We are pleased that you are visiting our website and thank you for your interest in our company, our products, and our website. Protecting your privacy while you use our website is very important to us. Therefore, we act in accordance with applicable data protection and data security laws.
Below you will find information about which websites this privacy policy applies to, what data we collect, process and use, what rights you have to access your data, and much more. To answer your questions quickly and clearly, we have structured our privacy policy in a question and answer format.
Who is responsible for this website?
The entity responsible for the data collection and processing described below is the one named in the legal notice.
Which websites does this privacy policy apply to?
This privacy policy applies to the use of the websites offered by heristo aktiengesellschaft and/or its subsidiaries (hereinafter referred to as "heristo") (hereinafter referred to as "heristo websites"). This privacy policy does not apply to the websites of other service providers to which heristo websites merely provide a link.
What is personal data?
Personal data is any information relating to an identified or identifiable natural person. Examples include your name, address, bank account, ID card or telephone number, vehicle registration number, email address, or IP address. Data that cannot be used to determine your actual identity is not considered personal data. This includes, for example, information about your gender, browser you use, or preferred car brand.
Will I remain anonymous when using the heristo websites?
Yes. When using the heristo websites, you remain anonymous unless you voluntarily provide us with personal data. The only exception to this principle is the temporary, automatic collection and storage of your IP address. You can find more details below.
Is personal data collected and processed automatically?
Yes. We automatically collect information about your computer's IP address, browser, operating system, and the pages you have viewed each time you visit our websites. This data is stored in log files on the web server. Only the IP address is considered personal data. Storing each visitor's IP address for seven days is necessary to protect our computer systems from misuse. The legal basis for this is Article 6(1)(f) of the GDPR. If we also use the log files to create user profiles, for example, for advertising, market research, or to tailor our websites to user needs, the IP addresses will be anonymized beforehand. Otherwise, the IP addresses will be deleted from the log files. As a result, you remain anonymous in all cases, even with the automatic collection and temporary storage of your IP address.
Under what conditions is personal data collected, processed, or used?
We only collect, process, or use personal data if you voluntarily provide it to us and if it is legally permissible or you have given your consent. This usually happens when you enter into a contract with us online or submit an inquiry.
For what purpose are personal data collected, processed, or used?
We use the personal data you provide exclusively for the stated or agreed purposes, i.e., generally in accordance with Art. 6 para. 1 lit. b) GDPR for the preparation or fulfillment of the contract concluded with you or in accordance with Art. 6 para. 1 lit. f) GDPR to answer your inquiry.
Are personal data used for advertising or market research purposes?
This is not the case without your consent. To maintain our customer relationship with you, we may in some cases have an interest in using your personal data for advertising, market research, or other purposes. However, we will of course inform you of this in advance and request your explicit consent in accordance with Article 6(1)(a) of the GDPR.
Is personal data shared, sold, or otherwise transferred to third parties?
Your personal data will not be passed on, sold, or otherwise transferred to third parties unless this is necessary for the purpose of contract processing in accordance with Article 6(1)(b) GDPR or you have expressly consented in accordance with Article 6(1)(a) GDPR. For example, it may be necessary for us to pass on your address and order details to our suppliers when you order products.
Can I withdraw my consent?
Yes. You have the right to object to the use of your personal data for the purposes agreed upon in your consent at any time with effect for the future. Please contact the office listed below to do so.
Where is this website hosted?
We host the content of our website with the following provider: Webflow
The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as Webflow). When you visit our website, Webflow collects various log files, including your IP address. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for displaying the page, providing certain website functions, and ensuring security (necessary cookies). For details, please see Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy .
The use of Webflow is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.
Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://webflow.com/legal/eu-privacy-policy .
The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6365 .
Order processing
A data processing agreement (DPA) was concluded with the service provider for its use. This is a legally required contract under data protection law, which ensures that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Does this website use any tracking methods?
Yes, this website uses the open source web analytics service Matomo.
With the help of Matomo, we are able to collect and analyze data about how visitors use our website. This allows us, among other things, to determine when page views occurred and from which region they originated. We also collect various log files (e.g., IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g., clicks, purchases, etc.). The use of this analytics tool is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If corresponding consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) of the German Telemedia Act (TMG), insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TMG. Consent can be withdrawn at any time.
IP anonymization
We use IP anonymization for our Matomo analytics. This means your IP address is shortened before analysis, so it can no longer be uniquely associated with you.
Cookieless analytics
We have configured Matomo so that Matomo does not store any cookies in your browser.
Hosting
We host Matomo with the following third-party provider:
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
Phone: +49-5772-293-100
support@mittwald.de
www.mittwald.de
Order processing
We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required contract under data protection law, which ensures that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Are cookies used on the heristo websites?
We generally use so-called session cookies on the heristo websites, which store data for technical session management in your browser's memory. This data is not personally identifiable and is deleted when you close your browser. Should we, in exceptional cases, wish to store personal data in a cookie, we will obtain your explicit consent beforehand in accordance with Article 6 Paragraph 1 Letter a) GDPR.
The processing is based on Art. 6 para. 1 lit. f) GDPR and is in the interest of optimizing or enabling user guidance and adapting the presentation of our website.
How can I generally prevent cookies from being stored on my computer?
Although cookies are only relevant under data protection law if they store personal data, many internet users are generally skeptical of these small data packets. We would therefore like to point out that you can also protect yourself against cookies being stored on your computer and/or view the contents of cookies. Modern browsers offer various functions for this purpose, which you can learn more about in your browser's help section. For example, you can simply configure your internet browser to automatically block all cookies or to warn you before a cookie is stored. However, please note that this may result in a functional limitation in the use of the heristo websites and websites of other service providers.
What does Heristo do to protect my personal data?
Heristo takes technical and organizational security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment that is not accessible to the public. If you wish to contact Heristo by email, please be aware that the confidentiality of the transmitted information cannot be guaranteed. The content of emails—similar to postcards—can be viewed by third parties. We therefore recommend that you send us confidential information exclusively by postal mail.
What rights do I have as a user of the websites?
When processing your personal data, the GDPR grants you, as a website user, certain rights:
1. Right of access (Art. 15 GDPR):
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to access this personal data and the information detailed in Article 15 of the GDPR.
2. Right to rectification and erasure (Articles 16 and 17 GDPR):
You have the right to request the immediate rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data. You also have the right to request that personal data concerning you be erased without undue delay if one of the grounds listed in Article 17 of the GDPR applies, for example, if the data are no longer necessary for the purposes for which they were collected.
3. Right to restriction of processing (Art. 18 GDPR):
You have the right to request the restriction of processing if one of the conditions listed in Article 18 GDPR is met, e.g. if you have objected to the processing, for the duration of any review.
4. Right to data portability (Art. 20 GDPR):
In certain cases, which are detailed in Article 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.
5. Right to object (Art. 21 GDPR):
If data is collected on the basis of Article 6(1)(f) (data processing for the purposes of legitimate interests), you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of establishing, exercising or defending legal claims.
6. Right to lodge a complaint with a supervisory authority
Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes data protection regulations. This right to lodge a complaint can be exercised, in particular, with a supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.
Has a data protection officer been appointed?
You can reach our data protection officer at:
ds² Unternehmensberatung GmbH & Co.KG
Falkenstraße 10
33775 Versmold
datenschutzbeauftragter-heristo@ds-quadrat.de
Who can I contact?
If you wish to exercise your right to information, have questions about this privacy policy or our data protection practices on the web, please contact: info@heristo.de
Cookies
This website uses cookies. We use cookies to personalize content and ads, to provide social media features, and to analyze our website traffic. We also share information about your use of our site with our social media, advertising, and analytics partners. Our partners may combine this information with other data that you have provided to them or that they have collected from your use of their services.
Cookies are small text files used by websites to make the user experience more efficient.
According to the law, we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.
This website uses different types of cookies. Some cookies are placed by third parties that appear on our pages.
Learn more about who we are, how to contact us and how we process personal data in our privacy policy.
Use of other tools on our website
Using a translation function via the Elfsight plugin
The website uses the translation function of the service Elfsight – Elfsight, LLC, Address: 0015, Armenia, Yerevan, Paronyana str., 19/3, 201.
By using this feature, a connection is established to Elfsight's servers. Technical information (e.g., your IP address, browser type, the page accessed) may be transmitted to Elfsight, which is necessary for providing the widget. Elfsight may also set cookies to ensure the functionality of the widgets.
The use of Elfsight widgets serves our legitimate interest in making our online offering appealing and functional (Art. 6 para. 1 lit. f GDPR).
We have entered into a data processing agreement with Elfsight to ensure that data processing complies with the requirements of the GDPR.
Further information on data protection at Elfsight can be found in their privacy policy: https://elfsight.com/privacy-policy/
