Privacy Policy

How we handle your data and your rights - information in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

We, heroal - Johann Henkenjohann GmbH & Co. KG (hereinafter also “heroal”), thank you for your interest in our website. The protection of your privacy is very important to us. Please find below comprehensive information about how we handle your data.

This data privacy statement applies to the collection, processing and use of your personal data ("data processing") when using our website as well as our heroal Communicator.

With regard to the terms used in this document such as “personal data” and “processing”, please refer to the definitions in Article 4 GDPR.

I. General Information

1. Data Controller

The data controller is:

heroal - Johann Henkenjohann GmbH & Co. KG, Österwieher Str. 80, 33415 Verl; Telephone +49 5246 507-0; Fax: +49 5246 507-222; Email: info@heroal.de

2. Data Protection Officer

Contact details for our data protection officer:

heroal - Johann Henkenjohann GmbH & Co. KG, Data Protection Officer, Österwieher Str. 80, 33415 Verl; Telephone: +49 5246 507-0; Fax: +49 5246 507-222; Email: datenschutz@heroal.de

3. What data do we process? What is the source of this data?

We process personal data that you voluntarily provide to us or that is created in connection with the use of our website and heroal Communicator.

Further information can be found in Section II – Processing of Personal Data.

4. Why do we process your data, and on what legal basis?

We process your personal data for various purposes and in accordance with the relevant data protection regulations, in particular GDPR and the German Data Protection Act (BDSG). The purposes of data processing are: The fulfilment contractual obligations (Article 6 (1) (b) GDPR), the safeguarding of legitimate interests (Article 6 (1) (f) GDPR); your consent (Article 6 (1) (a) GDPR) and/or to fulfil legal requirements (Article 6 (1) (c) GDPR).

The specific legal grounds for our processing of your personal data can be found in Section II – Processing Personal Data.

5. Who gets my data?

Service providers (so-called processors, see Article 4 (8) GDPR) employed by us may receive personal data. We use the following processors or categories of processors:

  • neusta webservices GmbH (operations, support)
  • kernpunkt Digital GmbH (operations, support)
  • Google Inc. (in connection with the cookies from Google that we use)
  • Facebook Inc.
  • Matomo
  • Adform A/S
  • Hotjar Ltd.
  • Rocket Science Group LLC d/b/a Mailchimp
  • Usercentrics GmbH
  • LinkedIn Inc.

We also partly transfer your personal data to third parties under their own responsibility (so-called controllers, see Article 4 (7) GDPR). Included in this are the following recipients in particular:

  • Google Inc. (in connection with our embedded YouTube videos and Google Maps);
  • Microsoft Ireland Operations Ltd.

6. Transfer of Personal Data to Third Countries

To the extent necessary for the purposes set forth in Section II, we will also transfer your personal data to recipients outside the European Economic Area (EEA).

We ensure that data is only transferred to third countries if there is a legal basis for doing so. This means that we only transfer your data insofar as a decision of the EU Commission on an adequate level of data protection exists for the respective third country (Article 45 GDPR), appropriate safeguards are provided for the protection of your personal data (see Article 46 GDPR) or a permissive rule exists (see Article 49 GDPR).

Appropriate safeguards within the meaning of Article 46 GDPR include the standard data protection clauses published by the European Commission. If you would like further information on the standard data protection clauses on the basis of which we transfer your personal data to third countries, please contact the bodies mentioned in Section I.1.

For details on the extent to which we transfer your data to certain third countries and on the specific recipients, please refer to the above information in Section II. In particular, in connection with the use of our newsletter dispatch as well as the activation of analysis, marketing cookies and plug-ins on our website, personal data will be transmitted from you to the USA. For the USA there is no so-called adequacy decision from the European Commission in accordance with Article 45 GDPR.

7. Storage of Data

We process your personal data only as long as necessary to fulfil the processing purpose.

In addition, we are subject to various retention and documentation obligations. These arise, for example, from the German Commercial Code (HGB) or the German Tax Code (AO), under which we may be required to retain data for up to 10 years.

Finally, the retention period is also determined based on statutory limitation periods, which can be up to thirty years. This is the case, for example, under Article 195 et seq. of the German Civil Code (BGB), where the regular period of limitation is three years.

8. Your Rights

Provided that the respective legal requirements are met, you as data subject have the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR and the right to data portability under Article 20 GDPR. In order to exercise the aforementioned rights, you may contact the bodies referred to in points 1 and 2 of Section I – General Information.

If you have consented to us processing your data, you can revoke this consent at any time. You can do this by simply writing to us; you do not have to fill out a specific form. The revocation should preferably be directed to the bodies mentioned in Section I – General Information under points 1 or 2.

In addition, data subjects have the right to lodge a complaint with a supervisory authority (Article 77 GDPR). The responsible supervisory authority for heroal is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) (North Rhine-Westphalia Comissioner for Data Protection and Information Freedom, LDI NRW), Kavalleriestr. 2-4, 40213 Düsseldorf, Germany, Tel.: 0211/38424-0, Fax: 0211/38424-10, E-Mail: poststelle@ldi.nrw.de

In addition, you have a right to object. This is explained in more detail at the end of this privacy notice.

II. Processing of Personal Data

Which data is processed in detail and how it is used depends largely on the respective services that you use. Below you will find an overview of what data we collect and process for which purposes and on which legal basis:

1. Automatic Collection of Access Data/Server Log Files

When you visit our website, the following data record is automatically stored for each visit:

  • IP address of the requesting computer
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Nature of the requirement (which page)
  • Access status/HTTP status code
  • Amount of data transferred
  • Website from which the request comes
  • Browser type and language and version of the browser software
  • Operating system and its interface

The personal data in log files are processed based on Article 6 (1) (f) GDPR. The purpose of the data processing and our legitimate interest are to make our website easier to administer and display, ensuring its stability, and helping us identify and track hackers.

2. Cookies

On various pages of our website, we use cookies in order to make our website more attractive to visitors and to enable the use of certain functions. These are small text files that are stored on your device. The cookies can be transmitted to the user when a page is loaded and thus allow us to identify and categorize users. Cookies help to make websites simpler for users. Some of the cookies we use will be deleted after the end of the browser session, i.e. after closing your browser (these are called session cookies). Other cookies remain on your device and allow us to recognize your browser the next time you visit (these are called persistent cookies).

Our website uses the following types of cookies, the scope and operation of which are explained below.

Essential Cookies

Essential cookies ensure that all functions of the site can be fully displayed and used. Since the website cannot be provided without these cookies, these cookies are automatically set when the website is accessed. The legal basis for processing the data collected by these cookies is our legitimate interest in accordance with Article 6 (1) (f) GDPR to provide you with a functional website and to comply with our legal obligations in connection with the activation of cookies.

Specifically, we use the following essential cookies:

  • Tracking: This cookie is used by our processor Usercentric GmbH to detect whether you agree to the use of cookies and whether cookies can be downloaded. The following data is processed by the cookie: Device information, browser information, anonymised IP address, opt-in and opt-out data as well as the date and time of the visit. The collected data is stored for three years.
  • PHPSESSID: This cookie stores your current session with respect to PHP applications and ensures that all functions of the page based on the PHP programming language can be fully displayed.

Functional Cookies:

Functional cookies come from external companies (third-party cookies) and collect information about your use of our website. This is so that we can improve its content and attractiveness, thus optimizing the user experience and website usability. The functional cookies are only activated if you consent to the use of these cookies in accordance with Article 6 (1) (a) GDPR by ticking the appropriate box when visiting the website. You can revoke your consent at any time in the cookie settings.

Specifically, we use the following functional cookies. The respective services are explained in Section II.3.

Name Provider Storage period
_ga Google 2 Years
_gat_UA-43175119-1 Google 1 minute
_gid Google 1 day
_dc_gtm_UA-43175119-1 Google 1 minute
_hjClosedSurveyInvites Hotjar 1 year
_hjDonePolls Hotjar 1 year
_hjMinimizedPolls Hotjar 1 year
_hjShownFeedbackMessage Hotjar 1 year
_hjid Hotjar 1 year
_hjTLDTest Hotjar 1 year
_hjUserAttributesHash Hotjar 1 year
_hjCachedUserAttributes Hotjar 1 year
_hjLocalStorageTest Hotjar 1 year
_hjIncludedInPageviewSample Hotjar 1 year
_hjIncludedInSessionSample Hotjar 1 year
_hjAbsoluteSessionInProgress Hotjar 1 year
_hjFirstSeen Hotjar 1 year
hjViewportId Hotjar 1 year
_hjRecordingEnabled Hotjar 1 year
PREF YouTube 10 Years
VISITOR_INFO1_LIVE YouTube 6 months
use_hitbox YouTube 0 seconds
YSC YouTube 0 seconds
NID Google Maps 6 months
Googtrans Google Translate 0 seconds
PREF Google Translate 2 Years

Marketing cookies:

Marketing cookies are provided by external advertising companies (third-party cookies) and are used exclusively for marketing purposes. The cookies help us to display targeted ads which are relevant to users and adapted to their interests. They are also used to limit the number of times an advert is shown and to measure the effectiveness of advertising campaigns.

The marketing cookies are only activated if you consent to the use of these cookies in accordance with Article 6 (1) (a) GDPR by ticking the appropriate box when visiting the website. You can revoke your consent at any time in the cookie settings.

Specifically, we use the following marketing cookies. More information on each cookie-enabled feature is set out in paragraph II.4.

Name Provider Storage period
fr Facebook 1 year
_fbp Facebook 1 year
Act Facebook 1 year
C_user Facebook 1 year
Datr Facebook 1 year
M_pixel_ration Facebook 1 year
Pl Facebook 1 year
Presence Facebook 1 year
Sb Facebook 1 year
Spin Facebook 1 year
Wd Facebook 1 year
Xs Facebook 1 year
CM Adform 1 day
CM14 Adform 2 weeks
cid Adform 1 month, 4 weeks, 1 day, 13 hours, 30 minutes
uid Adform 1 month, 4 weeks, 1 day, 13 hours, 30 minutes
CT Adform 1 hour
MR Bing Ads 5 months, 3 weeks, 6 days, 19 hours, 30 minutes
MUID Bing Ads 1 year, 3 weeks, 3 days, 18 hours
MMUIDB Bing Ads 1 year, 3 weeks, 3 days, 18 hours
LinkedIn Insights LinkedIn 6 months
Linkedin_oauth_ LinkedIn 0 seconds
Test_cookie DoubleClick Ad 1 day
DIE DoubleClick Ad 1 year

3. Analysis Services

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountainview, California 94043, USA; hereinafter: “Google”). Google is the processor used by heroal for this purpose. We have concluded a corresponding processing agreement with Google in accordance with Article 28 GDPR.

Google Analytics enables us to analyse how users interact with the content provided on the website. On this basis, we can optimise our offers on the website. When Google Analytics is used, the following data is collected and transferred to Google in the USA: Data on the device and browser (host name, browser type, referrer, language), IP address and the respective user interaction on the website (e.g. which page a user visits). In addition, a random, pseudonymous ID is assigned to a user by means of a cookie, to which the aforementioned information is assigned. This is typically a cookie ID. This links to the identifier of the cookie set by Google Analytics for the specific device. In addition, we set a user ID for cross-device tracking. In addition, we have activated the anonymisation function for IP addresses. This means that as soon as the IP packet arrives at Google's servers, the data is anonymised in full at Google.

The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR. You can prevent the collection of your data by Google by refusing your consent or revoking it at a later date in the cookie settings . Alternatively, you can click on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website: Click here to opt-out from Google Analytics.

You can find more information on terms of use and data protection at http://www.google.com/analytics/terms/de.htmlandwww.google.com/intl/de/analytics/privacyoverview.html.

Matomo (formerly Piwik)

heroal Communicator uses the web analytics service Matomo, a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (hereinafter: “InnoCraft”), to analyse and continually improve our website for users. InnoCraft is the processor used by heroal for this purpose.

Cookies are stored on your computer to perform this analysis. The information collected in this way is stored exclusively on our server in Germany.

The heroal Communicator uses Matomo with the AnonymizeIP extension. As a result, IP addresses are further processed in a truncated form to prevent them from being traced back to any particular individual. The IP address transmitted by Matomo from your browser will not be associated with other data collected by us.

The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR. You can prevent the collection of your data by InnoCraft by refusing your consent or revoking it at a later date in the cookie settings .

Matomo is an open source project. Privacy information from this third-party provider is available at http://Matomo.org/privacy/policy.

Hotjar

We use Hotjar, an analytics tool provided by Hotjar Ltd., Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (hereinafter “Hotjar”), to better understand the needs of our users and to optimise the offer on this website. Hotjar is the processor used by heroal for this purpose.

Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR. You can prevent the collection of your data by Hotjar by refusing your consent or revoking it at a later date in the cookie settings . Alternatively, you can opt out of the processing by clicking on this Opt-Out-Link .

4. Marketing Services

Google Remarketing

We use Google Remarketing by Google Ads, a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter: “Google”). Google is the processor used by heroal for this purpose.

The remarketing function allows us to display advertisements to you when you continue browsing after you have visited our website. This is done by means of cookies stored in your browser, through which your usage behaviour is recorded and evaluated by Google when you visit various websites. This is how Google determines that you have previously visited our website. When Google AdServices is used, the following data is collected and transferred to Google in the USA: Data on the device and browser (host name, browser type, referrer, language), IP address and the respective user interaction on our website and on other websites on which our advertisements are displayed (e.g. which page a user visits, which products the user selects and purchases, which advertisements a user clicks on. In addition, a random, pseudonymous ID is assigned to a user by means of a cookie, to which the aforementioned information is assigned.

The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR. You can prevent the collection of your data by Google by refusing your consent or revoking it at a later date in the cookie settings .

For more information about privacy and Google remarketing, see https://policies.google.com/technologies/ads.

Google DoubleClick

This website uses the online marketing tool DoubleClick., a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter: “Google”). Google is the processor used by heroal for this purpose.

DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports, and to prevent users from seeing the same ads multiple times. Google uses a cookie ID to determine which ads are running in which browser and can prevent them from being displayed multiple times. In addition, DoubleClick can use cookie IDs to record conversions in relation to ad requests. This is the case when a user sees a DoubleClick ad and later uses the same browser to visit advertiser’s website and buys something. According to Google, DoubleClick cookies do not contain personally identifiable information.

With the marketing tools used, your browser automatically establishes a direct connection to a Google server. We have no control over the extent and continued use of data collected through Google’s use of this tool. By including DoubleClick, Google receives the information that you have accessed the relevant part of our website or have clicked on one of our ads. If you are registered with a Google service, Google may link your visit to your account. Even if you are not registered with Google or if you are not logged in, there is a chance that the provider will find and store your IP address.

The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR. You can prevent the collection of your data by Google by refusing your consent or revoking it at a later date in the cookie settings . Alternatively, you can block this tracing in several ways;: a) By setting your browser software accordingly. In particular blocking third-party cookies will prevent you from receiving any third-party advertisements; b) By disabling cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com. This setting will be deleted when you delete your cookies; c) By deactivating the interest-based advertisements of the providers that are part of the About Ads corporate self-regulation campaign via the link http://www.aboutads.info/choices, This setting will be deleted when you delete your cookies; d) By permanent deactivation in your browser via the link http://www.google.com/settings/ads/plugin.

Learn more about DoubleClick by Google at https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090, There is also general information about Google and data protection at: https://www.google.de/intl/de/policies/privacy.

Facebook Custom Audiences

The website also uses the Custom Audiences remarketing feature from Facebook Inc. (1601 S California Ave, Palo Alto, California 94304, USA; hereinafter referred to as: “Facebook”).Facebook is the processor used by heroal in accordance with Article 28 GDPR, insofar as data is processed for the presentation of interest-based advertisements and for reach measurement in connection with the use of Facebook Business Tools. Facebook acts together with heroal as the joint controller, to the extent that data is processed in connection with the use of Facebook Business Tools for the targeting of ad and improvement of ad delivery.

The service allows us to show you interest-related ads ("Facebook ads") when you visit the social media platform Facebook or other websites. The following personal data is collected for this purpose: Pages that you have viewed, topic pages visited, use of a Facebook ad, use of search terms, IP address.

If you are registered with a Facebook service, Facebook may link your visit to your account. Even if you are not registered with Facebook or you are not logged in, there is a chance that the provider will find and store your IP address and other information, which could be used to identify you.

The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR. You can prevent the collection of your data by Google by refusing your consent or revoking it at a later date in the cookie settings . Alternatively, as a logged-in user, you can disable the cookie under the following link: https://www.facebook.com/settings/?tab=ads#_

For more information about Facebook data processing, please visit https://www.facebook.com/about/privacy.

Adform A/S

In order to make use of interest-based advertising, cookies provided by Adform A/S, Wildersgade 10B, 1, 1408 Copenhagen K, Denmark (hereinafter: “Adform”) are set. Adform is a processor used by heroal in accordance with Article 28 GDPR.

Using Adform, pseudonymous user profiles are created to save information about operating systems, browser versions, IP-addresses, location and number of clicks or views. The collected data are used for the following purposes:

  • to record the number of visitors on our websites
  • to determine in which order a visitor visits the different website contents
  • to identify website contents that require adaptation
  • to optimise the website

The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR. You can prevent the collection of your data by Adform by withdrawing your consent or revoking it at a later date in the cookie settings . Alternatively, you can choose to accept an opt-out cookie that blocks any further data collection under the following link: https://site.adform.com/datenschutz-opt-out/

Microsoft Advertising

We use remarketing and conversion tracking by Microsoft Advertising (formerly Bing Ads) on our website. This service is provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, (hereinafter: “Microsoft”). Microsoft acts as a controller under its own responsibility for your data in this context.

This solution allows us to serve ads and track user action for those ads. For this purpose, a cookie is set by Microsoft when you click on an ad placed via Microsoft Advertising, where the advertiser has opted for conversion tracking. The cookie collects the following data and forwards it to Microsoft: User ID, ad data, i.e. data about access to placed ads and their use.

Microsoft uses the information collected this way in order to provide us with statistics about the visitors of our website. Among other things, these statistics include information about the number of clicks on our ads on Bing and the following visits of our website. Via cross-device tracking, Microsoft may also be able to track you and your consumer behaviour across multiple devices. This way, Microsoft is able to show you personalized advertising across multiple end devices.

The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR. You can prevent the collection of your data by Microsoft by withdrawing your consent or revoking it at a later date in the cookie settings . Alternatively, you may prevent your data from being collected by blocking cookies in your browser settings. If you should have a Microsoft account, you can also go to https://choice.microsoft.com/de-de/opt-out in order to change the settings for personalized advertising.

You can find more information on Microsoft Advertising, data collection and use, and background information on protecting your privacy at: https://help.bingads.microsoft.com/#apex/3/de/53056/2.

LinkedIn Insight and Conversion Tracking

We use the LinkedIn Insight Tag for this website, a service of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter: “LinkedIn”). LinkedIn is a processor used by heroal in accordance with Article 28 GDPR.

The LinkedIn Insight Tag generates a cookie in your browser that collects the following data: IP address, time stamp, page activities, demographic data from LinkedIn if the user is an active LinkedIn member.

This technology enables us to monitor the performance of our ads and read information regarding user interaction on our website. The LinkedIn Insight Tag is embedded on our website in order to connect to the LinkedIn Server if and when you visit our site and are logged into your LinkedIn Account while doing so. We process your data in order to evaluate campaigns and collect information about users who might have reached our website via our LinkedIn campaigns.

The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR. You can prevent the collection of your data by LinkedIn by withdrawing your consent or revoking it at a later date in the cookie settings . Alternatively, you can use the LinkedIn opt-out.

Further information on data protection at LinkedIn can be found here.

5. Integrated Services by Third-Party Providers

Google Maps

This website uses the Google Maps product. Google Maps is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”).

Google Maps is integrated as a two-click solution. If you give your consent in accordance with Article 6 (1) (a) GDPR to activate Google Maps by clicking on the plug-in on a sub-page in which Google Maps is embedded, Google receives the information that you have visited a specific sub-page of our website. In addition, data is collected that your browser transmits to Google. This includes, for example, the IP address, the date and time of the request, the amount of data transferred, the operating system and its user interface, and the language and version of the browser software.

This is done regardless of whether Google provides a user account that you are logged in to, or whether you have no Google account. If you are logged in to Google, your data will be directly linked to your account. If you do not want this link to your Google profile, you must log out before activating the button. Google stores your data as a usage profile and uses it for purposes of advertising, market research and/or customization of its website.

For more information about the processing of your personal data by Google Inc., please refer to this link: https://policies.google.com/privacy?hl=de.

YouTube

We have embedded YouTube videos on our website. These are stored on www.youtube.com and can be played directly from our website. YouTube is a service provided by Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA (hereinafter: “Google”).

The videos are embedded in extended privacy mode, which means that your personal user data is not sent to Google if you do not play the videos. Only when you play a video, Google receives information that you have accessed a sub-page of our website. In addition, data is collected that is then sent to YouTube by your browser. This includes, for example, the IP address, the date and time of the request, the amount of data transferred, the operating system and its user interface, and the language and version of the browser software.

This is done regardless of whether YouTube provides a user account that you are logged in to, or whether you have no YouTube account. If you are logged in to Google, your data will be directly linked to your account. The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR, which you give when you click on the video.

Regardless of the playback of the video, YouTube already sets cookies when you visit the page in which the YouTube video is embedded, which send data about you (in particular IP address and pages visited) to the Google network Double-Click. The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR, which you give in the cookie settings.

For more information on the purpose and scope of the data collection and processing through YouTube, please refer to the Google Privacy Policy at: https://www.google.de/intl/de/policies/privacy.

6. heroal Communicator

As a user of the heroal Communicator, you have the opportunity to view and/or download and/or otherwise use content in connection with heroal products, such as catalogues, design drawings and various software tools and software for the administration and display of content and data. You can also communicate with heroal electronically via the heroal Communicator.

We collect the data you provide when you register for the heroal Communicator (mandatory fields: salutation, first name, family name, address, company, e-mail address, telephone number, language; voluntary disclosure: customer number, position in the company, fax number, website, the products that are of interest to you) as well as your request. We will store the data you provide upon registering to use the heroal Communicator (inventory data) in our Customer Relationship Management system (CRM system) and merge it with any customer data already stored there. In addition, we evaluate in an anonymised form the data relating to your use of the heroal Communicator, such as which functions of the heroal Communicator are used.

The processing of personal data is carried out based on Article 6 (1) (b), (f) GDPR. The purpose of the data processing and our legitimate interest lies in customer care, the provision of the aforementioned content, the initiation of contracts and in the ability to answer messages addressed to us.

7. Contact

On our website you will find contact forms which can be used to contact us online (e.g. if you are looking for specialist service providers). Alternatively, you can contact us via our email address. If you contact us via one of these channels, we collect the personal data entered and sent.

If you use the contact form, the processed personal data comprise the master data entered there (mandatory fields: first name, family name, e-mail address, address; voluntary fields: telephone number, products that are of interest to you). If you contact us directly via email, we will process your email address and any personal data found in the text of the email.

The processing is based on Article 6 (1) (f) GDPR. The purpose of the data processing and our legitimate interest lies in customer care and in being able to answer the messages addressed to us.

8. Newsletter

heroal sends newsletters, emails and other electronic messages (hereinafter referred to as “newsletters“) subject to the consent of the recipients or a statutory permission. In our newsletters, we inform you about current topics and news about heroal and the heroal product range.

We use a double-opt-in process for newsletter signup. After signup, an email will be sent to the email address submitted, asking you to confirm your interest in receiving newsletters. If you do not confirm your signup within 60 days, your information will be deleted. In addition, we save the IP addresses used by you and the time of signup and confirmation. The double-opt-in process serves as a means to prove your signup, and to follow up on any potential abuse of your personal data, if any.

Your email address is the only mandatory information needed to subscribe to newsletters. The provision of further, especially marked data is voluntary, and will be used to address you in a more personal way. After having received your confirmation, we save your email address for the purpose of sending you newsletters. (Legal basis: article 6 subparagraph 1 point a GDPR)

We record information regarding browsing habits in order to improve our newsletters technically. A separate revocation of the performance measurement is not possible.

You can cancel your newsletter subscription at any time and unsubscribe from newsletters. If you want to unsubscribe, please click the link provided in each email newsletter, or send an email to info@heroal.de or a message to the contact given in the legal notice (Impressum).

We use the email marketing platform Mailchimp to send newsletters:

email marketing platform; service provider: “Mailchimp“ – Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; website: https://mailchimp.com; data privacy statement: https://mailchimp.com/legal/privacy/.

9. Google Web Fonts

This website uses Google Web Fonts for a uniform presentation of contents. When you open the website, you load fonts from external servers by Google in the US. For this purpose, the browser used by you has to establish a direct connection to Google servers. Google thus becomes aware that our website was accessed via your IP address.

The legal basis for processing the collected data is your consent in accordance with Article 6 (1) (a) GDPR. You can prevent the collection of your data by Google by refusing your consent. You can withdraw your consent at any time in the cookie settings . For further information on Google Fonts please see here: https://developers.google.com/fonts/faq?hl=de-DE&csw=1

Information About Your Right to Object per Article 21 of the General Data Protection Regulation (GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on Article 6 (1) (f) GDPR (data processing for the purposes of legitimate interests), including profiling based on those provisions within the meaning of Article 4 (4) GDPR.

If you make use of this right to object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

We may occasionally process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes.

The objection can be made without using a form and, if possible, should be directed to the bodies mentioned in the privacy statement in points 1 and 2 of Section I – General Information.