heristo ag data protection notice
Thank you for visiting our website and for your interest in our company and our products. Protecting your privacy when using our website is important to us. We therefore act in compliance with applicable legislation on the protection of personal data and data security.
Below you will learn which websites this data protection notice applies to, which data we collect, process and use, which rights of access to information you have, and much more. In order to answer your questions quickly and in an easy-to-understand way, we laid out our data protection notice in a questions-and-answers format.
Who is responsible for this website?
The company/person stated in the Legal Notice is responsible for collecting and processing the data as described below.
Which websites does this data protection notice apply to?
This data protection notice applies to the use of websites (hereinafter "heristo web pages") offered by heristo ag and/or its subsidiaries (hereinafter "heristo"). This data protection notice does not apply to websites by other providers which are simply linked to from the heristo web pages.
What is personal data?
Personal data is individual information about the personal or factual circumstances of an identified or identifiable natural person. For instance, personal data includes your name, address, account details, your ID or telephone number, your car's number plate, your email address and IP number. Data which cannot be used to establish your true identity is non-personal data. This includes information on your sex, which browser you use and which brand of car you prefer.
Will I remain anonymous when using heristo web pages?
Yes. You will remain anonymous when using heristo web pages, as long as you do not voluntarily provide us with your personal data. The only exception to this principle is the temporary automatic establishment and storage of your IP number. You can learn more about that below.
Are personal data collected and processed automatically?
Yes. During each of your visits on our web pages we automatically collect information on which IP number is assigned to your computer, which browser and operating system you use and which web pages you viewed. These data are stored in so-called log files on the Web server. Only the IP number is classed as personal data. To protect against misuse of our computer systems, it is necessary to store the IP address of each visitor for a period of seven days. The legal basis for this is Art. 6 (1) f GDPR. If we further use the log files to create user profiles, either for the purposes of advertising, market research or to design our website to meet the needs of users, the IP numbers will be anonymised in advance. Otherwise, the IP numbers will be deleted from the log files. As a result, you will in any event remain anonymous even if we automatically collect and temporarily store your IP number.
Under which conditions are personal data otherwise collected, processed or used?
We only collect, process or use personal data, if you have provided us with these on a voluntary basis and furthermore, if it is permitted by law or you have given us your consent to do so. This is usually the case if you enter into an agreement with us online, or if you send us an enquiry.
For which purposes are personal data collected, processed or used?
We only use the personal data you have provided us with for purposes previously announced or agreed, usually according to Art. 6 (1) b GDPR for the preparation or performance of the agreement concluded, or according to Art. 6 (1) f GDPR to reply to your enquiry.
Are personal data used for the purposes of advertising or market research?
This is not the case without your consent. In some cases we may be interested in using your personal data for advertising, market research or other purposes in order to manage and improve customer relations. In such cases, we will, of course, inform you in advance and ask for your express consent in accordance with Art. 6 (1) a GDPR.
Are personal data transferred, sold or otherwise passed on to third parties?
Your personal data are not transferred, sold or otherwise passed on to third parties, unless this is necessary to perform an agreement according to Art. 6 (1) b GDPR or you have expressly given your consent according to Art. 6 (1) a GDPR. For example, when you order products it may be necessary for us to pass on your address and order details to our suppliers.
Will I be able to withdraw my consent?
Yes. You have the option at all times to withdraw your consent for the agreed use of your personal data for the future. To do so, please get in touch with the contact mentioned below.
Do heristo web pages use tracking features?
As a rule, heristo web pages use so-called session cookies, which place data for technical session control in the memory of your browser. These data are not personal and are deleted at the latest when your browser is closed. If exceptionally we wish to store personal data in a cookie, we will seek your express consent in advance in accordance with Art. 6 (1) a GDPR.
Processing is based on Art. 6 (1) f GDPR and on our legitimate interest in enabling or optimizing the ease of navigation for users and adapting the website layout accordingly.
How can I generally prevent cookies from being placed on my computer?
Even though cookies are only relevant for data protection purposes if they store personal data, many web users are fundamentally skeptical about these small data packages. Hence we would like to inform you that you can protect yourself from cookies being placed on your computer and that you can view their content. Modern browsers offer various functions to do so. You can find out more in the help section of your browser. You can, for instance, set your web browser to automatically block all cookies or to warn you before a cookie is being stored. Please note, however, that this may lead to reduced functionality in the use of the heristo web pages and web pages from other service providers.
What do I need to know about heristo company Facebook pages?
Some heristo companies operate an official Facebook page on the basis of Art. 6 (1) f GDPR. We do not collect, store or process any personal user data at any time on this page. Moreover, we do not carry out or initiate any further data processing. The data you enter on our Facebook pages, such as comments, videos or pictures, will not be used or processed for other purposes at any time.
Facebook uses so-called webtracking features on these pages. Please be aware that it cannot be ruled out that Facebook uses your profile data to analyze your habits, personal relationships, preferences, and so on. We have no influence on the processing of your data by Facebook.
How does heristo protect the security of my personal data?
heristo shall take all technical and organizational security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment which cannot be accessed by the public. If you wish to contact heristo by email, please note that the confidentiality of the information sent cannot be guaranteed. Email content may be read by third parties, similar to postcards. We therefore recommend you only send us confidential information by post.
Which rights do I, as the user of these web pages, have?
The GDPR grants you, as the user of these web pages, certain rights as regards the processing of your personal data:
- Right of access by the data subject (Art. 15 GDPR):
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information detailed in Art. 15 GDPR.
- Right to rectification and erasure (Art. 16 and 17 GDPR):
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, as the case may be, to have incomplete personal data completed. You have the right to obtain the erasure of personal data concerning you without undue delay, if one of the points listed in Art. 17 GDPR applies, e.g. if the personal data are no longer necessary in relation to the purposes for which they were collected.
- Right to restriction of processing (Art. 18 GDPR):
You have the right to obtain restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to processing, pending possible verification.
- Right to data portability (Art. 20 GDPR):
In certain cases listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, and to transmit those data to a third party.
- Right to object (Art. 21 GDPR):
If data are processed on the basis of Art. 6 (1) f GDPR (data processing for the purposes of the legitimate interests of the controller), you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We shall then no longer process the personal data unless compelling legitimate grounds for the processing have been demonstrated which override the interests, rights and freedoms of the data subject or if the processing is necessary for the establishment, exercise or defense of legal claims.
- Right to lodge a complaint with a supervisory authority:
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the data protection regulation. The right to lodge a complaint with a supervisory authority may be asserted in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.
Will this data protection notice change from time to time?
The fast technological development of the Internet and the changes to the law in the area of data protection make it necessary for us to adapt our data protection notice to new requirements from time to time. Please therefore take note of the latest version of the data protection notice. This data protection notice is dated 25 May 2018.