calculate the monthly licenses required for Parallels, we temporarily store when you have logged in or logged out in order to add up this data. Afterwards, we delete this data. We use the accumulated, no longer personal data to order the required licenses. The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
14. Download Tracking
On this website we offer you the possibility to download brochures, manuals, software, case presentations and JARs (Journal Article Reviews). All downloads are tracked for quality assurance purposes and, if necessary, for the fast transfer of information (e.g. recall in case of serious bugs in a software). The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
15. Marketing Cloud Account Engagement
We use Marketing Cloud Account Engagement - MCAE (formerly known as Pardot), the marketing automation solution of Salesforce.com, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA, which is linked to our Salesforce CRM system. In addition to the Salesforce infrastructure, MCAE uses Amazon Web Services, Inc. as a hosting provider (third-party hosting provider). The data processing is carried out on our behalf on the basis of a contract data processing agreement that we have concluded with Salesforce.
We use the MCAE software in online marketing for:
- systematically recording, analysing and optimising our website
- provision of personalised content and product recommendations
- implementation of (automated) marketing campaigns and advertising activities
- measuring the success of marketing campaigns
- implementation of our email newsletter service
- provision of landing pages and forms
The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
You can register for our email newsletter service as part of your Business Lounge account registration, or you can do so separately via our website. For this purpose, we provide you with a MCAE form embedded in our website or – if your browser does not display the form – directly with a link to the form created in MCAE. When you click on the subscribe button in this MCAE form, a session cookie called “Pardot” is set in your browser by MCAE. We have no influence on the setting of the cookie and its content.
On this website MCAE creates a user profile from the information about your interaction with our website and the content provided through it (including your IP address, the click path, the data listed in the section “Collection of personal data when visiting our website” of this Privacy Policy, and cookies). We can merge the user profiles created through MCAE with your customer data stored by us and with other activities.
MCAE places cookies for website tracking. These tracking technologies help us to find out which topics are of interest to you. We can recognise which pages were visited and which links were clicked on. We use this information to improve the content we provide on the website. The cookies are only generated if you have activated “Marketing Cloud Account Engagement” in our Consent Management Tool Usercentrics. The legal basis is Article 6 paragraph 1 s. 1 lit. a GDPR.
Pardot respects the “Do Not Track” initiative. You can configure this option in your browser. If this option is activated, MCAE does not use cookie-based tracking. If you want to prevent tracking by MCAE, you can ensure this as follows:
- via Privacy settings
- through your browser settings
- through an extension of your browser
However, this may lead to certain limitations in the functions and user-friendliness of our offer.
Pardot sets first-party cookies for tracking purposes, and sets third-party cookies for redundancy. Using first-party and third-party cookies together is standard in the marketing automation industry. Pardot cookies don’t store personally identifying information, only a unique identifier. Below is an overview of the cookies set by Pardot with a maximum validity of 365 days:
- visitor_id<accountid>: The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct MCAE account. The visitor value is the visitor_id in your MCAE account. This cookie is set for visitors by the MCAE tracking code.
- pi_opt_in<accountid>: If Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a true or false value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to true, and the visitor is cookied and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to false. The visitor cookie is disabled, and the visitor is not tracked.
- visitor_id<accountid>-hash: The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from MCAE and access corresponding prospect information.
- lpv<accountid>: This LPV cookie is set to keep MCAE from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
For more information on Salesforce/Pardot, please visit: https://www.salesforce.com/company/privacy/
16. Google Analytics
This website uses Google Analytics, a web analytics tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In the European Economic Area (EEA) and Switzerland, the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses “cookies”, which are text files saved on your computer, to help the website to analyse how you use the site. The cookies are only generated if you have activated “Google Analytics” in our consent management tool Usercentrics. The legal basis is Article 6 paragraph 1 s. 1 lit. a GDPR.
The information generated by the cookies and regarding your behaviour when using the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. If the IP anonymisation is activated, Google will truncate/anonymise the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area before transferring data. Only in exceptional cases, the full IP address is sent to Google servers in the USA and then shortened.
On behalf of the website provider, Google will use this information for the purpose of analysing your behaviour when you are using the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider. Google will not link your IP address transmitted by your browser as part of Google Analytics to any other data stored by Google.
You may disable cookies by selecting the appropriate settings in your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can object to forwarding the data collected with cookies when you visit this website (including the IP address) to Google and prevent Google from processing of data by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en-US.
You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when you visit this website: Disable Google Analytics
Please be aware that if you choose to disable all cookies, also opt-out cookies will be disabled as well.
This website uses Google Analytics with the extension “_anonymizeIp()”. With this extension, all IP addresses will be shortened what makes it impossible to link data to a particular individual. If for some reason data can be linked to a specific individual this link will be directly excluded and personal data will be deleted.
Google Analytics Terms of Service: https://marketingplatform.google.com/about/analytics/terms/us/
Google Privacy Policy: https://policies.google.com/privacy?hl=en
17. Google Tag Manager
We additionally use the Google Tag Manager provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In the European Economic Area (EEA) and Switzerland, the Service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With this service, website tags can be managed. The Google Tag Manager only sets up tags. Tags are code that is used to measure traffic and visitor behaviour. The tags are provided by other services – for example, Google Analytics. The Google Tag Manager only manages these tags, does not set cookies and does not collect any personal data. Google Tag Manager places a pixel in your browser to collect aggregate data about tag triggering. The legal basis for the use of Google Tag Manager is Article 6 paragraph 1 s. 1 lit. f GDPR.
For more information about Google Tag Manager, please visit: https://www.google.com/analytics/terms/tag-manager/
18. Google DoubleClick for Publishers
This website uses Google DoubleClick for Publishers ("DoubleClick"), an advertising insertion service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In the European Economic Area (EEA) and Switzerland, the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. DoubleClick uses “cookies”, which are text files saved on your computer, to help the website to analyse how you use the site. DoubleClick also uses “web beacons”, which are invisible graphics that allow the analysis of information such as visitor traffic on this website. The cookies and web beacons are only generated if you have activated “DoubleClick for Publishers” in our consent management tool Usercentrics. The legal basis is Article 6 paragraph 1 s. 1 lit. a GDPR.
The information generated by the cookies and web beacons is transferred to Google servers and stored there. On behalf of the provider of this website, Google will use this information for the purpose of analysing your usage behaviour with regard to the Google Ad Exchange ads. This information may also be passed on by Google to Google's contract partners. Google will not link your IP address transmitted by your browser as part of DoubleClick to any other data stored by Google.
For more information how Google uses cookies in advertising, please visit: https://policies.google.com/technologies/ads?hl=en
Google Privacy Policy: https://policies.google.com/privacy?hl=en
19. Integration of YouTube videos
We have included YouTube videos in our online offering, which are stored on http://www.YouTube.com and are directly playable from our website. The YouTube website is operated by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In the European Economic Area (EEA) and Switzerland, the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis is Article 6 paragraph 1 s. 1 lit. a GDPR.
If you have activated “YouTube Video” in our consent management tool Usercentrics and visit a subpage of our website in which a YouTube video is embedded, YouTube will receive the information that you have accessed the corresponding subpage of our website. In addition, the data listed in the section “Collection of personal data when visiting our website” of this Privacy Policy will be transmitted.
If you have deactivated “YouTube Video” in our consent management tool Usercentrics and visit a subpage of our website that uses a link to a YouTube video, no personal data will initially be transmitted to YouTube. This is ensured by using the so-called two-click solution. For this purpose, the area of the webpage on which the video is placed is represented by a graphic that serves as a placeholder. Only when you click the “Accept” button, the video is embedded and YouTube receives the aforementioned information.
Once YouTube videos are embedded based on your consent, we have no influence on the then collected data and data processing procedures, nor are we aware of the full scope of the data collection, the purposes and the storage periods. YouTube processes your data regardless of whether you have an account with YouTube and are logged in there. If you are logged in, the data collected by YouTube will be directly assigned to your account. If you do not want the assignment to your YouTube account, you must log out before activating the button. This consent activates “YouTube Video” in Usercentrics and thus applies to the entire website.
YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-driven design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of demand-driven advertising and to inform other YouTube users about your activities. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
For more information on the purpose and scope of data collection and processing by YouTube, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en
There you will also find further information about your rights and settings options for the protection of your privacy.
20. Integration of Survicate
On this website we use the survey tool from Survicate Sp. z o. o., Zamiany 8 LU2, Warsaw, mazowieckie 02-786, Poland ("Survicate"). This allows us to display interactive surveys directly on the website and enables you to participate.
Your entries in the surveys are forwarded to Survicate for evaluation purposes without any personal reference. Also the cookies that Survicate sets and processes to recognise whether a user has already participated in the survey do not contain any personal data.
For more information on Survicate, please visit: http://help.survicate.com/en/articles/3943207-terms-of-service-privacy-policy-gdpr-and-dpa
21. Integration of Google reCaptcha
During registration for the "File Upload" offered on this website, we use the service “reCAPTCHA”, Version 3, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In the European Economic Area (EEA) and Switzerland, the service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use reCAPTCHA to detect abusive, automated machine processing (“bots”) when entering information into the registration form. User behaviour – such as mouse movements, IP addresses, or queries performed – is evaluated by reCAPTCHA to distinguish individuals from bots. So in most cases it is sufficient to simply check the box to confirm that you are not a bot. Only in exceptional cases you have to solve a text or picture puzzle.
We are legally obligated to implement appropriate technical and organisational measures in order to protect user data. reCAPTCHA is such a technical measure. Furthermore, the use of an alternative captcha variant for the registration to "File Upload" is technically not supported. The legal basis is Article 6 paragraph 1 s. 1 lit. c GDPR in accordance with Article 32 paragraph 1 GDPR.
Google does not provide comprehensive information about which personal data of the user is processed when using reCAPTCHA, but here are some examples:
- IP address of the user
- Resources loaded on the page
- whether a Google account is registered
- Cookies placed by Google
- Interactions of the user on the page
- CSS information of the page
- Date
- Language the browser is set to
- all plugins installed for the browser
- all JavaScript objects (JavaScript is a programming language with which, among other things, user interactions can be evaluated. The objects can contain any user data.)
Google will use and analyse this data even before you click on the "I'm not a robot" check box.
The information collected by reCAPTCHA is usually transferred to a Google server in the USA and stored there. However, your IP address is almost always shortened beforehand by Google within member states of the European Union or in other contracting countries to the Agreement on the European Economic Area. Your IP address is not linked to other data held by Google unless you are logged in with your Google account while using reCAPTCHA.
For more information on reCAPTCHA, please visit: https://www.google.com/recaptcha/
For information on the purpose and scope of your data collection and processing through Google, please please refer to the provider's privacy policy. There you will also find further information about your rights and setting options for the protection of your privacy: https://policies.google.com/privacy?hl=en
22. Use of Usercentrics
On this website we use the Consent Management Tool Usercentrics of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany ("Usercentrics"). The tool enables you to give consent to data processing via the website, in particular to set cookies, as well as to exercise your right to withdraw consent already given.. The data processing serves the purpose of obtaining and documenting required consents to data processing and thus to comply with legal obligations. Cookies may be used for this purpose. The following information, among others, may be collected and transmitted to Usercentrics: Date and time of the page view, information about the browser and the device you are using, opt-in and opt-out data. This data is not passed on to other third parties. The data processing is carried out to fulfil a legal obligation on the basis of Article 6 paragraph 1 s. 1 lit. c GDPR.
For more information on data protection at Usercentrics, please visit: https://usercentrics.com/privacy-policy/
23. Your Rights
You have the following rights concerning your personal data:
- Right of access regarding the personal data concerning you that we process as controller (Article 15 GDPR)
- Right to rectification of the personal data concerning you if they are stored incorrectly or incompletely (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to request the restriction of the processing of personal data concerning you (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object to the processing of personal data concerning you (Article 21 GDPR).
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Article 77 GDPR).
Pursuant to Article 22 GDPR, you principally have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, we do not use such automated decision-making processes.
24. Right to object
If we process your personal data as part of a weighing of interests based on our overriding legitimate interests (legal basis Article 6 paragraph 1 s. 1 lit. f GDPR), you have the right to object to this processing at any time on grounds relating to your particular situation.
If you exercise your right to object, we will no longer process this personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
25. Withdrawal of consent
If you have given consent to the processing of your personal data, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
26. Information in the Publisher section
We expressly object to the use of contact data published within the scope of the obligation to provide publisher information by third parties for sending advertising and information material that has not been expressly requested. We expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam emails.
27. Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy in accordance with legal data protection regulations. The currently valid version can be viewed at any time in the Privacy Policy area of our website.
Privacy Policy Newsletter
17th October 2024
Table of contents
General
- Contact
- Newsletter
- Marketing Cloud Account Engagement
- Your rights
- Right to object
- Withdrawal of consent
- Changes to this Privacy Policy
1 General
We appreciate your interest in our newsletter and our company.
Below we inform you about personal data collected when you visit this website. Personal data is factual or personal information about a specific or specifically identifiable person, for example name, address, email address and user behaviour.
Controller in accordance with Article 4 no. 7 EU General Data Protection Regulation (GDPR):
Heidelberg Engineering GmbH
Max-Jarecki-Strasse 8
69115 Heidelberg
Germany
Email: info[at]HeidelbergEngineering.com
For further contact information please refer to the Publisher section.
You can reach our Data Protection Officer at:
CL Compliance und Datenschutz GmbH & Co KG
Douglasstraße 11 – 15
76133 Karlsruhe
Germany
Phone: +49 721 91250880
Email: HeidelbergEngineering[at]compliance-datenschutz.de
2 Contact
You can send us your enquiry to the email addresses we provide or use our general contact form. The personal data that you provide to us as part of your enquiry will solely be stored and used by us to respond to your enquiry. We delete this personal data after the storage is no longer necessary or restrict the processing if there are statutory storage obligations.
The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR, when using the contact form also Article 6 paragraph 1 s. 1 lit. a GDPR. If you contact us in connection with an existing contract or a contract you wish to enter into with us, additional legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR.
3 Newsletter
With your consent to the collection, processing and use of your data, you can subscribe to our newsletters on various topics, with which we inform you regularly about products, training offers, learning materials, events and news. To subscribe to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an email to the email address you provided, in which we ask you to confirm your newsletter subscription. In order to prove your registration and, if necessary, to be able to clarify a possible misuse of your personal data, we log the subscription to the newsletter. We save the sending of the confirmation mail and the receipt of your hereby requested response as well as the data of the registration and confirmation. The data will be used solely by Heidelberg Engineering and will not be passed on to third parties. If you do not confirm your subscription within three days, we will send you a reminder. If you do not click the confirmation link in the reminder either, we will no longer be able to send you our newsletter. Should your newsletter subscription be the only reason for processing your data, it will be deleted accordingly.
The only mandatory data for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and will be used to address you personally. The legal basis is Article 6 paragraph 1 s. 1 lit. a GDPR.
You can withdraw your consent to the storage of your personal data and its use for sending the newsletter at any time. To do so, click on the link provided in each newsletter, send an email to Newsletter@HeidelbergEngineering.com or send a message to the contact details of the controller as stated in this privacy policy.
Please note that we analyse your user behaviour when sending the newsletter. For this analysis, the emails sent contain tracking pixels, so-called one-pixel image files, and personalised tracking links. We use this data to find out which topics are of interest to you and to improve the content provided. We record whether and when the newsletters we send to you are opened and which links are clicked on. The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
Tracking based on the one-pixel image files is prevented if you have deactivated the display of images in your email program by default. In this case the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will take place. Clicks on personalised tracking links are always logged.
To provide our newsletter service, we use the marketing automation solution Marketing Cloud Account Engagement, which we explain in the “Marketing Cloud Account Engagement” section of this Privacy Policy.
4 Marketing Cloud Account Engagement
We use Marketing Cloud Account Engagement - MCAE (formerly known as Pardot), the marketing automation solution of Salesforce.com, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA, which is linked to our Salesforce CRM system. In addition to the Salesforce infrastructure, MCAE uses Amazon Web Services, Inc. as a hosting provider (third-party hosting provider). The data processing is carried out on our behalf on the basis of a contract data processing agreement that we have concluded with Salesforce.
We use the MACE software in online marketing for:
- systematically recording, analysing and optimising our website
- provision of personalised content and product recommendations
- implementation of (automated) marketing campaigns and advertising activities
- measuring the success of marketing campaigns
- implementation of our email newsletter service
- provision of landing pages and forms
The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
To register for our email newsletter service, we provide you with a MCAE form embedded in our website or – if your browser does not display the form – directly with a link to the form created in MCAE. When you click on the subscribe button in this MCAE form, a session cookie called “Pardot” is set in your browser by MCAE. We have no influence on the setting of the cookie and its content.
For more information on Salesforce/MCAE, please visit: https://www.salesforce.com/company/privacy/
5 Your rights
You have the following rights concerning your personal data:
- Right of access regarding the personal data concerning you that we process as controller (Article 15 GDPR)
- Right to rectification of the personal data concerning you if they are stored incorrectly or incompletely (Article 16 GDPR)
- Right to erasure (Article 17 GDPR)
- Right to request the restriction of the processing of personal data concerning you (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object to the processing of personal data concerning you (Article 21 GDPR).
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data (Article 77 GDPR).
Pursuant to Article 22 GDPR, you principally have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, we do not use such automated decision-making processes.
6 Right to object
If we process your personal data as part of a weighing of interests based on our overriding legitimate interests (legal basis Article 6 paragraph 1 s. 1 lit. f GDPR), you have the right to object to this processing at any time on grounds relating to your particular situation.
If you exercise your right to object, we will no longer process this personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
7 Withdrawal of consent
If you have given consent to the processing of your personal data, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8 Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy in accordance with legal data protection regulations. The currently valid version can be viewed at any time in the Privacy Policy area of our website.
Data Protection Information for Customers and Prospective Customers
Table of Contents
- Identity and contact details of the Controller
- Contact details of the Data Protection Officer
- Personal data processed
- Purposes and legal basis of processing
- Recipient of the data
- Data transfer to third countries
- Duration of storage
- Your rights
In the following, we, Heidelberg Engineering GmbH, inform you about the processing of your personal data by our company and the rights to which you are entitled under data protection law.
1 Identity and contact details of the Controller
The controller for data processing is
Heidelberg Engineering GmbH
Max-Jarecki-Straße 8
69115 Heidelberg, Germany
E-mail: info@HeidelbergEngineering.com
Phone: +49 6221 64630
Fax: +49 6221 646362
2 Contact details of the Data Protection Officer
Our external data protection officer can be reached at
CL Compliance und Datenschutz GmbH & Co KG
Douglasstraße 11 – 15
76133 Karlsruhe, Germany
E-mail: HeidelbergEngineering@compliance-datenschutz.de
3 Personal data processed
We process personal data that we receive from our customers and prospective customers in the course of our business relationship.
Relevant personal data are in particular name, address and other contact data, but also contract data, data concerning products and services, payment data, communication data, authentication data for access to our web portals and data regarding the use of the websites and newsletters offered by us.
4 Purposes and legal basis of processing
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations to the extent described below.
4.1 Performance of a contract / Performance of pre-contractual steps
We process personal data insofar as their processing is necessary for the performance of our contracts with you and for the execution of your orders as well as for the performance of pre-contractual steps carried out at your request. The legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR.
Not providing the required personal data may result in a contract with you not being concluded or not being fulfilled.
4.2 Safeguarding legitimate interests
To the extent necessary, we also process personal data to safeguard our legitimate interests. The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
This applies to the following purposes:
- Administration of our IT systems.
Our legitimate interest is the maintenance of IT operations. Insofar as IT systems contain customer and prospective customer data, it cannot be ruled out that this data will be accessed in the course of administration. - Tracking the download of brochures, manuals, software and other information from our web portals:
We have a legitimate interest in being able to contact you specifically if necessary, if the downloaded files are defective and, in particular, if damage may result from their use. - Data aggregation for a more targeted approach.
In addition to targeted information about contract-relevant matters such as software updates, we have a legitimate interest in informing you as a contractual partner as specifically as possible about new software features, new modules or new training offers. In order to send you only the information that is actually of interest to you, we consolidate the personal data that we collect from you in the course of the contractual relationship, your visit to our websites if you have consented to website tracking, and your participation in training courses and events. - Direct marketing, unless you have objected to the use of your data for this purpose (see section 8.4 of this data protection information).
Our legitimate interest is to inform you in a targeted manner about products and services as well as about relevant events in connection with the products and services you have purchased or requested. - Organization of events and trade fairs.
Our legitimate interest is the planning and smooth carrying out of our events, in particular the possibility to send you further necessary information about the event and to inform you about any changes. - Assertion of legal claims and defense in legal disputes.
We have a legitimate interest in being able to access the documents necessary for the assertion or defense in the event of a legal dispute.
4.3 Consent
If you give us consent to process your personal data for specific purposes, the lawfulness of this processing is based on your consent pursuant to Article 6 paragraph 1 s. 1 lit. a GDPR.
Purposes for which we process your personal data based on your consent include:
- answering your requests when you contact us through our websites,
- the verification of your authentication and the user management for our web portals,
- the website tracking for evaluation for marketing purposes,
- the sending of the newsletters you have selected,
- your participation in sweepstakes.
Any consent given can be withdrawn by you at any time with effect for the future (see section 8.3 of this data protection information).
4.4 Compliance with legal obligation
If necessary and legally permissible, we process your data beyond the actual contractual purposes to comply with legal obligations. These are in particular the legal requirements of commercial law and tax laws. The legal basis is Article 6 paragraph 1 s. 1 lit. c GDPR.
5 Recipient of the data
When we deliver products to you, we pass on your personal data to the contracted shipping company to the extent that this data is required for delivery.
We engage service providers in particular in the areas of IT services, telecommunications, service and support, sales and marketing. Insofar as our service providers come into contact with your personal data, the data processing is carried out on our behalf. The service providers act as processors only in accordance with our instructions and we ensure contractually and through supplementary controls that these service providers use the necessary technical and organizational measures to ensure adequate protection of your personal data.
If necessary, we transfer your personal data to our subsidiaries or affiliated companies for the purpose of carrying out a business relationship with you or for safeguarding our legitimate interests.
Beyond this, we do not pass on any data to third parties unless you have expressly consented to this, the transfer is recognizably necessary for the processing of an offer requested by you or for the performance of services, or this is required by law.
6 Data transfer to third countries
The transfer of personal data to a third country only takes place if the special requirements of Art. 44 et seq. GDPR are fulfilled.
When transferring personal data to our subsidiaries or affiliated companies located in a third country, we will ensure by way of guarantees that the subsidiary or affiliated company has been committed by us to an adequate level of data protection.
If necessary, your data will be stored by our service providers on servers in third countries as part of data processing on our behalf. In this case, too, we ensure that the service provider has been committed by us to an appropriate level of data protection by means of suitable guarantees.
Any further transfer of your data to a third country or an international organization does not take place.
7 Duration of storage
We store your personal data for as long as this is necessary for the duration of our business relationship or for the fulfillment of contractual purposes, including the initiation and execution of contracts.
If you have given us your consent for the processing of your personal data, we will store this data for as long as specified in the relevant consent or until you withdraw your consent.
Furthermore, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code and the German Fiscal Code. The periods prescribed there for storage and documentation are up to ten years.
In addition, personal data may have to be stored for the period during which claims can be asserted against us. Here, the storage period is based on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code are generally three years, but in certain cases can be up to thirty years.
8 Your rights
8.1 Rights of the data subject
You can request information about the personal data stored about you in accordance with Article 15 GDPR. In addition, you may, under certain conditions, obtain the rectification of your personal data (Article 16 GDPR) or the erasure of your personal data (Article 17 GDPR). Furthermore, you may have the right to restriction of processing of your personal data pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR (see section 8.4 of this data protection information) and the right to receive the personal data you have provided, in a structured, commonly used and machine-readable format pursuant to Article 20 GDPR.
8.2 Right of complaint
Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that your personal data is not being processed lawfully. The right of complaint is without prejudice to any other administrative or judicial remedy.
8.3 Withdrawal of consent
You can withdraw your consent to the processing of your personal data at any time in accordance with Article 7 GDPR. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.
8.4 Right of objection
Insofar as the processing of your personal data is based on Article 6 paragraph 1 s. 1 lit. f GDPR to safeguard legitimate interests, you have the right pursuant to Article 21 GDPR to object to the processing of this data at any time on grounds relating to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to processing for such marketing. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your data for these purposes.
To exercise your rights, you can contact us using the contact details provided in section 1 of this data protection information.
Data Protection Information for Presenters
Table of Contents
- Identity and contact details of the Controller
- Contact details of the Data Protection Officer
- Personal data processed
- Purposes and legal basis of processing
- Recipient of the data
- Data transfer to third countries
- Duration of storage
- Your rights
In the following, we, Heidelberg Engineering GmbH, inform you about the processing of your personal data by our company and the rights to which you are entitled under data protection law.
1 Identity and contact details of the Controller
The controller for data processing is
Heidelberg Engineering GmbH
Max-Jarecki-Straße 8
69115 Heidelberg, Germany
E-mail: info@HeidelbergEngineering.com
Phone: +49 6221 64630
Fax: +49 6221 646362
2 Contact details of the Data Protection Officer
Our external data protection officer can be reached at
CL Compliance und Datenschutz GmbH & Co KG
Douglasstraße 11 – 15
76133 Karlsruhe, Germany
E-mail: HeidelbergEngineering@compliance-datenschutz.de
3 Personal data processed
We process personal data that we receive from our external presenters in the course of our business relationship.
Relevant personal data are in particular name, address and other contact data, but also contract data, payment data and communication data as well as photos and video recordings.
4 Purposes and legal basis of processing
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations to the extent described below.
4.1 Performance of a contract / Performance of pre-contractual steps
We process personal data insofar as their processing is necessary for the performance of our contracts with you as well as for the performance of pre-contractual steps. The legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR.
Not providing the required personal data may result in a contract with you not being concluded or not being fulfilled.
4.2 Safeguarding legitimate interests
To the extent necessary, we also process personal data to safeguard our legitimate interests. The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR.
This applies to the following purposes:
- Administration of our IT systems.
Our legitimate interest is the maintenance of IT operations. Insofar as IT systems contain presenter data, it cannot be ruled out that this data will be accessed in the course of administration. - Organization of events and trade fairs.
Our legitimate interest is the planning and smooth carrying out of our events, in particular the possibility to send you further necessary information about the event and to inform you about any changes. - Assertion of legal claims and defense in legal disputes.
We have a legitimate interest in being able to access the documents necessary for the assertion or defense in the event of a legal dispute.
4.3 Consent
If you give us consent to process your personal data for specific purposes, the lawfulness of this processing is based on your consent pursuant to Article 6 paragraph 1 s. 1 lit. a GDPR.
Purposes for which we process your personal data, in particular photos and video recordings, based on your consent include:
- the presentation of the company and its services,
- the advertising of presence events and online courses,
- the publication of recorded presence events and online courses that have been conducted.
Any consent given can be withdrawn by you at any time with effect for the future (see section 8.3 of this data protection information).
4.4 Compliance with legal obligation
If necessary and legally permissible, we process your data beyond the actual contractual purposes to comply with legal obligations. These are in particular the legal requirements of commercial law and tax laws. The legal basis is Article 6 paragraph 1 s. 1 lit. c GDPR.
5 Recipient of the data
When organizing the events in which you participate as a presenter, we pass on your personal data to hotels and trade fair companies to the extent that this data is required for carrying out the event.
We engage service providers in particular in the areas of IT services, telecommunications and marketing. Insofar as our service providers come into contact with your personal data, the data processing is carried out on our behalf. The service providers act as processors only in accordance with our instructions and we ensure contractually and through supplementary controls that these service providers use the necessary technical and organizational measures to ensure adequate protection of your personal data.
If necessary, we transfer your personal data to our subsidiaries or affiliated companies for the purpose of carrying out a business relationship with you or for safeguarding our legitimate interests.
Beyond this, we do not pass on any data to third parties unless you have expressly consented to this, the transfer is recognizably necessary for the processing of an offer requested by you or for the performance of services, or this is required by law.
6 Data transfer to third countries
The transfer of personal data to a third country only takes place if the special requirements of Art. 44 et seq. GDPR are fulfilled.
When transferring personal data to our subsidiaries or affiliated companies located in a third country, we will ensure by way of guarantees that the subsidiary or affiliated company has been committed by us to an adequate level of data protection.
If necessary, your data will be stored by our service providers on servers in third countries as part of data processing on our behalf. In this case, too, we ensure that the service provider has been committed by us to an appropriate level of data protection by means of suitable guarantees.
Any further transfer of your data to a third country or an international organization does not take place.
7 Duration of storage
We store your personal data for as long as this is necessary for the duration of our business relationship or for the fulfillment of contractual purposes, including the initiation and execution of contracts.
If you have given us your consent for the processing of your personal data, we will store this data for as long as specified in the relevant consent or until you withdraw your consent.
Furthermore, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code and the German Fiscal Code. The periods prescribed there for storage and documentation are up to ten years.
In addition, personal data may have to be stored for the period during which claims can be asserted against us. Here, the storage period is based on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code are generally three years, but in certain cases can be up to thirty years.
8 Your rights
8.1 Rights of the data subject
You can request information about the personal data stored about you in accordance with Article 15 GDPR. In addition, you may, under certain conditions, obtain the rectification of your personal data (Article 16 GDPR) or the erasure of your personal data (Article 17 GDPR). Furthermore, you may have the right to restriction of processing of your personal data pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR (see section 8.4 of this data protection information) and the right to receive the personal data you have provided in a structured, commonly used and machine-readable format pursuant to Article 20 GDPR.
8.2 Right of complaint
Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if you believe that your personal data is not being processed lawfully. The right of complaint is without prejudice to any other administrative or judicial remedy.
8.3 Withdrawal of consent
You can withdraw your consent to the processing of your personal data at any time in accordance with Article 7 GDPR. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected.
8.4 Right of objection
Insofar as the processing of your personal data is based on Article 6 paragraph 1 s. 1 lit. f GDPR to safeguard legitimate interests, you have the right pursuant to Article 21 GDPR to object to the processing of this data at any time on grounds relating to your particular situation. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
To exercise your rights, you can contact us using the contact details provided in section 1 of this data protection information.