Privacy policy
General notes
With these notes, we inform visitors and users of the website about the type, scope and purpose of the processing of personal data when visiting the website or using the services provided on it. We also provide information about the rights to which data subjects are entitled on the basis of data processing.
Definitions
These notes and explanations are based on the terminology of the General Data Protection Regulation (GDPR):
Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Controller or person responsible for the processing
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. Authorities acting within the scope of a specific investigation mandate under Union law or the law of the
Third
Third party means any natural or legal person, public authority, agency or other body other than the visitor to the Website, the Controller, the Processor and the persons authorized to process the personal data under the direct responsibility of the Controller or the Processor.
Consent
Consent shall mean any freely given specific and informed indication of intention in the form of a statement or other unambiguous affirmative act by which the person concerned signifies his or her agreement to the processing of his or her personal data.
Responsible entity
HEITEC AG
Güterbahnhofstraße 5, 91052 Erlangen
Telefon: +49 9131 877 0
E-Mail: info@heitec.de
Person responsible for data protection
Sepire GmbH
Am Felsenkeller 12, 90530 Wendelstein
Telefon: +49 9129 907 68 99
E-Mail: info@sepire.de
Cookies
General information
So-called cookies are used on the website. Cookies are text files that are stored on the computer system. Many cookies contain a unique identifier consisting of a string of characters by which users can be recognized by the system. This is used to adapt the Internet offer individually and user-friendly to the respective visitor.
There are different types of cookies. Most cookies are deleted from the hard drive at the end of the browser session (so-called session cookies). Other cookies remain on the computer and make it possible to recognize the computer on the next visit (so-called permanent cookies). These cookies are used, for example, to greet you with your individual user name and make it unnecessary, for example, to re-enter user names and passwords or to fill out forms. Translated with www.DeepL.com/Translator (free version)
Consent and functionality of the cookie banner
The required legal basis for the processing of data through the use of cookies differs according to whether the data processing is technically necessary or technically unnecessary and whether the collected data is transferred to recipients in a third country. As a rule, the use of cookies is only permitted with the consent of the data subject based on the individual case.
If the use of cookies is not desired, the visitor can prevent the use of cookies by disabling the setting and storage of cookies in the settings of his browser. Existing cookies can also be deleted at any time in the settings. This is possible in all standard Internet browsers.
In addition, a cookie banner is set up on the website, which appears each time you visit the website. Via the cookie banner, consent can be limited to the use of technically necessary cookies or extended to technically unnecessary cookies. Consent can also be given only for individual cookies.
Overview of the cookies used
The cookies listed below are present on the website.
Collection of data and information
When the website is accessed, general data and information is collected and stored in log files on the server.
Data is collected on the type and version of browser used, the operating system used to access the website, the website from which the visitor accessed the website, the subpages accessed by the visitor, the date and time of access, the IP address, the Internet service provider and other similar data and information used to avert danger in the event of attacks on the IT system.
Under no circumstances are conclusions drawn about the person of the visitor. Rather, the information is required so that the content of the website can be displayed correctly. The data is also collected in order to have the information available that is required for prosecution by the competent law enforcement authorities in the event of a cyber attack.
In any case, the data is collected anonymously and stored separately from other personal data that may be collected elsewhere in compliance with the legal data protection requirements.
Possibility of registration
The website may offer the possibility for visitors and users to register.
The type, scope and content of the data that is collected in the process can be seen from the input mask. In any case, the collected data will be collected and stored exclusively for our own purposes, in order to be able to carry out processing operations initiated by the visitor.
During registration, the IP address, the date and the time of registration are stored. This is done for the purpose of preventing misuse of the services provided and, if necessary, to be able to clarify any criminal acts. The data will not be passed on to third parties. Data will only be passed on if there is a legal obligation to pass it on or if it serves the purpose of criminal prosecution.
Insofar as information can be provided voluntarily during registration, this will only be used for the purpose of offering the visitor to the site content or services that can only be offered to registered users. The data collected during registration can be changed or completed at any time. The data can also be deleted at any time.
Registered users have the right at any time to send a request to the operator of the website to obtain information about what data is stored about him. Registered users also have the right to request the correction or deletion of their data at any time. In the event that the data must be retained due to legal regulations, the data will be blocked until the retention obligation expires, so that data processing can no longer take place and the data can only be processed for the purpose due to which the retention obligation exists.
Newsletter
Insofar as the website offers the option of subscribing to a newsletter, personal data is collected. The type, content and scope of the data can be found in the relevant registration mask.
In order to avoid the use of third-party data during registration, a confirmation email is first sent to the specified email address, which contains a link with which the recipient confirms registration to receive the newsletter. This sends us a message that the registration for the newsletter has been confirmed. Only then will newsletter messages be sent to the registered e-mail address.
When registering for the newsletter, the IP address and the date and time of registration are stored. Accordingly, the collection serves both the prevention of misuse and legal protection.
The personal data collected when registering for the newsletter is used exclusively for sending newsletters.
The data will not be disclosed to third parties. The registration for the newsletter can be revoked at any time. For this purpose, each newsletter contains a link with which the cancellation of the registration is transmitted to our system.
Contact via the website
Due to legal regulations, the website contains information that enables a quick electronic contact or direct communication with the operator of the website.
In the event of contact being made, e.g. by e-mail or via a contact form, the personal data transmitted will be stored automatically.
In any case, the data will be processed only for the purpose resulting from the contact and will not be disclosed to third parties, unless the disclosure is necessary for the processing of the contact.
Comment functions
If it is possible to leave individual comments on the website, the comment itself as well as the time of comment entry and the pseudonym selected by the user are stored and published. Furthermore, the IP address is logged.
The data is stored for security reasons and in case the comment violates the rights of third parties or illegal content is published. A transfer to third parties does not take place in principle, unless the transfer is required by law or for legal defense.
Routine deletion and blocking of personal data
Personal data is only stored for as long as is necessary for the respective purpose of the processing or due to legal requirements.
After the purpose has been achieved or the legally prescribed retention period has expired, the personal data will be deleted routinely and in accordance with the statutory provisions. If the intended purpose of the processing has been achieved, but the data may not yet be deleted due to legal requirements, the data will be blocked.
Legal basis of processing
The data processing is based on Art. 6 para. 1 DS-GVO. According to this, data processing is permissible if it
- takes place with the consent of the person concerned;
- is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures;
- is necessary for the fulfillment of a legal obligation;
- is necessary to protect the vital interests of the visitor to the website or another natural person;
- is necessary to protect the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the visitor to the website that require the protection of personal data, in particular where the visitor is a child.
Insofar as the data processing cannot be based on any other legal basis thereafter, the data processing shall in principle only be carried out with the consent of the data subject, which shall be obtained and documented by the data subject prior to the start of the processing.
Insofar as data processing is based on a legitimate interest, it is additionally necessary to weigh up the interests of the data subject before processing begins, which may nevertheless preclude data processing, even if data processing appears to be expedient for business purposes. In this case, expediency is regularly not sufficient. Rather, it is necessary that significant interests of the company, its employees or shareholders or owners are directly affected by the data processing.
Right to information and rectification
Persons whose data is processed have a legal right to information, correction and deletion of their data. The rights can be exercised at any time by the data subject submitting a request to this effect to the data protection officer or the management.
In the event of a request for information, information must be provided on the following contents:
- Processing Purposes;
- Categories of personal data processed;
- Recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- Existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing;
- Existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from the data subject: All available information about the origin of the data;
- Existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject; transfer of data to a third country or to an international organization and about the appropriate safeguards in connection with the transfer.
In the event of a request for correction, incorrect data must be corrected or completed.
Right to deletion
In the event of a request for deletion, the personal data concerned shall be deleted without delay,
- if the personal data have been collected or otherwise processed for purposes for which they are no longer needed;
- the data has been collected solely on the basis of the data subject's consent, which the data subject has revoked;
- the data subject objects to the processing pursuant to Art. 21 DS-GVO and in case of revocation pursuant to Art. 21 (1) DS-GVO no overriding legitimate grounds for the processing exist;
- the personal data have been processed unlawfully;
- the deletion is required by law.
In the event that the data to be erased has been made public, appropriate measures shall be taken in accordance with Article 17(1) of the GDPR, taking into account the available technology and the cost of implementation, to inform third parties that process the published personal data of the erasure request.
Right to restriction of processing
The data subject has a legal right to request the restriction of the processing of his or her data if he or she disputes the accuracy of the personal data or has lodged an objection pursuant to Article 21 (1) of the GDPR. In this case, the processing shall be restricted for a period of time necessary to verify the accuracy of the personal data or to determine whether there are grounds for the data processing that override the interest of the data subject. However, if the processing is then unlawful and the data subject refuses the erasure of his or her data, he or she may also request the restriction of the processing of his or her data instead.
The processing of data shall also be restricted if the data is no longer required for the purpose for which it was collected, but the data must still be retained for the assertion, exercise or defense of legal claims.
The above rights may be exercised at any time by the data subject by sending a request to the Data Protection Officer or the Management.
Right to data portability
Individuals whose data are processed have a legal right to have the data handed over in a structured, common and machine-readable format or transferred to a third party without hindrance if the processing is based on consent pursuant to Art. 6(1)(a) DS-GVO or
The rights may be exercised at any time by the data subject submitting a request to the Data Protection Officer or the Management.
Right to object
Data subjects have a legal right to object to data processing at any time.
In the event of an objection, the data will no longer be processed unless there are demonstrably compelling legitimate grounds for continuing to process the data which override the interests, rights and freedoms of the visitor to the website, or if the processing serves the purpose of asserting, exercising or defending legal claims.
In the event of an objection to processing for advertising purposes, the objection shall generally take precedence. The data will then no longer be used for advertising purposes.
The rights may be exercised at any time by the data subject submitting a request to the data protection officer or the management.
Right to revoke consent under data protection law
Data subjects may revoke their consent to data processing at any time.
The rights may be exercised at any time by the data subject submitting a request to the data protection officer or the management.
Automated decisions in individual cases including profiling
Data subjects have a legal right to expect that a decision concerning them which produces legal effects is not based solely on automated processing or similarly significantly affects them. This does not apply to decisions which are necessary for the conclusion or fulfillment of a contract with the data subject, or where this is permitted by law and appropriate measures are included to protect the rights and freedoms and legitimate interests of the website visitor, or where this is done with the explicit consent of the website visitor.
If the decision is necessary for entering into, or the performance of, a contract, or if the automated decision is made with the explicit consent of the data subject, reasonable steps will be taken to safeguard the rights and freedoms, and the legitimate interests, of the website visitor, such as.
If the data subject wishes to exercise the rights concerning automated decisions, he or she may, at any time, contact our data protection officer or another employee of the controller.
The rights may be exercised at any time by the data subject submitting a request to the data protection officer or the management.
An automated decision in individual cases and profiling does not take place regardless of this.
Use of legal services
The legal service of LRN Rechtsanwaltskanzlei Dr. Markus Lintner, Äußere-Sulzbacher Straße 155a, 90491 Nuremberg, Germany, is used on this website.
The purpose of the Legal Service is the provision of legal texts on the website by the provider of the service for the fulfillment of the legally prescribed information obligations. The data processing is based on Art. 6 para. 1 letter c) DSGVO.
The service is a content delivery network (CDN). The content provided on the website is retrieved in the background from a server other than the server on which the website is operated. This makes it possible to transmit information that is collected when visiting the website to the CDN.
However, by using the Legal service, no data is collected and stored by the provider of the service itself.
Information security
Information security serves to ensure the three protection goals of confidentiality, integrity and availability of information. If you have discovered a threat to these protection goals, please report this as a possible security incident to our responsible office:
HEITEC AG
Information security
E-Mail: informationssicherheitsbeauftragter@heitec.de
Address: Güterbahnhofstraße 5, 91052 Erlangen, Deutschland
TISAX Responsibilty Hungary
E-Mail: tisax_hun@heitec.hu
Address: Kaposvár utca 14-18, H-1117 Budapest, Ungarn
Version H20.24.11.4