Data protection information

-Rev. 01 –

Notes on data processing for this website as per Art. 13 EU General Data Protection Regulation (GDPR) for the collection of personal data regarding the data subject

Data protection information (version: GDPR 2.0 dated 01.03.2022)

HEINE Optotechnik GmbH & Co. KG is responsible for this website. As the provider of a remote service, we are required to explain, at the start of your visit, how and why we collect and use personal data, in a concise, transparent, clear and easily accessible manner and using simple and clear language. You need to be able to access this content at any time.

We place great importance on the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the currently applicable European and national laws.

This data protection information aims to explain how we handle your personal data and how you can contact us:

HEINE Optotechnik GmbH & Co. KG
Dornierstr. 6
82205 Gilching
Germany
Commercial register no.: HRA 52039
Managing directors: Oliver Heine, Timo Martin
Telephone: +49 8105 7728 – 0
E-mail: info(at)heine.com

Our data protection officer
Sven Lenz
German Data Protection Office – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
87435 Kempten
Germany

If you have any questions on data protection, or other concerns regarding data protection legislation, please send an e-mail to: dsb@heine.com

A. General

For greater clarity, we make no gender-specific distinctions in this information. For the purposes of equality, the wording used applies to all genders. For definitions of the terminology used, such as “personal data” or “processing”, please refer to Art. 4 GDPR.

Personal data processed within the context of this website includes

  • Legacy data (e.g. customers’ names and addresses)
  • Contractual data (e.g. services used, payment information)
  • Usage data (e.g. pages visited on our website) and
  • Content data (e.g. entries in online forms)

B. Specific

Data protection information

We ensure that we only process your data to process your enquiries and for internal purposes, and to provide you with content or services that you have requested.

Basic principles of data processing

We only process your personal data in compliance with the relevant data protection provisions. The legal bases for this processing are as follows:

  • Provision of our contractual services
  • Processing is a legal requirement
  • Existence of your electronic consent (e.g. subscription to newsletter)
  • Implementation of our legitimate interests

Please see below for references to the relevant legal bases in the various sections of the General Data Protection Regulation:

Processing to provide our services and implement contractual measures
Art. 6 para. 1b) GDPR

Processing to fulfil our legal obligations
Art. 6 para. 1c) GDPR

Consent
Art. 6 para. 1a) and Art. 7 GDPR

Processing to protect our legitimate interests
Art. 6 para. 1f) GDPR

Data transmission to third parties

Please note that data is transmitted to third parties as part of the ordering process for a permanent contractual relationship with us. Personal data is transferred to the payment service provider (Novalnet AG, Feringastraße 4, 85774 Unterföhring, Germany) for the purpose of payment processing.

Your data is only forwarded to third parties as part of statutory requirements. Even then, we only forward your data if, for example, it is necessary for contractual purposes or for the economic and effective running of our business operation based on legitimate interests.

If we use subcontractors to provide our services, we make appropriate legal provisions and implement appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions.

Data transmission to a third country or an international organisation

A third country is any country where the GDPR is not a directly applicable law. In principle, this includes all countries outside the EU or the European Economic Area.

No data is transmitted to a third country or an international organisation without a legal basis to do so.

Retention period of your personal data

We abide by the principles of data economy and data avoidance. This means that we only retain your data for as long as it is required to fulfil the aforementioned purpose or for the various retention periods specified by the legislator. If the respective purpose ceases to be relevant or after expiry of the relevant period, your data is routinely blocked or deleted in accordance with statutory provisions.

We have compiled an in-house concept for this purpose to ensure that this procedure takes place.

Data processing when registering as a user in the test phase (Licence Service).

As per Art. 6 para. 1b) GDPR, your personal data is collected and processed when forwarded to us during the test phase when opening a customer account. The data we collect can be seen on the respective forms for completion.

These are usually:

– Name
– Gender
– Name of the company
– Address
– Telephone number
– E-mail address
– Preferred language
– IP Address
– Subscription type

This data is stored for the duration of the active subscription. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After expiration of the subscription, the data will be kept for a period of one month, if the customer decides to enter into a permanent contractual relationship with us. If the customer does not decide to enter into such a contractual relationship, the data will be deleted.

Data processing for contract execution

If the customer decides to enter into a permanent contractual relationship with us, the data collected during the creation of a customer account will continue to be processed for contract processing (Art. 6 para. 1b) GDPR).

In addition to the above data, further data is collected that is necessary to process the payment. These data are forwarded to our payment service provider Novalnet AG.

After termination of the contractual relationship or deletion of your customer account, your data will be blocked for 6 years with regard to tax and commercial retention periods and deleted once these periods have expired if you have not given express consent for the further use of your data or if we no longer reserve any legal right to continue using your data.

What rights do you have?

a) Right to information

You have the right to obtain information regarding your stored data free of charge. At your request, we will provide written details of the personal data we are storing about you. This also includes the source and recipients of your data and the purpose of data processing.

b) Right to correction

You have the right to request the correction of any incorrect data we are holding about you. In so doing, you can request a restriction of processing, e.g. when contesting the accuracy of your personal data.

c) Right to block

You can also have your data blocked. To ensure that the block on your data can be taken into account at any time, this data must be held in a blocking file for control purposes.

d) Right to deletion

You can request deletion of your personal data, provided there are no statutory retention obligations. If such an obligation exists, we will block your data on request. If the relevant legal obligation exists, we will also delete your personal data without you making a corresponding request.

e) Right to data portability

You have the right to ask us to provide you with your personal data in a format that enables you to transfer it elsewhere.

f) Right of appeal to a supervisory authority

You have the option to submit an appeal to one of the data protection supervisory authorities.

The data protection authority responsible for us is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27, 91522 Ansbach, Germany
Telephone: +49 981 53-1300
Fax: +49 981 53-981300

The form for appeals can be opened by following this link: https://www.lda.bayern.de/de/beschwerde.html.

Note: An appeal can also be made to any data protection supervisory authority within the EU.

g) Right of revocation

You have the option, at any time, to object to the processing of your data in accordance with Art. 6 para. 1e) and f) for reasons resulting from your particular circumstances; this also applies to profiling based on these provisions.

HEINE Optotechnik GmbH & Co. KG will then no longer process your personal data unless it can provide evidence of compelling and legitimate grounds for processing that outweigh your interests, rights and liberties, or unless processing serves to assert, exercise or defend legal claims.

If personal data is processed for the purposes of direct marketing, you have the right, at any time, to file an objection to the processing of the personal data about you for the purpose of this type of marketing. This also applies to profiling when this activity is associated with direct marketing. If you submit an objection of this type, we will no longer process your personal data for the purposes of direct marketing. To submit an objection of this type, simply send us an e-mail expressing your wishes.

h) Right to withdraw

You have the option, at any time, to withdraw your consent to processing your data with effect for the future, without stating any reason. You will not suffer any adverse consequences as a result of this withdrawal. To submit an objection of this type, simply send us an e-mail expressing your wishes.

However, this type of withdrawal does not affect the legitimacy of any processing undertaken on the legal basis of Art. 6 para. 1a) GDPR prior to the time of withdrawal.

To exercise your rights as a data subject, send an e-mail to the following address: dsb@heine.com

Protection of your personal data

We implement contractual, technical and organisational security measures using the best-available technology to ensure compliance with the data protection legislation and to protect processed data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

In particular, security measures include the encrypted transmission of data between your browser and our server. 256-bit SSL (AES 256) encryption technology is used for this purpose.

Your personal data is also protected within the framework of the following points (excerpt):

a) Preserving the confidentiality of your personal data

To preserve the confidentiality of your data stored with us, we have implemented various admission and access control measures.

b) Preserving the integrity of your personal data

To preserve the integrity of your data stored with us, we have implemented various forwarding and input control measures.

c) Preserving the availability of your personal data

To preserve the availability of your data stored with us, we have implemented various ordering and availability control measures.

The security measures currently in use are continuously improved based on the latest technological developments. Despite these precautions, due to the unsecured nature of the Internet, we cannot guarantee the security of your data transmitted to our website. With this in mind, please remember that any data you send to us is transmitted at your own risk.

Protection of minors

Persons under the age of 16 may only provide us with their personal information if their parent or guardian has given their express consent. This data is processed according to this data protection information.

Server log files

Website providers automatically gather and store information in files known as server log files. This information is then forwarded to us automatically by your browser. This includes information on:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of server request
  • IP address

This data is not merged with other data sources.

The basis for data processing is in accordance with our legitimate interests, as detailed in Art. 6 para. 1f) GDPR.

Cookies

Cookies are small text files stored locally in your Internet browser’s cache. Cookies are used for a variety of purposes, including recognising your Internet browser. These files are used to help the browser navigate the website and make full use of all functions.

We only use system-relevant cookies.

Forwarding personal data for order processing

If necessary for contract processing for payment purposes, the personal data we collect will be forwarded to the responsible credit institution in accordance with Art. 6 para. 1b) GDPR.
If, on the basis of a relevant agreement, we are required to provide you with updates for goods with digital elements or for digital products, we will process the contact data (name, address, e-mail address) transmitted to us when you placed your order to inform you personally of pending updates within the statutory period. This is done via a suitable communication channel (such as post or e-mail), within the scope of our statutory duties to provide information as per Art. 6 para. 1c) GDPR. In such cases, your contact data will be used solely for the purpose of informing you of any updates we are required to provide and will only be processed as required to provide the relevant information.

To process your order, we also work with the service provider(s) below who assist us, either in full or in part, with the execution of concluded agreements. Certain personal data is transferred to these service providers as set out below.

Payment by credit card: We have instructed the payment service provider Novalnet AG, Feringastraße 4, 85774 Unterföhring, Germany to process payments made by credit card. Your data is transmitted to Novalnet on the basis of Art. 6 para. 1b) GDPR (Processing to fulfil a contract).

For this purpose, the payment service provider requires certain personal information from you. Depending on the payment type chosen, this includes, for example, your name, address, IP address, amount of invoice, bank details or credit card number (including validity period). Novalnet uses this data to issue a transaction number, enabling the process to be assigned. The storage of and access to information in the end user’s terminal equipment takes place in accordance with § 25 para. 2(2) of the German Telecommunications Telemedia Data Protection Act (TTDSG). Further data processing by Novalnet is necessary for the fulfilment of contracts; the legal basis for this processing results from Art. 6 para. 1b) GDPR.

The data protection provisions issued by Novalnet AG can be viewed here: http://www.novalnet.de/datenschutz.

For payment via PayPal, credit card via PayPal, debit card via PayPal or – if offered – “Purchase on account” via PayPal, we forward the payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) as part of payment processing. PayPal reserves the right to conduct a credit check for the payment methods of credit card via PayPal, debit card via PayPal or – if offered – “Purchase on account” via PayPal. PayPal uses the result of the credit check, in terms of the statistical likelihood of defaulting on payment, for the purposes of deciding whether to offer the respective payment method. The credit check may include probability values (known as scores). If scores are included in credit check result, these are based on a scientifically recognised mathematical-statistical procedure. Address data is one of the forms of data included in the score calculation. For other information regarding data protection legislation, including the credit agencies used, please refer to PayPal’s data protection information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Changes to our data protection information

We reserve the right to modify our data protection information at short notice to ensure that it complies with current legal requirements at all times, or to reflect changes to our services in the data protection information. This could include, for example, the introduction of new services. When you subsequently visit our website, the new data protection information will then apply.