for the websites
of Heidelberg Engineering GmbH
30th July 2020
Table of contents
- Your rights
- Data Collected when you visit our website
- Further functions and offers on our website
- Online orders
- Right of withdrawal or objection
- Convenience functions
- Social Media
- Google Analytics
- Google Tag Manager
- Integration of Google Maps
- Integration of YouTube-Videos
- Integration of Survicate
- Integration of Google reCaptcha
- Use of Usercentrics
- Information in section Publisher / Imprint
- Further Information
We appreciate your interest in our website and our company.
Below we inform you about personal data collected when you visit this website. Personal data is factual or personal information about a specific or specifically identifiable person, for example name, address, email address and user behavior.
Controller in accordance with Article 4 no. 7 European General Data Protection Regulation (GDPR):
Heidelberg Engineering GmbH
(for further contact information please refer to the section Publisher).
You can contact our Data Protection Officer at HeidelbergEngineering[at]compliance-datenschutz.de or at:
CL Compliance und Datenschutz GmbH & Co KG
Douglasstraße 11 – 15
Phone: +49 721 91250880
You can send an inquiry by using the provided email addresses or the general contact form.
The personal data you provide within this inquiry will be stored to process your concern. Data collected in this context will be deleted as soon as its storage is not necessary any more or processing will be limited in case of legal storage obligations. Your personal information will not be forwarded to third parties or otherwise transferred. (Legal basis is Article 6 paragraph 1 S. 1 lit. b GDPR)
3 Your rights
You have the following rights regarding your personal data:
- Right of information,
- Right of rectification and erasure,
- Right of restriction of processing,
- Right of objection to processing,
- Right to data portability.
You have also the right to lodge complain with a data protection supervisory authority against processing of your data by us.
4 Data collected when you visit our website
We solely collect those personal data your browser transmits to our server when you use our website for informational purposes only, without registering or transmitting information to us.
Every visit to our website and each request for data from the website are logged by the IP address of the requesting computer. This information is saved for display of our website, stability and safety purposes (Legal basis is Article 6 paragraph 1 S. 1 lit. c GDPR in connection with Article 32 paragraph 1 GDPR and Section 13 paragraph 7 TMG (Telemediengesetz, German Telecommunications Act)).
The following information is logged:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (concrete page)
- Access status/http status code
- Amount of data transferred with each request
- The requesting domain
- Operating system and its surface
- Language and version of browser software.
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your terminal device, assigned to the browser you are using, and through which certain information flows to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective.
This website uses the following types of cookies, the scope and function of which are explained below:
Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.
Here you will find information about the cookie logoff of the most common browsers:
Depending on their function and purpose, cookies can be divided into the following categories:
Essential cookies are required to be able to use the navigation and basic functions of the website.
Marketing cookies are used for the targeted, user-relevant presentation of content. This allows individual advertising to be controlled.
The legal basis for the processing of personal data using essential cookies is Article 6 paragraph 1 s. 1 lit. f GDPR.
The legal basis for the processing of personal data using other than essential cookies is Article 6 paragraph 1 s. 1 lit. a GDPR if the user has given his or her consent to this.
The cookie settings can be adjusted at any time under the following link and consent already granted can be revoked: Privacy settings.
6 Further functions and offers on our website
In addition to the purely informational content of our website, we offer several services you are able to use in case of interest. In some cases you have to provide us with additional personal data we need for performing our services. For this additional data, the principles of data processing as mentioned above apply.
In some cases we involve external service providers to process your data. These providers have been thoroughly chosen and authorized by us. They have committed to our instructions and will be monitored regularly.
If the registered office of our service providers and partners is outside of the European Economic Area (EEA), we inform you about the consequences of these circumstances in the description of the offer.
Prior registration is necessary in order to use our portals such as the Business Lounge or the Academy. For this a form of address, a first and last name, an email address, a password of your choice, and a country are required.
In order to access the portal as a registered user, a login using an email address and a password of your choice is required before each use. Within the areas designated by registration you can manage and process your personal data.
In addition, you have the option of contacting the Sales and Support departments via the form available under the “Contact” tab.
Your country will be identified by your IP address and your message is sent to the relevant contact in your country. These contacts are partners of Heidelberg Engineering GmbH, and process data in compliance with data protection law regulations.
6.4 Technical support
We offer registered users technical support. Here users are able to upload files in any format via the “File Exchange” which will be forwarded to a predefined support email address. Furthermore, “Remote Support” includes the option of allowing members of the technical support team to access a user’s PC with the previous consent of the user.
In “File Exchange” the uploaded data is deleted after 30 days.
7 Online orders
7.1 Online payment
In order to process payments, we pass on the necessary payment data to the credit institution commissioned with the payment or to the payment service provider selected by you in the order process.
For the payment method credit card we use the payment service provider Ingenico e-Commerce Solutions, Woluwedal 102, 1200 Brussels, Belgium.
In this case, we will forward the order number and the payment amount to the payment service provider when accepting your order. Your payment details are only collected by the payment service provider, who confirms receipt of your payment and forwards the payment to us. In this case, no payment data (eg credit card number) will be forwarded to us. (Legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR)
Further information about the payment service provider Ingenico can be found at: https://www.ingenico.com/privacy-policy
If your order involves a delivery with a shipping company, we will pass your data on to the shipping company responsible for the delivery, if this is necessary for the delivery of the goods. (Legal basis is Article 6 paragraph 1 s. 1 lit. b GDPR)
7.3 Processing of book orders
For the processing of book orders including invoicing and delivery, we use the fulfillment provider CFG Circle Fulfillment GmbH, Heinrich Lanz-Str. 7, 68723 Plankstadt, Germany (https://cfg-direktmarketing.de/). If you order a book from our website, we will forward the data entered by you in the online order form, the order number, the article description of the goods ordered and the payment amount to CFG Circle Fulfillment GmbH when accepting your order. We do not collect your payment details. After receipt of your order CFG Circle Fulfillment GmbH will send you an invoice. After receipt of your payment CFG Circle Fulfillment GmbH will ship the ordered goods to the delivery address specified by you.
8 Right of withdrawal or objection
You may object to the processing of your personal data with immediate effect at any time by withdrawing your consent. This withdrawal affects the legitimacy of processing your personal data as soon as you have expressed it.
You may object to the processing of your personal data if the processing is based on weighing of interests. This applies especially if data is not needed for contract fulfillment which we will explain in the following description of functions. If you decide to object to the collection of your personal data, we kindly ask you to submit reasons why we are not allowed to process your personal data according to our procedures. In case of a reasonable objection, we will examine the situation and will either stop or adjust the processing of your personal data or demonstrate compelling legitimate reasons for continuing the processing.
9 Convenience functions
10 Social Media
This website contains links to websites operated by social media platforms, for example facebook. You can to identify them by their logos. When you visit our websites no personal data will be transferred to the social media platforms. If you click on a link you will be forwarded to the platform, where personal data may be transferred. By using the link you leave our website and we are not able to influence the collection or processing of data, the amount of collected data or storage periods.
If you click on a social media link, the social media platforms receive information about the page of our website visited by you. In addition, we transmit the data listed in the section “ Data Collected when you visit our website”. This will happen regardless of you already having a social media account or being logged into an account. If you are logged into your personal social media account during your visit to our site, the platform will link data collected during your visit to the site of your account.
The social media provider stores personal data as user profiles and uses them for the purpose of advertisement, market statistics and individual website design. This analysis is used to provide the users with individual advertisements and to inform other users of this social media platform about your activities. You have the right to object to the creation of user profiles. To do so, please contact the provider of the respective social media platform.
a) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy
b) YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, https://policies.google.com/privacy?hl=en
With your consent to the collection, processing and use of your data, you can subscribe to our newsletters on various topics, with which we will regularly inform you about products, training offers, learning materials, events and news. For subscription to our newsletter, we use the so-called double opt-in process. This means that after you have registered, we will send you an email to the specified email address. In this email we ask you to confirm that you wish to receive the newsletter. In order to be able to prove your registration and, if necessary, to clarify a possible abuse of your personal data, we log the ordering of the newsletter. We save the sending of the confirmation e-mail and the receipt of your hereby requested answer as well as the data of the registration and confirmation. The data is used exclusively by Heidelberg Engineering and is not passed on to third parties. If you do not confirm your registration within two weeks, your information will be deleted.
Only your email address is mandatory information for sending the newsletter. Specifying additional data in respectively marked fields is voluntary but will allow to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. (Legal basis is Article 6 paragraph 1 s. 1 lit. a GDPR)
Please note that we analyze your user behavior when sending the newsletter. For this analysis, the e-mails sent contain tracking pixels, so-called one-pixel image files and personalized tracking links. We use this data to find out which topics are of interest to you and to improve the content provided. We record whether and when the newsletters we send to you are opened and which links are clicked on.
Tracking based on the one-pixel image files is prevented if you have deactivated the display of images in your e-mail program by default. In this case the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the above-mentioned tracking will take place. Clicks on personalized tracking links are always logged.
To deliver our newsletter service, we use Pardot, the marketing automation solution of Salesforce, which we explain in the “Pardot” section.
On this website we use Pardot, the marketing automation solution from Salesforce.com, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA, which is linked to our Salesforce CRM system. In addition to the Salesforce infrastructure, Pardot uses Amazon Web Services, Inc. as hosting provider (third-party hosting provider). The data processing is carried out on our behalf on the basis of a contract data processing agreement that we have concluded with Salesforce.
We use the Pardot software in online marketing for:
- systematically recording, analyzing and optimizing our website
- provision of personalized content and product recommendations
- implementation of (automated) marketing campaigns and advertising activities
- measuring the success of marketing campaigns
- implementation of our e-mail newsletter service
- provision of landing pages and forms
Pardot creates a user profile from the information about your interaction with our website and the content provided through it (including your IP address, the click path, the usage data in the section "Data collected when you visit our website" and cookies). We can merge the user profiles created through Pardot with your customer data stored by us and with other activities in order to address you individually, i.e. based on your interests and usage.
Pardot places cookies for website tracking. These tracking technologies help us to find out which topics are of interest to you. We can recognize which pages were visited and which links were clicked on. We use this information to improve the content we provide on the website. The legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR, if you receive a newsletter from us: Article 6 paragraph 1 s. 1 lit. a GDPR.
Pardot respects the "Do Not Track" initiative. You can configure this option in your browser. If this option is activated, Pardot does not use cookie-based tracking. If you want to prevent tracking by Pardot, you can ensure this as follows:
- via Privacy settings
- through your browser settings
- through an extension of your browser
However, this may lead to certain limitations in the functions and user-friendliness of our offer.
Pardot sets first-party cookies for tracking purposes, and sets third-party cookies for redundancy. Using first-party and third-party cookies together is standard in the marketing automation industry. Pardot cookies don’t store personally identifying information, only a unique identifier. Below is an overview of the cookies set by Pardot with a maximum validity of 365 days:
visitor_id<accountid>: The visitor cookie includes a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier, 12345, makes sure that the visitor is tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.
pi_opt_in<accountid>: If Tracking Opt-in preferences is enabled, the pi_opt_in cookie is set with a true or false value when the visitor opts in or out of tracking. If a visitor opts in, the value is set to true, and the visitor is cookied and tracked. If the visitor opts out or ignores the opt-in banner, the opt-in cookie value is set to false. The visitor cookie is disabled, and the visitor is not tracked.
visitor_id<accountid>-hash: The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash “855c3697d9979e78ac404c4ba2c66533”, and the account ID is 12345. This cookie is a security measure to make sure that a malicious user can’t fake a visitor from Pardot and access corresponding prospect information.
lpv<accountid>: This LPV cookie is set to keep Pardot from tracking multiple page views on a single asset over a 30-minute session. For example, if a visitor reloads a landing page several times over a 30-minute period, this cookie keeps each reload from being tracked as a page view.
For more information on Salesforce/Pardot, please visit:
13 Google Analytics
This website uses Google Analytics, a web analytics tool provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files saved on your computer, to help the website to analyze how you use the site. The information generated by the cookie and regarding your behavior when using the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. If the the IP anonymization is activated, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area before transferring data. Only in exceptional cases, the full IP address is sent to Google servers in the USA and then shortened.
On behalf of the website provider, Google will use this information for the purpose of analyzing your behavior when you are using the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider. Google will not link your IP address to any other data stored by Google.
You may disable cookies by selecting the appropriate settings in your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can object to forwarding the data collected with cookies when you visit this website (including the IP address) to Google and prevent Google from processing of data by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en-GB.
You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when you visit this website:
Please be aware that if you choose to disable all cookies, also opt-out cookies will be disabled as well.
This website uses Google Analytics with the extension „_anonymizeIp()“. With this extension, all IP addresses will be shortened what makes it impossible to link data to a particular individual. If for some reason data can be linked to a specific individual this link will be directly excluded and personal data will be deleted.
With Google Analytics, we do not collect any personal data that would allow us to identify a user. The collected data only serve to optimize user experience and site usability. (Legal basis for the use of Google Analytics is Article 6 paragraph 1 S. 1 lit. f GDPR)
14 Google Tag Manager
We additionally use the Google Tag Manager. With this service we are able to manage website tags. The Google Tag Manager only sets up tags. Tags are code that is used to measure traffic and visitor behavior. The tags are provided by other services - in our case Google Analytics. The Google Tag Manager only manages these tags, does not set cookies and does not collect any personal data. If tracking is deactivated, this also applies to all tracking tags managed by the Google Tag Manager.(Legal basis for the use of Google Tag Manager is Article 6 paragraph 1 s. 1 lit. f GDPR)
For more information about Google Tag Manager, please visit: https://www.google.com/analytics/terms/tag-manager/
15 Integration of Google Maps
On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website, allowing you to conveniently use the map feature. (Legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR)
By visiting the website Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in the section entitled “Data Collected when you visit our website” of this Declaration will be transmitted. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or custom design of its website. Such an evaluation is done in particular (even for non-logged in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the formation of these user profiles, and you must comply with this to Google.
16 Integration of YouTube videos
We have included YouTube videos in our online offering, which are stored on http://www.YouTube.com and are directly playable from our website. These are all integrated in the “extended privacy mode”, which means that if you do not play the videos, you will not transfer any data about you as a user to YouTube. Only when you play the videos, the following data will be transmitted. We have no influence on this data transfer. (Legal basis is Article 6 paragraph 1 s. 1 lit. f GDPR)
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data referred to in the section entitled “Data Collected when you visit our website” of this Declaration will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to associate with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is done in particular (even for non-logged in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these User Profiles, and you must be directed to YouTube to use them.
17 Integration of Survicate
On this website we use the survey tool from Survicate Sp. z o. o., Zamiany 8 LU2, Warsaw, mazowieckie 02-786, Poland ("Survicate"). This allows us to display interactive surveys directly on the website and enables you to participate.
Your entries in the surveys are forwarded to Survicate for evaluation purposes without any personal reference. Also the cookies that Survicate sets and processes to recognize whether a user has already participated in the survey do not contain any personal data.
For more information on Survicate please visit: http://help.survicate.com/en/articles/3943207-terms-of-service-privacy-policy-gdpr-and-dpa
18 Integration of Google reCaptcha
On this website we use the service "reCAPTCHA" of the company Google Inc. ("Google"). We use this service to detect abusive, automated machine processing ("bots") when entering information into our online forms. User behavior - such as mouse movements, IP addresses, or queries performed - is evaluated by Google reCaptcha to help differentiate individuals from bots. (Legal basis is Article 6 paragraph 1 S. 1 lit. c GDPR in connection with Article 32 paragraph 1 GDPR)
Information on the third party: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://www.google.com/recaptcha/.
19 Use of Usercentrics
On this website we use the Consent Management Tool Usercentrics of Usercentrics GmbH (Sendlinger Str. 7, 80331 Munich, Germany; ""Usercentrics""). The tool enables you to give your consent to data processing via the website, in particular to set cookies, and to make use of your right of withdrawal for consent already given. The data processing serves the purpose of obtaining and documenting necessary consents to data processing and thus to comply with legal obligations. Cookies can be used for this purpose. The following information, among others, may be collected and transmitted to Usercentrics: Date and time of the page view, information on the browser and device you are using, anonymised IP address, opt-in and opt-out data. This data will not be passed on to other third parties. The data processing is carried out to fulfil a legal obligation on the basis of Article 6 paragraph 1 s. 1 lit. c GDPR.
Further information on data protection at Usercentrics can be found at: https://usercentrics.com/privacy-policy/.
20 Information in section Publisher / Imprint
We expressly object to the use of the contact data we publish in the section Publisher as long as third parties use them to provide us with not explicitly requested advertisement or information material. In case of violation we reserve the right to take legal action, for example in case of receiving spam emails.
22 Further Information
Personal data processed in association with the provision of this website will be disclosed to the following recipient groups:
- technical service providers (e.g. data center)
Automated decision-making which produces legal effects concerning you or similarly significantly affects you, will not be used in association to you using this website.