Data protection is a subject of special importance for Heraeus: We process your personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures.
1. Objective and Responsibility
1.2. The provider of the Website and the organization responsible for ensuring compliance with the applicable data protection regulations is Heraeus Holding GmbH, Heraeusstraße 12-14, 63450 Hanau, Germany (hereinafter referred to as “Heraeus”, “we“ or “us“). For further information about us as well as contact details please refer to our imprint .
1.3. The Website represents all legal entities of the Heraeus Group. For further details on the individual Heraeus entities please refer to the “Imprint” on the respective sub-sites.
1.4. Our Data Protection Officer can be contacted via e-mail at: firstname.lastname@example.org .
1.5. The term “User” or “you” and “your” includes all customers and their respective employees as well as all visitors to our Website.
2. General Information on Data Processing; Legal Basis
2.1. At Heraeus, personal data of Users are processed exclusively in compliance with the applicable data protection regulations. This means that User data are only processed if there is a valid legal basis for the processing; i.e., in particular, if the data processing is necessary for the performance of our contractual obligations (e.g., order processing) or the provision of our online services, if the processing is required by law, if the User has given consent to the processing or if the processing is necessary for the purposes of the legitimate interests pursued by Heraeus (i.e., our interest in the analysis, optimization and the efficient and secure operation of our Website within the meaning of Art. 6 (1) lit. f. GDPR), including, in particular, audience and media reach measurement, the creation of profiles for advertising and marketing purposes as well as the collection of access data and the use of third-party providers.
2.2. The individual legal bases for the processing of personal data in accordance with the General Data Protection Regulation (GDPR), which came into force on 25 May 2018, are as follows: Where we obtain the consent of a data subject for the processing of personal data, Art. 6 (1) lit. a and Art. 7 GDPR is the relevant legal basis. If the processing activities are necessary for the provision of our services and the performance of contracts, Art. 6 (1) lit. b GDPR is the relevant legal basis. Where processing activities are necessary for compliance with our legal obligations, Art. 6 (1) lit. c GDPR is the relevant legal basis. And if the processing activities are necessary to safeguard our legitimate interests, Art. 6 (1) lit. f GDPR is the relevant legal basis.
3. Security Measures
3.1. We have in place state-of-the-art organizational, contractual and technical security measures to ensure compliance with data protection legislation and to protect your personal data against accidental or intentional manipulation, loss, destruction and unauthorized access.
3.2. Our security measures include, in particular, the encryption of data for transmission between your browser and our server.
4. Transfer of Data to Third Parties and Third-Party Providers
4.1. Heraeus transfers data to third parties exclusively in accordance with legal provisions. User data are only transferred to third parties if such transfer is necessary for invoicing purposes or to fulfil our contractual obligations with Users or to meet legal requirements.
4.2. Where we use sub-contractors to provide our services, we will take appropriate legal precautions and technical and organizational measures to protect personal data in accordance with applicable legal provisions.
4.4. Third countries are countries in which the GDPR is not directly applicable, i.e., in principle, countries outside the EU or the European Economic Area. Data may only be transferred to third countries if an adequate level of data protection is ensured, if our Users have given their consent or if the transfer of such data is permitted by law.
5. Contacting us
5.1. When you contact us (by contact form or e-mail), your data will be stored to process and handle your request.
5.2. User data may be stored in our Customer Relationship Management System ("CRM System") or in similar request management systems and - due to their legal categorization as business letters - are subject to a statutory retention period of 6 years.
6. Collection of Access Data
Based on our legitimate interests, we record data about every access to the server which hosts this Website (so-called server log files). The access data include the date / time of access to the Website, IP addresses, browser versions and information on the sub-sites that are accessed on our Website.
7. Cookies & Audience and Media Reach Measurement
7.1. Cookies are small pieces of information that are sent from our web server or web servers of third parties to your web browser and stored locally on your computer for later retrieval. Cookies are small files or other types of stored information. Users are hereby informed that cookies are used as part of pseudonymized reach measurement.
7.3. You may prevent the storage of cookies on your computer by selecting the appropriate system settings for the deactivation of cookies on your browser. Stored cookies can also be deleted in the browser’s system settings. Please note that disabling cookies may limit the functionalities of this Website.
8. Google Analytics
8.2. Google is certified under the EU-U.S. Privacy Shield Framework which ensures compliance with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).
8.3. Google will use this information on behalf of Heraeus to evaluate your use of our Website, to compile reports on Website activity, and to provide other services to Heraeus that are related to the use of the Website and the Internet. The data retrieved in this context may be used to create pseudonymized User profiles.
8.4. We only use Google Analytics with activated IP anonymization. This means that your IP address will be truncated by Google within the member states of the European Union or in other states party to the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server located in the US and truncated there.
8.5. The IP address transferred from your browser will not be linked with other Google data. You may prevent the storage of cookies by selecting the appropriate system settings on your browser. You may also prevent the recording and processing by Google of data generated by cookies and data related to your use of the Website by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en .
8.6. For further information on the use of data by Google, settings and opt-out options, please go to the following Google websites: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“Advertising”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).
9. Target group formation with Google Analytics
We use Google Analytics to show the advertisements displayed within Google advertising services and its affiliates only to those users who have also shown an interest in our website or who have certain characteristics (e.g. interests in specific themes or products that are determined from the websites visited), which we submit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our advertisements match the potential interests of the user.
9.1 For more information on the use of data by Google, configuration and objection options, please refer to the following Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Data usage by Google when you use websites or apps provided by our affiliates”), http://www.google.com/policies/technologies/ads (“Data usage for advertising purposes”),http://www.google.de/settings/ads (“Manage information that Google uses to show you advertising”).
10. Google DoubleClick
10.1 We use the online marketing practice Google “DoubleClick” to place advertisements in the Google Advertising Network (e.g. in search results, in videos, on websites, etc.). DoubleClick is characterized by displaying real-time advertisements based on the supposed interests of the user. This allows us to display advertisements for and within our website in a more targeted way, so that we only present advertisements to users which potentially suit their interests. If a user, for example, is shown advertisements for products that they have been looking at on other websites, this is called "remarketing". For these purposes, upon accessing our websites and other websites on which the Google Advertising Network is active, Google will immediately run a code and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") will be incorporated into the website. With their help, an individual cookie, i.e. a small file, will be saved on the user’s device (comparable technologies may also be used instead of cookies). This file keeps a record of which websites the user has visited, what content the user is interested in and what offers the user has clicked on, as well as technical information about the browser and operating system, websites that have referred the user, access duration, and other information regarding the use of our website.
10.2 The user's IP address is also recorded. It is shortened within Member States of the European Union or in other States which are party to the Agreement on the European Economic Area. It is only transmitted in full to a Google server in the USA and shortened there in exceptional cases. The above information may also be linked with such information from other sources by Google. If the user subsequently visits other websites, they may be shown advertisements tailored to their presumed interests on the basis of their user profile.
10.3 The user's data is processed pseudonymously within the Google Advertising Network. This means that Google does not save and process, for example, the user's name or email address, but processes the relevant data obtained by cookies within the pseudonymous user profile. This means that, from the perspective of Google, the advertisements are not managed and displayed for a person who has been specifically identified, but for the person to whom the cookie belongs, regardless of who they may be. This does not apply if a user has explicitly allowed Google to process the data without pseudonymization. The information that Google Marketing Services has gathered about the user is transmitted to Google and saved in Google servers in the USA.
11. Online presence in social media
11.1 We maintain an online presence within social networks and platforms in order to communicate with customers, interested parties and users who are active on social media and to inform them about our services.
11.2 Please note that user data may be processed outside of the European Union and Switzerland. This may imply risks for users because, for example, it could be more difficult to enforce user rights. Please note that US providers that are certified under the Privacy Shield are thereby making a commitment to comply with the data protection standards of the EU and the Swiss Confederation.
11.3 Furthermore, user data is usually processed for market research and advertising purposes. Thus, for example, profiles may be created based on user behavior and the user's interests suggested by this. The user profiles can, in turn, be used to place advertisements, for example, within and outside of platforms that are supposedly in line with user interests. For these purposes, cookies are usually stored on the devices of the user in which the user behavior and user interests are stored. In addition, data can also be stored in the user profiles separately from the users' devices (in particular if the users are members of the relevant platforms and are logged in to them).
11.4 We process the personal data of the user based on our legitimate interests in informing the user and in communicating with them effectively. If the users are asked to consent to data processing by the respective providers (i.e., give their consent, for example, by ticking a check box or pressing a button), the legal basis of the processing is consent.
11.5 For a detailed description of the respective processes mentioned under point 11 and the opportunity to object (opt out), please see the information by the provider at the relevant link.
11.6 Also, with regard to requests for information and the assertion of user rights, please note that these can be exercised most effectively against the providers. Only the providers have access to the data of the user and can take appropriate measures and provide information directly. If you still require assistance, please contact us.
12. Google Marketing and Remarketing Services
12.1. On the basis of our legitimate interests (i.e., our interest in the analysis, optimization and efficient operation of our Website within the meaning of Art. 6 ( 1) f) GDPR), we use the marketing and remarketing services ("Google Marketing Services") of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
12.2. Google is certified under the EU-U.S. Privacy Shield Framework which ensures compliance with European data protection law. ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active )
12.3. For the purposes of the Google Marketing Services, User data are pseudonymized for processing. Google does not store and process, for example, the names and email addresses of Users but resorts to cookie-related processing of the data within pseudonymous User profiles. This means that, from Google's perspective, the advertisements are not managed and displayed for a specifically identifiable person, but for the holder of the cookie, regardless of who the holder of the cookie is. This does not apply if a User has given Google express consent to process the data without pseudonymization. The User information collected by Google Marketing Services is transmitted to Google and stored on Google servers in the US.
12.4. The online advertising program "Google AdWords" is one of the Google Marketing Services we use. Each AdWords customer receives a different "conversion cookie" for Google AdWords. This ensures that cookies cannot be tracked across websites of AdWords customers. The information stored by cookies helps to create conversion statistics for AdWords customers using conversion tracking. The AdWords customers receive information on the total number of Users who clicked on their ad and were forwarded to a website with a conversion tracking tag. However, they do not receive any information allowing them to identify individual Users.
12.6. We can also use the "Google Tag Manager" to incorporate and manage Google analytics and marketing services on our Website.
12.8. If you wish to opt out of personalized advertisements from Google Marketing Services, you may use Google's ad settings and opt-out options: http://www.google.com/ads/preferences .
13.1. The following section provides information about the content of our newsletter, the subscription and mailing process, the statistical evaluation of data as well as your rights to withdraw your consent to receive our newsletter. If you subscribe to our newsletter, you expressly agree to receiving the newsletter and to the processing operations described herein.
13.2. Content of the newsletter: We send newsletters, emails and other electronic notifications containing advertising information (hereinafter referred to as "Newsletter(s)") only with the recipients' consent or if this is permitted by law. If the content of the Newsletter is described in detail in the Newsletter subscription process, the recipient's consent is deemed to have been given upon subscription.
13.3. Double opt-in and recording of data: Subscribing to our Newsletter is subject to a so-called double opt-in process. This means that after subscribing to our Newsletter, you will receive an email in which you are requested to confirm your subscription. This confirmation is required to verify that the recipients subscribed to the Newsletter with their own email addresses. The subscriptions to the Newsletter are recorded to document the subscription process as required by statute. The time and date of the subscription and of the confirmation are stored, as well as the IP address. Changes to your data stored by the email marketing service provider are also recorded.
13.5. According to information provided by the Email Marketing Service Provider, the Email Marketing Service Provider may also use these data in pseudonymized form, i.e., without linking the data to a specific User, to optimize or improve its own services, e.g., for the technical optimization of the mailing and the presentation of the Newsletter or for statistical purposes, i.e., for the statistical analysis of the location of recipients. However, the Email Marketing Service Provider will not use the data of our Newsletter recipients to contact them directly and will not disclose the Newsletter recipients' data to third parties.
13.6. Statistical collection of data and analyses - The Newsletters contain a so-called "Web Beacon", a single-pixel file which is retrieved from the server of the Email Marketing Service Provider when the Newsletter is opened. Upon such retrieval, technical information such as information on your browser and system as well as your IP address and the date and time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading habits, the place where the Newsletter is opened (which can be determined by using the IP address), or the date and time when the Newsletter is opened. Within the scope of the statistical collection of data, it is also assessed if the Newsletters are opened, when they are opened and which links are being clicked on. For technical reasons, this information can be attributed to individual Newsletter recipients. However, neither we nor our Email Marketing Service Provider are interested in observing individual Users. The analysis of statistical data helps us to determine the reading habits of our Users and to adjust our content accordingly or to send our Users individualized content matching their interests.
13.7. The use of the Email Marketing Service Provider, the statistical collection of data and analyses and the documentation of the subscription process are necessary to safeguard our legitimate interests pursuant to Art. 6 (1) f) GDPR. We are interested in a User-friendly and secure Newsletter system serving our business purposes and fulfilling the expectations of our Users.
13.8. Unsubscription/Withdrawal of consent - You may unsubscribe from our Newsletter at any time and thus withdraw your consent to receive our Newsletter. An "Unsubscribe" link can be found at the end of each Newsletter. If a User has unsubscribed from the Newsletter, the User’s personal data processed for email marketing are deleted.
14.1 A webinar is comparable to a face-to-face seminar and takes place on the internet with computer / software support.
14.2 Heraeus uses the GoToWebinar software from LogMeIn Ireland Limited to process customer webinars (processor). As part of the registration on the infrastructure of LogMeIn (Bloodstone Building Block C70 Sir John Rogerson’s Quay Dublin 2, Ireland), personal data is collected / stored.
14.3 The legal basis for data processing is Art. 6 Para. 1 lit. f General data protection regulation. The processing of the data by LogMeIn (as a processor) is based on Article 28 General Data Protection Regulation. The data is processed within the legally permissible framework in Germany, the European Union and the USA.
14.4 For the order-related implementation of the webinar, we transmit your registration or customer data to LogMeIn, Inc. For this purpose, the following data is requested: first name, last name, company name, zip code, e-mail address, telephone (optional).
14.5 The data is transferred via an encrypted SSL connection.
14.6 An encrypted connection will be established between you and the organizer of the webinar.
14.7 You can end the session at any time by simply closing the browser window or exiting the program or app. When your contact person ends the session, your session participation is automatically ended.
15. Third-Party Services and Content
15.1 On our Website we use and incorporate content and services of Third-Party Providers, e.g., videos or embedded content (hereinafter referred to as "Content") on the basis of our legitimate interests (i.e., our interest in the analysis, optimization and efficient operation of our Website within the meaning of Art. 6 ( 1) f) GDPR). For this purpose, it is always necessary that the Third-Party Providers log the User's IP address, since otherwise they are not able to send Content to a User's browser. The IP address is required to display such Content. Our objective is to only use Content of Providers who use the Users’ IP address exclusively for transmitting their Content. Third-Party Providers may also use so-called pixel tags (invisible images that are also known as "Web Beacons") for statistical or marketing purposes. By using pixel tags, information such as traffic on subpages of this Website can be evaluated. The pseudonymous information may also be stored in cookies on the User's device and may contain technical information on the browser and the operating system, linked websites, time of the visit to the Website and further details on the use of our Website and may be linked to similar information from other sources.
15.3 We use the following services and content of third parties:
15.3.2 On our websites, we use the so-called "Facebook pixel" of the social network Facebook that is offered by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
Using the Facebook pixel, Facebook can, on the one hand, identify the visitors of our websites as a target group for showing advertisements (so-called "Facebook Ads"). Accordingly, we use the Facebook pixel to show the Facebook Ads that we run only to those Facebook users that actually have shown an interest in our websites or that have certain characteristics (e.g., are interested in certain topics or products that are identified based on the websites visited) that we communicate to Facebook (so-called "Custom Audiences"). By using the Facebook pixel, we also wish to ensure that our Facebook Ads match the potential interests of the users and do not have an annoying effect. Moreover, the Facebook pixel allows us to track the efficiency of the Facebook Ads for statistical and market research purposes by seeing whether users have been redirected to our website after they have clicked on a Facebook Ad (so-called "Conversion").
16. Rights of the Users
Right to information In accordance with Article 15 GDPR, you can request confirmation as to whether data concerning you is being processed. If this is the case, you have a right to receive information regarding the information processed for free.
Right to revoke consent: If the processing of your personal data takes place on the basis of your consent, you have the right to revoke this consent at any time in accordance with Article 7 GDPR.
Right to object: If the processing of your personal data is necessary to safeguard the legitimate interests of our company, you can object to processing at any time in accordance with Article 21 GDPR.
Right to erasure: If you have revoked your consent, objected to the processing of your personal data (and there are no overriding legitimate reasons for processing), your personal data is no longer necessary for the purposes of processing, a legal obligation applies in this respect, or your personal information has been processed unlawfully, you have the right to request the erasure of your personal data in accordance with Article 17 GDPR.
Right to rectification: If your personal data has been processed while incorrect, you have the right to request that the data be corrected immediately according to Article 16 GDPR.
Right to restriction of processing: Under the conditions of Article 18 GDPR, you have the right to demand the restriction of the processing of your personal data.
Right to data portability: Under Article 20 GDPR, you have the right to receive personal data that you have provided in a structured, common and machine-readable format.
Right to file a complaint: According to Article 77 GDPR, you have the right to file a complaint with the supervisory authority responsible.
17. Erasure of data
The data that we store is erased as soon as it is no longer required for the purpose for which is was collected and provided that its erasure does not breach any statutory storage requirements. If the user data is not erased because it is required for other legally permissible purposes, its processing is restricted. This means that the data is blocked and is not processed for other purposes. This applies, for example, to user data which must be retained for reasons relating to commercial or tax law.
Last updated: 21.04.2020