Data protection is a subject of special importance for Heraeus: We process your personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures.
1. Objective and Responsibility
1.2. The provider of the Website and the organization responsible for ensuring compliance with the applicable data protection regulations is Heraeus Holding GmbH, Heraeusstraße 12-14, 63450 Hanau, Germany (hereinafter referred to as “Heraeus”, “we“ or “us“). For further information about us as well as contact details please refer to our imprint .
1.3. The Website represents all legal entities of the Heraeus Group. For further details on the individual Heraeus entities please refer to the “Imprint” on the respective sub-sites.
1.4. Our Data Protection Officer can be contacted via e-mail at: firstname.lastname@example.org .
1.5. The term “User” or “you” and “your” includes all customers and their respective employees as well as all visitors to our Website.
2. General Information on Data Processing; Legal Basis
2.1. At Heraeus, personal data of Users are processed exclusively in compliance with the applicable data protection regulations. This means that User data are only processed if there is a valid legal basis for the processing; i.e., in particular, if the data processing is necessary for the performance of our contractual obligations (e.g., order processing) or the provision of our online services, if the processing is required by law, if the User has given consent to the processing or if the processing is necessary for the purposes of the legitimate interests pursued by Heraeus (i.e., our interest in the analysis, optimization and the efficient and secure operation of our Website within the meaning of Art. 6 (1) lit. f. GDPR), including, in particular, audience and media reach measurement, the creation of profiles for advertising and marketing purposes as well as the collection of access data and the use of third-party providers.
2.2. The individual legal bases for the processing of personal data in accordance with the General Data Protection Regulation (GDPR), which came into force on 25 May 2018, are as follows: Where we obtain the consent of a data subject for the processing of personal data, Art. 6 (1) lit. a and Art. 7 GDPR is the relevant legal basis. If the processing activities are necessary for the provision of our services and the performance of contracts, Art. 6 (1) lit. b GDPR is the relevant legal basis. Where processing activities are necessary for compliance with our legal obligations, Art. 6 (1) lit. c GDPR is the relevant legal basis. And if the processing activities are necessary to safeguard our legitimate interests, Art. 6 (1) lit. f GDPR is the relevant legal basis.
3. Security Measures
3.1. We have in place state-of-the-art organizational, contractual and technical security measures to ensure compliance with data protection legislation and to protect your personal data against accidental or intentional manipulation, loss, destruction and unauthorized access.
3.2. Our security measures include, in particular, the encryption of data for transmission between your browser and our server.
4. Transfer of Data to Third Parties and Third-Party Providers
4.1. Heraeus transfers data to third parties exclusively in accordance with legal provisions. User data are only transferred to third parties if such transfer is necessary for invoicing purposes or to fulfil our contractual obligations with Users or to meet legal requirements.
4.2. Where we use sub-contractors to provide our services, we will take appropriate legal precautions and technical and organizational measures to protect personal data in accordance with applicable legal provisions.
4.4. Third countries are countries in which the GDPR is not directly applicable, i.e., in principle, countries outside the EU or the European Economic Area. Data may only be transferred to third countries if an adequate level of data protection is ensured, if our Users have given their consent or if the transfer of such data is permitted by law.
5. Contacting us
5.1. When you contact us (by contact form or e-mail), your data will be stored to process and handle your request.
5.2. User data may be stored in our Customer Relationship Management System ("CRM System") or in similar request management systems and - due to their legal categorization as business letters - are subject to a statutory retention period of 6 years.
6. Collection of Access Data
Based on our legitimate interests, we record data about every access to the server which hosts this Website (so-called server log files). The access data include the date / time of access to the Website, IP addresses, browser versions and information on the sub-sites that are accessed on our Website.
7. Cookies & Audience and Media Reach Measurement
7.1. Cookies are small pieces of information that are sent from our web server or web servers of third parties to your web browser and stored locally on your computer for later retrieval. Cookies are small files or other types of stored information. Users are hereby informed that cookies are used as part of pseudonymized reach measurement.
7.3. You may prevent the storage of cookies on your computer by selecting the appropriate system settings for the deactivation of cookies on your browser. Stored cookies can also be deleted in the browser’s system settings. Please note that disabling cookies may limit the functionalities of this Website.
8. Google Analytics
8.2. Google is certified under the EU-U.S. Privacy Shield Framework which ensures compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).
8.3. Google will use this information on behalf of Heraeus to evaluate your use of our Website, to compile reports on Website activity, and to provide other services to Heraeus that are related to the use of the Website and the Internet. The data retrieved in this context may be used to create pseudonymized User profiles.
8.4. We only use Google Analytics with activated IP anonymization. This means that your IP address will be truncated by Google within the member states of the European Union or in other states party to the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server located in the US and truncated there.
8.5. The IP address transferred from your browser will not be linked with other Google data. You may prevent the storage of cookies by selecting the appropriate system settings on your browser. You may also prevent the recording and processing by Google of data generated by cookies and data related to your use of the Website by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en .
8.6. For further information on the use of data by Google, settings and opt-out options, please go to the following Google websites: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“Advertising”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).
9. Google Marketing and Remarketing Services
9.1. On the basis of our legitimate interests (i.e., our interest in the analysis, optimization and efficient operation of our Website within the meaning of Art. 6 ( 1) f) GDPR), we use the marketing and remarketing services ("Google Marketing Services") of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
9.2. Google is certified under the EU-U.S. Privacy Shield Framework which ensures compliance with European data protection law. ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active )
9.3. For the purposes of the Google Marketing Services, User data are pseudonymized for processing. Google does not store and process, for example, the names and email addresses of Users but resorts to cookie-related processing of the data within pseudonymous User profiles. This means that, from Google's perspective, the advertisements are not managed and displayed for a specifically identifiable person, but for the holder of the cookie, regardless of who the holder of the cookie is. This does not apply if a User has given Google express consent to process the data without pseudonymization. The User information collected by Google Marketing Services is transmitted to Google and stored on Google servers in the US.
9.4. The online advertising program "Google AdWords" is one of the Google Marketing Services we use. Each AdWords customer receives a different "conversion cookie" for Google AdWords. This ensures that cookies cannot be tracked across websites of AdWords customers. The information stored by cookies helps to create conversion statistics for AdWords customers using conversion tracking. The AdWords customers receive information on the total number of Users who clicked on their ad and were forwarded to a website with a conversion tracking tag. However, they do not receive any information allowing them to identify individual Users.
9.6. We can also use the "Google Tag Manager" to incorporate and manage Google analytics and marketing services on our Website.
9.8. If you wish to opt out of personalized advertisements from Google Marketing Services, you may use Google's ad settings and opt-out options: http://www.google.com/ads/preferences .
10.1. The following section provides information about the content of our newsletter, the subscription and mailing process, the statistical evaluation of data as well as your rights to withdraw your consent to receive our newsletter. If you subscribe to our newsletter, you expressly agree to receiving the newsletter and to the processing operations described herein.
10.2. Content of the newsletter: We send newsletters, emails and other electronic notifications containing advertising information (hereinafter referred to as "Newsletter(s)") only with the recipients' consent or if this is permitted by law. If the content of the Newsletter is described in detail in the Newsletter subscription process, the recipient's consent is deemed to have been given upon subscription.
10.3. Double opt-in and recording of data: Subscribing to our Newsletter is subject to a so-called double opt-in process. This means that after subscribing to our Newsletter, you will receive an email in which you are requested to confirm your subscription. This confirmation is required to verify that the recipients subscribed to the Newsletter with their own email addresses. The subscriptions to the Newsletter are recorded to document the subscription process as required by statute. The time and date of the subscription and of the confirmation are stored, as well as the IP address. Changes to your data stored by the email marketing service provider are also recorded.
10.5. According to information provided by the Email Marketing Service Provider, the Email Marketing Service Provider may also use these data in pseudonymized form, i.e., without linking the data to a specific User, to optimize or improve its own services, e.g., for the technical optimization of the mailing and the presentation of the Newsletter or for statistical purposes, i.e., for the statistical analysis of the location of recipients. However, the Email Marketing Service Provider will not use the data of our Newsletter recipients to contact them directly and will not disclose the Newsletter recipients' data to third parties.
10.6. Statistical collection of data and analyses - The Newsletters contain a so-called "Web Beacon", a single-pixel file which is retrieved from the server of the Email Marketing Service Provider when the Newsletter is opened. Upon such retrieval, technical information such as information on your browser and system as well as your IP address and the date and time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading habits, the place where the Newsletter is opened (which can be determined by using the IP address), or the date and time when the Newsletter is opened. Within the scope of the statistical collection of data, it is also assessed if the Newsletters are opened, when they are opened and which links are being clicked on. For technical reasons, this information can be attributed to individual Newsletter recipients. However, neither we nor our Email Marketing Service Provider are interested in observing individual Users. The analysis of statistical data helps us to determine the reading habits of our Users and to adjust our content accordingly or to send our Users individualized content matching their interests.
10.7. The use of the Email Marketing Service Provider, the statistical collection of data and analyses and the documentation of the subscription process are necessary to safeguard our legitimate interests pursuant to Art. 6 (1) f) GDPR. We are interested in a User-friendly and secure Newsletter system serving our business purposes and fulfilling the expectations of our Users.
10.8. Unsubscription/Withdrawal of consent - You may unsubscribe from our Newsletter at any time and thus withdraw your consent to receive our Newsletter. An "Unsubscribe" link can be found at the end of each Newsletter. If a User has unsubscribed from the Newsletter, the User’s personal data processed for email marketing are deleted.
11. Third-Party Services and Content
On our Website we use and incorporate content and services of Third-Party Providers, e.g., videos or embedded content (hereinafter referred to as "Content") on the basis of our legitimate interests (i.e., our interest in the analysis, optimization and efficient operation of our Website within the meaning of Art. 6 ( 1) f) GDPR). For this purpose, it is always necessary that the Third-Party Providers log the User's IP address, since otherwise they are not able to send Content to a User's browser. The IP address is required to display such Content. Our objective is to only use Content of Providers who use the Users’ IP address exclusively for transmitting their Content. Third-Party Providers may also use so-called pixel tags (invisible images that are also known as "Web Beacons") for statistical or marketing purposes. By using pixel tags, information such as traffic on subpages of this Website can be evaluated. The pseudonymous information may also be stored in cookies on the User's device and may contain technical information on the browser and the operating system, linked websites, time of the visit to the Website and further details on the use of our Website and may be linked to similar information from other sources.
12. Rights of the Users
12.1. Users have the right to obtain access to their personal data stored by us upon request and free of charge.
In addition, Users have the right to request rectification of incorrect data, restriction of processing and deletion of their personal data, and, where applicable, are entitled to exercise their right to data portability and, in case of a suspected data breach, Users have the right to lodge a complaint with the competent supervisory authority.
12.2. In addition, Users may withdraw any consent given with future effect.
13. Deletion of Data
13.1. The data we store will be deleted as soon as they are no longer required for the purpose for which they were collected unless applicable law requires longer retention. If data of Users are not deleted because they are required for other, lawful purposes, their processing will be restricted. This means that the data will be blocked and will not be processed for other purposes. This applies, for example, to User data which must be retained to comply with provisions of tax and commercial law.
13.2. In accordance with the statutory provisions, relevant User data must be retained for 6 years pursuant to §257 (1) German Commercial Code [HGB] (account books, inventories, opening balances, annual financial statements, business letters, accounting records, etc.) and for 10 years pursuant to §147 (1) German Tax Code [AO] (books, records, reports, accounting records, business letters, trade letters, documents relevant for taxation, etc.).
14. Right of Objection
Users may object to the future processing of their personal data at any time in accordance with the statutory provisions. In particular, Users may object to the processing of their data for direct marketing purposes.
Last updated: 23.05.2018