Thank you very much for your interest in our website. The protection of your privacy is very important to us. Please find below comprehensive information about how we handle your data.
This data privacy statement applies to the collection, processing and use of your personal data ("data processing") when using our website as well as our heroal Communicator. With regard to the terms used in this document such as “personal data” and “processing”, please refer to the definitions in Article 4 GDPR.
I. General Information
1. Data Controller
The data controller is:
heroal – Johann Henkenjohann GmbH & Co. KG, Österwieher Str. 80, 33415 Verl, Germany; Telephone: +49 5246 507-0; Fax: +49 5246 507-222; Email: email@example.com
2. Data Protection Officer:
Contact details for our data protection officer:
heroal – Johann Henkenjohann GmbH & Co. KG, Data Protection Officer, Österwieher Str. 80, 33415 Verl, Germany; Telephone: +49 5246 507-0; Fax: +49 5246 507-222; Email: firstname.lastname@example.org
3. What data do we process? What is the source of this data?
We process personal data that you voluntarily provide to us or that is created in connection with the use of our website and heroal Communicator.
Further information can be found in Section II – Processing of Personal Data.
4. Why do we process your data, and on what legal basis?
We process your personal data for various purposes and in accordance with the relevant data protection regulations, in particular GDPR and the German Data Protection Act (BDSG). The purposes of data processing are: The fulfilment contractual obligations (Article 6 (1) (b) GDPR), the safeguarding of legitimate interests (Article 6 (1) (f) GDPR); your consent (Article 6 (1) (a) GDPR) and/or to fulfill legal requirements (Article 6 (1) (c) GDPR).
The specific legal grounds for our processing of your personal data can be found in Section II – Processing Personal Data.
5. Who gets my data?
Service providers (so-called processors, see Article 4 (8) GDPR) employed by us may receive personal data. We use the following data processors or categories of data processor:
- IT service providers
- Google Inc.
- Facebook Inc.
- Pinterest Europe Ltd.
- Adform A/S
- wiredminds GmbH
Disclosure to third parties who process personal data under their own responsibility (so-called controllers, see Article 4 (7) GDPR) does not take place.
6. Transfer of Personal Data to Third Countries
Your personal data is not transferred to countries outside the European Economic Area (EEA).
7. Storage of Data
We process your personal data only as long as necessary to fulfill the processing purpose.
In addition, we are subject to various retention and documentation obligations. These arise, for example, from the German Commercial Code (HGB) or the German Tax Code (AO), under which we may be required to retain data for up to 10 years.
Finally, the retention period is also determined based on statutory limitation periods, which can be up to thirty years. This is the case, for example, under Article 195 et seq. of the German Civil Code (BGB), where the regular period of limitation is three years.
8. Your Rights
Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR and the right to data portability under Article 20 GDPR. In order to exercise the aforementioned rights, you may contact the bodies referred to in points 1 and 2 of Section I – General Information.
If you have consented to us processing your data, you can revoke this consent at any time. You can do this by simply writing to us; you do not have to fill out a specific form. The revocation should preferably be directed to the bodies mentioned in Section I – General Information under points 1 or 2.
In addition, data subjects have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). The responsible supervisory authority for heroal is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (North Rhine-Westphalia Comissioner for Data Protection and Information Freedom, LDI NRW)
In addition, you have a right to object. This is explained in more detail at the end of this privacy notice.
II. Processing of Personal Data
1. Automatic Collection of Access Data/Server Log Files
When you visit our website, the following data record is automatically stored for each visit:
- IP address of the requesting computer
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Nature of the requirement (which page)
- Access status/HTTP status code
- Amount of data transferred
- Website from which the request comes
- Browser type and language and version of the browser software
- Operating system and its interface
The personal data in log files are processed based on Article 6 (1) (f) GDPR. The purpose of the data processing and our legitimate interest are to make our website easier to administer and display, ensuring its stability, and helping us identify and track hackers.
Our website uses the following types of cookies, the scope and operation of which are explained below.
Necessary cookies ensure that all functions of the site can be fully displayed and used.
- PHPSESSID (this cookie stores your current session with respect to PHP applications and ensures that all functions of the page based on the PHP programming language can be fully displayed.)
Analytical cookies come from external companies (third-party cookies) and collect information about your use of our website. This is so that we can improve its content and attractiveness, thus optimizing the user experience and website usability.
- _ga (Google Analytics)
- _gat_UA-43175119-1 (Google Analytics)
- _gid (Google Analytics)
- _dc_gtm_UA-43175119-1 (Google Tag Manager)
- Matomo (only for heroal Communicator)
Marketing cookies are provided by external advertising companies (third-party cookies) and are used exclusively for marketing purposes. The cookies help us to display targeted ads which are relevant to users and adapted to their interests. They are also used to limit the number of times an advert is shown and to measure the effectiveness of advertising campaigns.
- fr (Facebook)
- IDE (Doubleclick)
- NID (Google)
- 1P_JAR (Google)
- CONSENT (Google)
- UULE (Google)
- DV (Google)
- SSID (Google)
- SID (Google)
- APISID (Google)
- OGPC (Google)
- SAPISID (Google)
- HSID (Google)
- AID (Google)
- PREF (YouTube)
- VISITOR_INFO1_LIVE (YouTube)
- YSC (YouTube)
- CM (Adform)
- CM14 (Adform)
- cid (Adform)
- uid (Adform)
- C (Adform)
3. Google Analytics
This offer uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on users' computers to enable the analysis of how visitors use the site. The information generated by the cookie about the use of this website by the users is usually transmitted to a Google server in the USA and stored there.
In the case of activation of the IP anonymisation on this website, the IP address of users will be truncated in advance by Google within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and shortened there. The IP anonymisation has been activated on this website. On behalf of the operator of this website Google will use this information to evaluate the use of the site by the users, compiling reports on website activity and providing other website and Internet related services to the website operator.
You can prevent Google Analytics from collecting your data on our website by clicking on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website: Click here to opt-out from Google Analytics.
The processing of personal data by Google Analytics is based on Article 6 (1) (f) GDPR. The purpose of the data processing and our legitimate interest lies in the analysis of how our website is used.
4. Matomo (formerly Piwik)
heroic Communicator uses the website analysis service Matomo to analyze and continually improve our website for users.
Cookies are stored on your computer to perform this analysis. The information collected in this way is stored exclusively on our server in Germany. You can prevent this analysis by deleting existing cookies and blocking the storage of cookies. If you block the storage of cookies, we must advise you that you may not be able to use all of heroic Communicator’s features. You can block the storage of cookies by changing the relevant settings in your browser.
heroal Communicator uses Matomo with the AnonymizeIP extension. As a result, IP addresses are further processed in a truncated form to prevent them from being traced back to any particular individual. The IP address transmitted by Matomo from your browser will not be associated with other data collected by us.
The legal basis for the use of Matomo is Article 6 (1) (f) GDPR. The purpose and our legitimate interest is to improve our website and make it more interesting for you as a user.
Matomo is an open source project. Privacy information from this third-party provider is available at http://Matomo.org/privacy/policy.
5. Google Remarketing
We use Google remarketing. This is the process by which we resume contact with you. This application allows us to display advertisements to you when you continue browsing after you have visited our website. This is done by means of cookies stored in your browser, through which your usage behavior is recorded and evaluated by Google when you visit various websites. This is how Google determines that you have previously visited our website. Google claims that it does not merge the personal data obtained via remarketing with other personal data that may be saved by Google. According to Google, pseudonymization is also used in remarketing.
The legal basis for this is Article 6 (1) (f) GDPR. The purpose and legitimate interest is targeted advertising.
For more information about privacy and Google remarketing, see https://policies.google.com/technologies/ads.
6. Google DoubleClick
With the marketing tools used, your browser automatically establishes a direct connection to a Google server. We have no control over the extent and continued use of data collected through Google’s use of this tool. By including DoubleClick, Google receives the information that you have accessed the relevant part of our website or have clicked on one of our ads. If you are registered with a Google service, Google may link your visit to your account. Even if you are not registered with Google or you are not logged in, there is a chance that the provider will find and store your IP address.
You can block this tracking in several ways: a) By setting your browser software accordingly. In particular, blocking third-party cookies will prevent you from receiving any third-party advertisements; b) By disabling cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com. This setting will be deleted when you delete your cookies; c) By deactivating the interest-based advertisements of the providers that are part of the About Ads corporate self-regulation campaign via the link http://www.aboutads.info/choices. This setting will be deleted when you delete your cookies; d) By permanent deactivation in your browser via the link http://www.google.com/settings/ads/plugin. Please note that if you do this, you may not be able to use all the functions and features of this website.
The legal basis for the processing of your data is Article 6 (1) (f) GDPR. The purpose and legitimate interest is targeted advertising and monitoring our advertising campaigns.
Learn more about DoubleClick by Google at https://www.google.com/doubleclick and http://support.google.com/adsense/answer/2839090. There is also general information about Google and data protection at https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google is subject to the EU-US privacy shield: https://www.privacyshield.gov/EU-US-Framework.
7. Facebook Custom Audiences
The website also uses the Custom Audiences remarketing feature from Facebook Inc. (1601 S California Ave, Palo Alto, California 94304, USA; hereinafter referred to as "Facebook"). As a result, users of the website may be presented with interest-related ads ("Facebook ads") when they visit the social media platform Facebook or other websites.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and further use of the data collected via this tool by Facebook and therefore provide this information to you based on our best knowledge: By integrating Facebook Custom Audiences, Facebook receives information that you have accessed part of our website or have clicked on a message from us. If you are registered with a Facebook service, Facebook may link your visit to your account. Even if you are not registered with Facebook or you are not logged in, there is a chance that the provider will find and store your IP address and other information, which could be used to identify you.
Logged-in users can disable Facebook Custom Audiences via https://www.facebook.com/settings/?tab=ads#_.
The legal basis for the processing of your data is Article 6 (1) (f) GDPR. The purpose and legitimate interest is targeted advertising.
For more information about Facebook data processing, please visit https://www.facebook.com/about/privacy. Facebook also processes your personal data in the US and has submitted to the EU-US Privacy Shield (Link: https://www.privacyshield.gov/EU-US-Framework).
8. Social Media Plug-ins
We use the following social media plug-ins: Pinterest. The provider of the plug-in receives the information that you have visited a specific part of our website. In addition, automatically collected access data are transmitted. This includes the name of the internet provider, the name of the internet browser used, the date and time of the website was accessed, the amount of data transferred, the IP address and the description of the internet browser used. The plug-in, therefore, transmits personal data from you to the respective provider of the plug-in and is stored there (in the US, in the case of US providers).
We have no influence over the collected data and data processing, nor are we aware of the full scope of data collection, the purposes of data processing or the storage periods. We likewise have no information on deletion of this data by the provider.
The providers of the plug-ins store the data collected about you as usage profiles and use them for advertising, market research and/or on-demand design of their websites. Such an evaluation is made in particular (also for users who are not logged in) to display advertising on demand and to inform other users of the social network about your activity on our website. You have the right to object to the creation of these user profiles. To exercise this right, you have to contact the plug-in provider directly.
The plug-in providers collect data irrespective of whether you have an account with them or are logged into any such account. If you are logged into your account with the plug-in provider, your collected data will be directly linked with your account with the provider of the plug-in. If you click on the activated button and, for example, if you to link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts.
By using the plug-ins, we provide you with the opportunity to interact with social networks and other users, which allows us to improve our website and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 (1) (f) GDPR.
For more information on the purpose and scope of data collection and how it is processed by each plug-in provider, please refer to the privacy statements provided below. There you will also find further information about your rights and settings options for the protection of your privacy.
The address of the respective provider of plug-ins and links to the corresponding privacy notices:
a) Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA.
9. Google Maps
This website uses the Google Maps product from Google. Google Maps is integrated as a two-click solution. If you agree to use Google Maps on a sub-page where Google Maps is embedded and you activate the plug-in, Google will receive information that you have accessed a part of our website. In addition, data is collected that your browser transmits to Google. These include the IP address, the date and time of the request, the amount of data transferred, the operating system and its user interface, and the language and version of the browser software.
This is done regardless of whether Google provides a user account that you are logged in to, or whether you have no Google account. If you are logged in to Google, your data will be directly linked to your account. If you do not want this link to your Google profile, you must log out before activating the button. Google stores your data as a usage profile and uses it for purposes of advertising, market research and/or customization of its website. To exercise any rights, such as a right to object to the formation of these user profiles, you must contact Google.
The legal basis for the use of Google Maps is Article 6 (1) (f) GDPR. The purpose and legitimate interest are the provision of the map feature to users of our website.
We have embedded YouTube videos on our website. These are stored on www.youtube.com and can be played directly from our website. The videos are embedded in extended privacy mode, which means that your personal user data is not sent to YouTube if you do not play the videos. Only when you play a video, the data referred to in the following paragraph will be transmitted. We have no influence over this data transfer.
By playing the video, YouTube receives information that you have accessed a sub-page of our website. In addition, data is collected that is then sent to YouTube by your browser. This includes the IP address, the date and time of the request, the amount of data transferred, the operating system and its user interface, and the language and version of the browser software.
This is done regardless of whether YouTube provides a user account that you are logged in to, or whether you have no YouTube account. If you are logged in to Google, your data will be directly linked to your account. If you do not want this to be identified and linked to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for purposes of advertising, market research and/or customization of its website. Such an evaluation is made in particular (even for users who are not logged in) to provide advertising on demand and to inform other users of the social network about your activity on our website. To exercise any rights, such as a right to object to the formation of these user profiles, you must contact Google.
The legal basis for the embedding of YouTube videos is Article 6 (1) (f) GDPR. The purpose and legitimate interest are the provision of YouTube videos on our website to provide the user with the most pleasant experience possible.
11. heroal Communicator
As a user of the heroal Communicator, you have the opportunity to view and/or download and/or otherwise use content in connection with heroal products, such as catalogues, design drawings and various software tools and software for the administration and display of content and data. You can also communicate with heroal electronically via the heroal Communicator. We will store the data you provide upon registering to use the heroal Communicator (inventory data) in our Customer Relationship Management system (CRM system) and merge it with any customer data already stored there. We will also keep a record there of which documents you have downloaded. In addition, we evaluate in an anonymised form the data relating to your use of the heroal Communicator, such as which functions of the heroal Communicator are used. This evaluation is performed exclusively for the purpose of improving the heroal Communicator and cannot be traced back to you.
The processing of personal data is carried out based on Article 6 (1) (b), (f) GDPR. The purpose of the data processing and our legitimate interest lies in customer care, the provision of the aforementioned content, the initiation of contracts and in the ability to answer messages addressed to us.
On our website you will find contact forms which can be used to contact us online (e.g. if you are looking for specialist service providers). Alternatively, you can contact us via our email address. If you contact us via one of these channels, we collect the personal data entered and sent.
If you use the contact form, the processed personal data comprise the master data entered there (mandatory fields: first name, family name, email address, address, optional fields: telephone number, the products that are of interest to you). If you contact us directly via email, we will process your email address and any personal data found in the text of the email.
The processing is based on Article 6 (1) (f) GDPR. The purpose of the data processing and our legitimate interest lies in customer care and in being able to answer the messages addressed to us.
heroal sends newsletters, emails and other electronic messages (hereinafter referred to as “newsletters“) subject to the consent of the recipients or a statutory permission.
In our newsletters, we inform you about current topics and news about heroal and the heroal product range.
We use a double-opt-in process for newsletter signup. After signup, an email will be sent to the email address submitted, asking you to confirm your interest in receiving newsletters. If you do not confirm your signup within 60 days, your information will be deleted. In addition, we save the IP addresses used by you and the time of signup and confirmation. The double-opt-in process serves as a means to prove your signup, and to follow up on any potential abuse of your personal data, if any.
Your email address is the only mandatory information needed to subscribe to newsletters. The provision of further, especially marked data is voluntary, and will be used to address you in a more personal way. After having received your confirmation, we save your email address for the purpose of sending you newsletters. (Legal basis: article 6 subparagraph 1 point a GDPR)
We record information regarding browsing habits in order to improve our newsletters technically. A separate revocation of the performance measurement is not possible.
You can cancel your newsletter subscription at any time and unsubscribe from newsletters. If you want to unsubscribe, please click the link provided in each email newsletter, or send an email to email@example.com or a message to the contact given in the legal notice (Impressum).
We use the email marketing platform Mailchimp to send newsletters:
email marketing platform; service provider: “Mailchimp“ – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; website: https://mailchimp.com; data privacy statement: https://mailchimp.com/legal/privacy/.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
15. Google Web Fonts
This website uses Google Web Fonts for a uniform presentation of contents. When you open the website, you load fonts from external servers by Google in the US. For this purpose, the browser used by you has to establish a direct connection to Google servers. Google thus becomes aware that our website was accessed via your IP address. We use Google Web Fonts in the interest of a uniform and appealing presentation of our online offers. This constitutes a justified interest pursuant to art. 6 (1) lit. f GDPR.
For further information on Google Fonts please see here: https://developers.google.com/fonts/faq?hl=de-DE&csw=1
16. Adform A/S
In order to make use of interest-based advertising, cookies provided by Adform A/S,
Wildersgade 10B, 1, 1408 Copenhagen K, Denmark, are installed. Pseudonymous user profiles are created to save information about operating systems, browser versions, IP-addresses, location and number of clicks or views. The collected data are used for the following purposes:
- to record the number of visitors on our websites
- to determine in which order a visitor visits the different website contents
- to identify website contents that require adaptation
- to optimise the website
The legislative basis for this is Art. 6 par. 1 point (f) GDPR.
By clicking on this link you can choose to accept an opt-out cookie that blocks any further data collection: https://site.adform.com/privacy-center/platform-privacy/opt-out/
You can also block cookies or regularly delete cookies installed via your browser settings. Please note that this way of managing cookies also deletes the opt-out cookie, i.e. you have to exercise your right of objection again.
17. Microsoft Advertising
We use remarketing and conversion tracking by Microsoft Advertisings (formerly Bing Ads) on our website. This service is provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, hereinafter referred to as „Microsoft“, and uses Universal Event Tracking (UET).
Microsoft is certified according to the EU-US Privacy Shield and undertakes to process any data in compliance with the EU-regulations on data protection, even after the transfer of data to the US. Article 6(1)(f) GDPR serves as a legislative basis for this. The analysis, optimisation and economic operation of our website constitute our justified interest.
By clicking on one of our ads placed on the search engine Bing, Microsoft stores a cookie with a tracking function on your end device, using your internet browser. This tracking cookie does not serve any personal identification purposes and has a validity of 180 days. As long as the cookie is valid, both Microsoft and we are able to see that you, when visiting specific pages of our website, clicked on our ad on Bing before and were transferred to our website.
Microsoft uses the information collected this way in order to provide us with statistics about the visitors of our website. Among other things, these statistics include information about the number of clicks on our ads on Bing and the following visits of our website. However, we do not receive any information enabling us to identify you personally.
Via cross-device tracking, Microsoft may also be able to track you and your consumer behaviour across multiple devices. This way, Microsoft is able to show you personalized advertising across multiple end devices.
If you do not agree to this kind of processing, you have the possibility of blocking cookies in your browser settings. If you should have a Microsoft account, you can also go to https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-GB in order to change the settings for personalized advertising. Furthermore, Microsoft provides more information on Microsoft Advertising, data collection, use of data and privacy protection here:
18. Usercentrics Consent Management Platform
This is a consent management service. Processing company: Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany.
- Compliance with legal obligations
- Storage of Consent
- Accept Cookies
- Local storage
- Consent "Yes" or "No"
- Log file data (IP (anonymised))
Data Collected: This list represents all (personal) data that is collected by or through the use of this service.
- Device information
- Browser Information
- Anonymised IP Address
- Opt-in and opt-out data
- Date and time of visit
Legal Basis: In the following the legal basis for the processing of personal data required by Art. 6 I 1 GDPR is listed: Art. 6 para. 1 s. 1 lit. c GDPR
Location of Processing: European Union (Consent database is located in Belgium). Retention Period: The Consent data (given consent and the consent revocation) will be kept for a period of three years. A data export takes place after termination of the contract.
Data Recipients: Usercentrics GmbH
19. LinkedIn Insight and Conversion Tracking
We use LinkedIn’s Insight Tag on this website. The LinkedIn Insight Tag generates a LinkedIn “browser cookie” that collects the following data:
- IP address,
- Page activities,
- demographic data from LinkedIn if the user is an active LinkedIn member.
Information About Your Right to Object per Article 21 of the General Data Protection Regulation (GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on Article 6 (1) (f) GDPR (data processing for the purposes of legitimate interests), including profiling based on those provisions within the meaning of Article 4 (4) GDPR.
If you make use of this right to object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
We may occasionally process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes.
The objection can be made without using a form and, if possible, should be directed to the bodies mentioned in the privacy statement in points 1 and 2 of Section I – General Information.