Data protection is a subject of special importance for Heraeus Customer Platform: Heraeus collects and processes personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures.
The Heraeus Customer Platform is a platform designed for certain Heraeus companies to offer their services and/or products. The term "Heraeus companies" means all companies which are under the common control of Heraeus Holding GmbH, i.e. companies in which Heraeus Holding GmbH holds, directly and/or indirectly, the majority of shares or equities. Heraeus Zhaoyuan Precious Metal Materials Co., Ltd. (hereinafter referred to as “HZPM”) and Heraeus Zhaoyuan (Changshu) Electronic Materials Co., Ltd. (hereinafter referred to as “HZCM”), each a Heraeus company, will act as the business partner of the Customers in the Heraeus Customer Platform, but not the operator of the Heraeus Customer Platform. The Heraeus Customer Platform is operated exclusively by HCI. HCI, HZPM and HZCM hereinafter are collectively referred to as "Heraeus".
Customers/Users have the right to protect their own interests as the data subject in accordance with applicable laws and regulations, including but not limited to request confirmation of whether their data is being processed, to revoke their consent for data processing if personal data is processed on the basis of consent, to object to the data processing at any time, to request the deletion, rectification and restriction of their personal data. To access for a copy of, review, rectify or delete personal data held by Heraeus, please contact Heraeus at the e-mail of CS-HET-CN@heraeus.com . While Heraeus will make reasonable efforts to accommodate this request, Heraeus also reserves the right to impose certain restrictions and requirements on such access requests, to the extent that it is allowed or required by applicable laws.
1. How Heraeus collects data through Heraeus Customer Platform
Heraeus will collect and process data exclusively for the purpose of the Customers' registration for the Heraeus Customer Platform and for the conclusion of legal transactions with HZCM and/or HZPM on the Heraeus Customer Platform. This data includes personal data such as first names and last names of Customers and Users, their phone numbers and e-mail addresses, as well as the job title and company by whom they are employed. It may also collect and process business data, contact details and order details which a User provides when it registers as a User. For this purpose, Heraeus uses Azure Active Directory service of Microsoft Ireland Operations Ltd. and Amazon Web Services of Amazon Web Services Inc., which store and process personal data in data centers within the European Union on behalf of Heraeus. Heraeus will satisfy any and all conditions for cross-border data transmission in accordance with applicable laws and regulations.
2. How Heraeus uses the data collected
Heraeus uses the data obtained through the Heraeus Customer Platform to enable Customers/Users to utilize the services offered on the Heraeus Customer Platform and to conclude legal transactions with HZCM and/or HZPM, to enhance relevant experience with the Heraeus Customer Platform and its functions, to store login data of Customers/Users, to communicate with Customers/Users, to enforce all service conditions or other agreements in connection with the Heraeus Customer Platform, and to provide Customers/Users with the requested services.
Heraeus undertakes to use the data through the operation of the Heraeus Customer Platform only for the purpose of creating and maintaining these services. No further use is made of such data beyond what is outlined in this section.
3. How Heraeus retains and deletes the data collected
Any data collected from Customers/Users through the Heraeus Customer Platform will only be stored for as long as it is necessary for the purpose it was collected in accordance with applicable law. The data that Heraeus stores is erased as soon as it is no longer required for the purpose for which is was collected and provided that its erasure does not breach any statutory storage requirements.
If the data of the Customers and the Users is not erased because it is required for other legally permissible purposes, its processing is restricted. This means that the data is blocked and is not processed for other purposes. This applies, for example, to data of the Customers and the Users which must be retained for reasons relating to applicable commercial or tax law.
4. Where and to whom personal data may be transferred
4.1 Transfer of data to third parties
Heraeus transfers data to third parties exclusively in accordance with legal provisions.
(1) Heraeus may share personal data of the Customers and Users with other Heraeus companies, whether in mainland China, in Germany or elsewhere, for the purpose of creating and maintaining the services.
(2) Heraeus only transfers data to third parties that are not Heraeus companies if necessary (for example, for accounting purposes) or for other purposes necessary to meet contractual obligations to Customers/Users or legal requirements.
(5) There are instances where personal data of the Customers and the Users may be transferred to a country which does not have legislation offering similar level of data protection as in Mainland China. Heraeus sets out below these scenarios and how Customers/Users can avoid such data transfer.
a) Overview page of legal transactions
The page giving an overview of all legal transactions which the Customer concluded with Heraeus is not accessible to other Customers. However, each Customer may grant to other persons access to this page. If Customers or activated Users are in a country which does not offer similar level of data protection as in Mainland China, and/or if Users are employed by other companies of the Customers, personal data may be transferred to such third countries. By continuing to use this function, Customer and/or the User hereby expressly agree to such data transmission. Each Customer may avoid data transmission to such third countries and/or to other companies by not allowing activation of Users located in such third countries or Users employed by other companies. Each User may avoid data transmission to such third countries and/or other companies by deactivating his/her access.
b) Forwarding function
The forwarding function offers Customers and Users the possibility to forward questions via e-mail to other persons without access authorization while handling legal transactions on the Heraeus Customer Platform. When forwarding such questions, the e-mail addresses of the respective Customer and the persons to which the questions are forwarded are collected and stored on the system. The Heraeus employees processing this Customer's order cannot see the e-mail addresses of the persons without access authorization and that the forwarding function was used. The Customers ensure that all recipients selected by it agree to the collection and storage of their e-mail addresses. Data may be transmitted to a country which does not offer similar level of data protection as in Mainland China and/or to other companies if the recipients of the forwarded questions are located in such third countries and/or are employed by other companies. By continuing to use this function, the Customer hereby expressly agrees to such data transmission. Each Customer may avoid such data transmission and the collection and storage of the recipients' e-mail addresses by not using the forwarding function.
4.2 External references and links
References or links ("links") to the content provided by external providers must be distinguished from the content of the Heraeus Customer Platform. By embedding a link to an external website ("hyperlinks"), Heraeus does not endorse same nor adopt such an external website or its content as its own. Should any infringement caused by the external website come to the attention of Heraeus, Heraeus will immediately delete the link. Heraeus neither assumes any responsibility for the availability of such external website nor for its content. If Customers/Users access and use such other web sites, including the content, items or services on those websites, solely at own risk.
Cookies are used on the Heraeus Customer Platform that are required to ensure the proper functioning of the platform's services. They provide a secure login, good performance and ensure that the login to the Heraeus Customer Platform can also be displayed on other Heraeus websites or platforms (where applicable). Customers/Users may choose to disable these cookies on the browser of device, however, if they prevent these cookies from being placed by setting browser, it may not be possible to log in and use certain functions of the Heraeus Customer Platform. If Customers/Users wish, Customers/Users can limit the storage of cookies to these necessary cookies under "Settings".
6. Google Analytics
6.2 Google will use this information on behalf of Heraeus to evaluate the use of the Heraeus Customer Platform, to compile reports on website activity of the Heraeus Customer Platform, and to provide other services to Heraeus that are related to the use of the Heraeus Customer Platform and the internet. The data retrieved in this context may be used to create pseudonymized user profiles.
6.3 However, due to the activated IP anonymization on the Heraeus Customer Platform, Customers/User’s IP addresses will be truncated by Google within Customers/Users’ geographical region before it is transmitted to Google. Only in exceptional cases will the full IP address be transferred to a Google server located in the U.S. and truncated there.
6.4 The IP address transferred from the Customers/User’s browser will not be linked with other Google data. Customers/Users may prevent the storage of cookies by selecting the appropriate system settings in their browser. Customers/Users may also prevent the recording and processing by Google of data generated by cookies and data related to their use of the website by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=en .
7. Security measures
7.1 Heraeus will take all reasonable steps to ensure the security of personal data of Customers/Users. To prevent unauthorized access to or disclosure of Customer’s/User’s personal data, Heraeus has implemented appropriate physical, technical and administrative measures to safeguard and secure the personal data Heraeus collects, and to protect personal data against accidental or intentional manipulation, loss, destruction and unauthorized access.
7.2 Heraeus security measures include, in particular, the encryption and anonymization of data for transmission between the browser and server of the Customers and the Users.
9. Access by minors
This Heraeus Customer Platform and its relevant services available are not intended for minors (persons under the age of 18 years). They cannot be registered as Customers or activated as Users of the Heraeus Customer Platform.