Data protection is a subject of special importance for Heraeus: We process your personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures.
1. Objective and Responsibility
1.1. The purpose of this Privacy Policy is to inform you about the nature, scope and purpose of personal data processing on our Heraeus HPS App (hereinafter referred to as “HPS App”). This Privacy Policy applies only to the HPS App and the Website of Heraeus, (hereinafter referred to as “Website”) which hosts this Privacy Policy.
1.2. The provider of the HPS App and the organization responsible for ensuring compliance with the applicable data protection regulations is Heraeus Holding GmbH, Heraeusstraße 12-14, 63450 Hanau, Germany (hereinafter referred to as “Heraeus”, “we“ or “us“). For further information about us as well as contact details please refer to our imprint
1.3. Our Data Protection Officer can be contacted via e-mail at: dataprotectionofficer@heraeus.com
1.4. The term “User” or “you” and “your” includes all customers and their respective employees as well as all visitors to our HPS App.
2. General Information on Data Processing; Legal Basis
2.1. At Heraeus, personal data of Users are processed exclusively in compliance with the applicable data protection regulations. This means that User data are only processed if there is a valid legal basis for the processing; i.e., in particular, if the data processing is necessary for the performance of our contractual obligations (e.g., order processing) or the provision of our online services, if the processing is required by law, if the User has given consent to the processing or if the processing is necessary for the purposes of the legitimate interests pursued by Heraeus (i.e., our interest in the analysis, optimization and the efficient and secure operation of our HPS App within the meaning of Art. 6 (1) lit. f. GDPR), including, in particular, audience and media reach measurement, the creation of profiles for advertising and marketing purposes as well as the collection of access data and the use of third-party providers.
2.2. The individual legal bases for the processing of personal data in accordance with the General Data Protection Regulation (GDPR), which came into force on 25 May 2018, are as follows: Where we obtain the consent of a data subject for the processing of personal data, Art. 6 (1) lit. a and Art. 7 GDPR is the relevant legal basis. If the processing activities are necessary for the provision of our services and the performance of contracts, Art. 6 (1) lit. b GDPR is the relevant legal basis. Where processing activities are necessary for compliance with our legal obligations, Art. 6 (1) lit. c GDPR is the relevant legal basis. And if the processing activities are necessary to safeguard our legitimate interests, Art. 6 (1) lit. f GDPR is the relevant legal basis.
2.3. The HPS App is not meant for children under 16 years of age.
3. Security Measures
3.1. We have in place state-of-the-art organizational, contractual and technical security measures to ensure compliance with data protection legislation and to protect your personal data against accidental or intentional manipulation, loss, destruction and unauthorized access.
3.2. Our security measures include, in particular, the encryption of data for transmission between your browser, the App and our server.
4. Transfer of Data to Third Parties and Third-Party Providers
4.1. Heraeus transfers data to third parties exclusively in accordance with legal provisions. User data are only transferred to third parties if such transfer is necessary for invoicing purposes or to fulfil our contractual obligations with Users or to meet legal requirements.
4.2. Where we use sub-contractors to provide our services, we will take appropriate legal precautions and technical and organizational measures to protect personal data in accordance with applicable legal provisions.
4.3. If, within the scope of this Privacy Policy, we use content, tools or resources of other providers (hereinafter collectively referred to as “Third-Party Providers“) whose registered office is in a third country, it must be assumed that data are transferred to such third countries.
4.4. Third countries are countries in which the GDPR is not directly applicable, i.e., in principle, countries outside the EU or the European Economic Area. Data may only be transferred to third countries if an adequate level of data protection is ensured, if our Users have given their consent or if the transfer of such data is permitted by law.
5. Contacting us
5.1. When you contact us (by contact form or e-mail), your data will be stored to process and handle your request.
5.2. User data may be stored in our Customer Relationship Management System ("CRM System") or in similar request management systems and - due to their legal categorization as business letters - are subject to a statutory retention period of 6 years.
6. Collection of Access Data
Based on our legitimate interests, we may record data about every access to the server which hosts this Policy and App (so-called server log files). The access data include the date / time of access to the HPS App or Website, IP addresses, browser versions and information on the sub-sites that are accessed.
7. Cookies & Audience and Media Reach Measurement
7.1. Cookies are small pieces of information that are sent from our web server or web servers of third parties to your web browser and stored locally on your computer for later retrieval. Cookies are small files or other types of stored information. Users are hereby informed that cookies are used as part of pseudonymized reach measurement.
7.2. For more detailed information about the use of cookies on our Website, visit our Cookie Information Page.
7.3. You may prevent the storage of cookies on your computer by selecting the appropriate system settings for the deactivation of cookies on your browser. Stored cookies can also be deleted in the browser’s system settings. Please note that disabling cookies may limit the functionalities of our Website.
7.4. You may opt out of the use of cookies for reach measurement and advertising purposes on the Network Advertising deactivation site ( http://optout.networkadvertising.org/ ), the US Website ( http://www.aboutads.info/choices ) or the European Website ( http://www.youronlinechoices.com/uk/your-ad-choices/ ).
8. Google Analytics
8.1. Based on our legitimate interests (i.e., our interest in the analysis, optimization and the efficient operation of our Website within the meaning of Art. 6 (1) lit. f) GDPR), we may use Google Analytics, a web analytics service run by Google Inc. (“Google”). Google uses cookies. The information generated by the cookies about your use of this Website is generally transferred to and stored on a Google server in the US.
8.2. Google is certified under the EU-U.S. Privacy Shield Framework which ensures compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).
8.3. Google will use this information on behalf of Heraeus to evaluate your use of our Website, to compile reports on Website activity, and to provide other services to Heraeus that are related to the use of the Website and the Internet. The data retrieved in this context may be used to create pseudonymized User profiles.
8.4. We only may use Google Analytics with activated IP anonymization. This means that your IP address will be truncated by Google within the member states of the European Union or in other states party to the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server located in the US and truncated there.
8.5. The IP address transferred from your browser will not be linked with other Google data. You may prevent the storage of cookies by selecting the appropriate system settings on your browser. You may also prevent the recording and processing by Google of data generated by cookies and data related to your use of the Webiste by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en .
8.6. For further information on the use of data by Google, settings and opt-out options, please go to the following Google Websites: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“Advertising”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).
9. Target group formation with Google Analytics
We may use Google Analytics to show the advertisements displayed within Google advertising services and its affiliates only to those users who have also shown an interest in our Website or who have certain characteristics (e.g. interests in specific themes or products that are determined from the Websites visited), which we submit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our advertisements match the potential interests of the user.
9.1 For more information on the use of data by Google, configuration and objection options, please refer to the following Google Websites: https://www.google.com/intl/de/policies/privacy/partners (“Data usage by Google when you use Websites or apps provided by our affiliates”), http://www.google.com/policies/technologies/ads (“Data usage for advertising purposes”), http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”).
10. Google DoubleClick
10.1 We may use the online marketing practice Google “DoubleClick” to place advertisements in the Google Advertising Network (e.g. in search results, in videos, on Websites, etc.). DoubleClick is characterized by displaying real-time advertisements based on the supposed interests of the user. This allows us to display advertisements for and within our Website in a more targeted way, so that we only present advertisements to users which potentially suit their interests. If a user, for example, is shown advertisements for products that they have been looking at on other Websites, this is called "remarketing". For these purposes, upon accessing our Websites and other Websites on which the Google Advertising Network is active, Google will immediately run a code and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") will be incorporated into the Website. With their help, an individual cookie, i.e. a small file, will be saved on the user’s device (comparable technologies may also be used instead of cookies). This file keeps a record of which Websites the user has visited, what content the user is interested in and what offers the user has clicked on, as well as technical information about the browser and operating system, Websites that have referred the user, access duration, and other information regarding the use of our Website.
10.2 The user's IP address is also recorded. It is shortened within Member States of the European Union or in other States which are party to the Agreement on the European Economic Area. It is only transmitted in full to a Google server in the USA and shortened there in exceptional cases. The above information may also be linked with such information from other sources by Google. If the user subsequently visits other Websites, they may be shown advertisements tailored to their presumed interests on the basis of their user profile.
10.3 The user's data is processed pseudonymously within the Google Advertising Network. This means that Google does not save and process, for example, the user's name or email address, but processes the relevant data obtained by cookies within the pseudonymous user profile. This means that, from the perspective of Google, the advertisements are not managed and displayed for a person who has been specifically identified, but for the person to whom the cookie belongs, regardless of who they may be. This does not apply if a user has explicitly allowed Google to process the data without pseudonymization. The information that Google Marketing Services has gathered about the user is transmitted to Google and saved in Google servers in the USA.
10.4 According to Art. 6 para. 1 letter a GDPR, the legal basis for the use of cookies for online marketing measures is your consent. Insofar as the cookies we use are absolutely necessary to ensure the technical functionality of the online platform, the legal basis is in Art. 6 para. 1 letter f GDPR: our legitimate interest in the user-oriented and economically efficient operation of our Website.
10.5 For more information about the use of data by Google, configuration and objection options and opportunity, please refer to the Google Privacy Policy (https://policies.google.com/technologies/ads) as well as to settings for the displaying of advertisements by Google ( https://adssettings.google.com/authenticated ).
11. Online presence in social media
11.1 We maintain an online presence within social networks and platforms in order to communicate with customers, interested parties and users who are active on social media and to inform them about our services.
11.2 Please note that user data may be processed outside of the European Union and Switzerland. This may imply risks for users because, for example, it could be more difficult to enforce user rights. Please note that US providers that are certified under the Privacy Shield are thereby making a commitment to comply with the data protection standards of the EU and the Swiss Confederation.
11.3 Furthermore, user data is usually processed for market research and advertising purposes. Thus, for example, profiles may be created based on user behavior and the user's interests suggested by this. The user profiles can, in turn, be used to place advertisements, for example, within and outside of platforms that are supposedly in line with user interests. For these purposes, cookies are usually stored on the devices of the user in which the user behavior and user interests are stored. In addition, data can also be stored in the user profiles separately from the users' devices (in particular if the users are members of the relevant platforms and are logged in to them).
11.4 We process the personal data of the user based on our legitimate interests in informing the user and in communicating with them effectively. If the users are asked to consent to data processing by the respective providers (i.e., give their consent, for example, by ticking a check box or pressing a button), the legal basis of the processing is consent.
11.5 For a detailed description of the respective processes mentioned under point 11 and the opportunity to object (opt out), please see the information by the provider at the relevant link.
11.6 Also, with regard to requests for information and the assertion of user rights, please note that these can be exercised most effectively against the providers. Only the providers have access to the data of the user and can take appropriate measures and provide information directly. If you still require assistance, please contact us.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Privacy Policy: https://www.facebook.com/about/privacy/ , Opt Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com , Privacy Shield:. https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active .
Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Privacy Policy: https://policies.google.com/privacy , Opt Out: https://adssettings.google.com/authenticated , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active .
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) - Privacy Policy: https://twitter.com/de/privacy, Opt Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active .
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Privacy Policy https://www.linkedin.com/legal/privacy-policy, Opt Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out , Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active .
Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - Privacy Policy/ Opt Out: https://privacy.xing.com/de/datenschutzerklaerung .
12. Google Marketing and Remarketing Services
12.1. On the basis of our legitimate interests (i.e., our interest in the analysis, optimization and efficient operation of our Website within the meaning of Art. 6 ( 1) f) GDPR), we use the marketing and remarketing services ("Google Marketing Services") of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
12.2. Google is certified under the EU-U.S. Privacy Shield Framework which ensures compliance with European data protection law. ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active )
12.3. For the purposes of the Google Marketing Services, User data are pseudonymized for processing. Google does not store and process, for example, the names and email addresses of Users but resorts to cookie-related processing of the data within pseudonymous User profiles. This means that, from Google's perspective, the advertisements are not managed and displayed for a specifically identifiable person, but for the holder of the cookie, regardless of who the holder of the cookie is. This does not apply if a User has given Google express consent to process the data without pseudonymization. The User information collected by Google Marketing Services is transmitted to Google and stored on Google servers in the US.
12.4. The online advertising program "Google AdWords" is one of the Google Marketing Services we use. Each AdWords customer receives a different "conversion cookie" for Google AdWords. This ensures that cookies cannot be tracked across Websites of AdWords customers. The information stored by cookies helps to create conversion statistics for AdWords customers using conversion tracking. The AdWords customers receive information on the total number of Users who clicked on their ad and were forwarded to a Website with a conversion tracking tag. However, they do not receive any information allowing them to identify individual Users.
12.5. By using the Google Marketing Service "DoubleClick", we can embed third-party advertisements on our Website. DoubleClick uses cookies to enable Google and its partner Websites to place advertisements based on the User's visits on this Website and/or other Websites on the Internet.
12.6. We can also use the "Google Tag Manager" to incorporate and manage Google analytics and marketing services on our Website.
12.7. Further information on the use of data by Google for marketing purposes is available at https://www.google.com/policies/technologies/ads and the Google Privacy Policy can be viewed here https://www.google.com/policies/privacy .
12.8. If you wish to opt out of personalized advertisements from Google Marketing Services, you may use Google's ad settings and opt-out options: http://www.google.com/ads/preferences .
13. Newsletter
13.1. The following section provides information about the content of our newsletter, the subscription and mailing process, the statistical evaluation of data as well as your rights to withdraw your consent to receive our newsletter. If you subscribe to our newsletter, you expressly agree to receiving the newsletter and to the processing operations described herein.
13.2. Content of the newsletter: We send newsletters, emails and other electronic notifications containing advertising information (hereinafter referred to as "Newsletter(s)") only with the recipients' consent or if this is permitted by law. If the content of the Newsletter is described in detail in the Newsletter subscription process, the recipient's consent is deemed to have been given upon subscription.
13.3. Double opt-in and recording of data: Subscribing to our Newsletter is subject to a so-called double opt-in process. This means that after subscribing to our Newsletter, you will receive an email in which you are requested to confirm your subscription. This confirmation is required to verify that the recipients subscribed to the Newsletter with their own email addresses. The subscriptions to the Newsletter are recorded to document the subscription process as required by statute. The time and date of the subscription and of the confirmation are stored, as well as the IP address. Changes to your data stored by the email marketing service provider are also recorded.
13.4. Email marketing service provider: The Newsletters are mailed by Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany (hereinafter referred to as "Email Marketing Service Provider"). The privacy policy of our Email Marketing Service Provider can be found here: https://www.inxmail.de/datenschutz .
13.5. According to information provided by the Email Marketing Service Provider, the Email Marketing Service Provider may also use these data in pseudonymized form, i.e., without linking the data to a specific User, to optimize or improve its own services, e.g., for the technical optimization of the mailing and the presentation of the Newsletter or for statistical purposes, i.e., for the statistical analysis of the location of recipients. However, the Email Marketing Service Provider will not use the data of our Newsletter recipients to contact them directly and will not disclose the Newsletter recipients' data to third parties.
13.6. Statistical collection of data and analyses - The Newsletters contain a so-called "Web Beacon", a single-pixel file which is retrieved from the server of the Email Marketing Service Provider when the Newsletter is opened. Upon such retrieval, technical information such as information on your browser and system as well as your IP address and the date and time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading habits, the place where the Newsletter is opened (which can be determined by using the IP address), or the date and time when the Newsletter is opened. Within the scope of the statistical collection of data, it is also assessed if the Newsletters are opened, when they are opened and which links are being clicked on. For technical reasons, this information can be attributed to individual Newsletter recipients. However, neither we nor our Email Marketing Service Provider are interested in observing individual Users. The analysis of statistical data helps us to determine the reading habits of our Users and to adjust our content accordingly or to send our Users individualized content matching their interests.
13.7. The use of the Email Marketing Service Provider, the statistical collection of data and analyses and the documentation of the subscription process are necessary to safeguard our legitimate interests pursuant to Art. 6 (1) f) GDPR. We are interested in a User-friendly and secure Newsletter system serving our business purposes and fulfilling the expectations of our Users.
13.8. Unsubscription/Withdrawal of consent - You may unsubscribe from our Newsletter at any time and thus withdraw your consent to receive our Newsletter. An "Unsubscribe" link can be found at the end of each Newsletter. If a User has unsubscribed from the Newsletter, the User’s personal data processed for email marketing are deleted.
14. Third-Party Services and Content
14.1 On our Website we use and incorporate content and services of Third-Party Providers, e.g., videos or embedded content (hereinafter referred to as "Content") on the basis of our legitimate interests (i.e., our interest in the analysis, optimization and efficient operation of our Website within the meaning of Art. 6 ( 1) f) GDPR). For this purpose, it is always necessary that the Third-Party Providers log the User's IP address, since otherwise they are not able to send Content to a User's browser. The IP address is required to display such Content. Our objective is to only use Content of Providers who use the Users’ IP address exclusively for transmitting their Content. Third-Party Providers may also use so-called pixel tags (invisible images that are also known as "Web Beacons") for statistical or marketing purposes. By using pixel tags, information such as traffic on subpages of this Website can be evaluated. The pseudonymous information may also be stored in cookies on the User's device and may contain technical information on the browser and the operating system, linked Websites, time of the visit to the Website and further details on the use of our Website and may be linked to similar information from other sources.
14.2 If we ask users to consent to the use of cookies, the legal basis of processing is consent in accordance with Art. 6 para. 1 letter a GDPR. The user has the option to refuse so-called analysis cookies and service cookies on our Website. In addition, we carry out processing based on our legitimate interest in the user-oriented and economically efficient operation of our Website, in accordance with Art. 6 para. 1 letter f GDPR.
15. Rights of the Users
Right to information in accordance with Article 15 GDPR, you can request confirmation as to whether data concerning you is being processed. If this is the case, you have a right to receive information regarding the information processed for free.
Right to revoke consent: If the processing of your personal data takes place on the basis of your consent, you have the right to revoke this consent at any time in accordance with Article 7 GDPR.
Right to object: If the processing of your personal data is necessary to safeguard the legitimate interests of our company, you can object to processing at any time in accordance with Article 21 GDPR.
Right to erasure: If you have revoked your consent, objected to the processing of your personal data (and there are no overriding legitimate reasons for processing), your personal data is no longer necessary for the purposes of processing, a legal obligation applies in this respect, or your personal information has been processed unlawfully, you have the right to request the erasure of your personal data in accordance with Article 17 GDPR.
Right to rectification: If your personal data has been processed while incorrect, you have the right to request that the data be corrected immediately according to Article 16 GDPR.
Right to restriction of processing: Under the conditions of Article 18 GDPR, you have the right to demand the restriction of the processing of your personal data.
Right to data portability: Under Article 20 GDPR, you have the right to receive personal data that you have provided in a structured, common and machine-readable format.
Right to file a complaint: According to Article 77 GDPR, you have the right to file a complaint with the supervisory authority responsible.
16. Erasure of data
The data that we store is erased as soon as it is no longer required for the purpose for which is was collected and provided that its erasure does not breach any statutory storage requirements. If the user data is not erased because it is required for other legally permissible purposes, its processing is restricted. This means that the data is blocked and is not processed for other purposes. This applies, for example, to user data which must be retained for reasons relating to commercial or tax law.
17. Changes to the Privacy Policy
17.1. We reserve the right to change the Privacy Policy in order to adapt to changes in the legal situation or to changes in our services and data processing. However, this only applies to policies regarding data processing. If the consent of the user is required or if elements of the Privacy Policy contain components of the contract agreed the user, the changes will only be made with the user's consent.
17.2. Users are requested to familiarize themselves regularly with the content of the Privacy Policy.
Last updated: 26.02.2019