Home Confidentiality

Confidentiality

 

This privacy policy (version: GDPR 1.0 of 18.05.2018) was created by:

Deutsche Datenschutzkanzlei data protection office, Munich – www.deutsche-datenschutzkanzlei.de

Privacy

We, HEINE Optotechnik GmbH & Co. KG, are responsible for this website. As a teleservice provider, it is our duty to inform you at the start of your visit to our website about the nature, scope and purpose of the collection and use of personal data in a precise, transparent, straightforward and accessible manner using clear and simple language. The content of this information must be available to you at any time. We are therefore required to inform you about what personal data is collected or used. ‘Personal data’ refers to any information relating to an identified or identifiable natural person.

We attach great importance to the security of your data and compliance with data protection regulations. The collection, processing and use of personal data is subject to the provisions of current European and national laws.

We would like to use the following privacy policy to explain how we handle your personal data and how you can contact us.

 

HEINE Optotechnik GmbH & Co. KG

Kientalstrasse 7

82211 Herrsching

Germany

Email: info@heine.com

Phone: +49 (0)8152 380

Commercial register no.: HRA 52039

Managing director: Oliver Heine, Dr. Matthias Kühner, Timo Martin

 

Our data protection officer

If you have any questions, contact our data protection officer using the details below:

 

Alissa Lenz

Deutsche Datenschutzkanzlei – Datenschutzkanzlei Lenz GmbH & Co. KG

Bahnhofstrasse 50

87435 Kempten

Germany

Email: dsb@heine.com

Website: www.deutsche-datenschutzkanzlei.de

 

A.  General information

For the sake of readability, no gender-specific terms appear in our privacy policy. Any reference to an individual applies equally to both sexes.

Definitions of the terminology used, such as ‘personal data’ or ‘processing’, can be found in article 4 of the EU General Data Protection Regulation (GDPR).

The personal data of users that is processed in the context of this website includes user-related information (e.g. name and addresses of customers), contractual information (e.g. services used, names of administrators, payment information), usage data (e.g. pages visited on our website, interest in our products) and content data (e.g. contact form entries).

The term ‘user’ includes every category of data subject affected by processing. These categories include, for example, our business partners, customers, potential customers and other website visitors.

 

B.  Specific information

Privacy policy

We guarantee that we only collect, process, store and use your relevant data in connection with managing your enquiries, for internal purposes and to provide you with requested services or content.

Legal basis of data processing

We process the personal data of users only in compliance with the relevant data protection regulations. Users’ data is only processed if legally permitted for the following reasons: 

  • to provide our contractual services (e.g. processing orders) and online services
  • processing is required by law
  • you have provided your consent
  • based on our legitimate interests (i.e. an interest in the analysis, optimisation, and cost-effective operation and security of our website in accordance with article 6(1) (f) of the GDPR, in particular with regard to measuring reach, creating profiles for advertising and marketing purposes, collecting access data and using third-party services)

We would like to point out where the legal basis of data processing is regulated in the GDPR:

Consent       Article 6(1)(a) and article 7 of the GDPR
Processing to perform our services and complete contractual measures  Article 6(1)(b) of the GDPR
Processing to fulfil our legal obligations  Article 6(1)(c) of the GDPR

Processing to protect our legitimate interests   

Article 6(1)(f) of the GDPR


Data transfers to third parties

We would also like to draw your attention to the fact that some data is shared when you use our website due to our use of Google Analytics.

Data transmission to third countries or international organisations

Third countries are those states in which the GDPR is not a directly applicable law. Essentially, this refers to all countries outside the EU or the European Economic Area.

Data is transmitted to a third country or an international organisation. Here it is taken into account that suitable, adequate guarantees are in place and that you are accordingly entitled to enforceable rights and effective legal remedies

A copy of the appropriate guarantees can be found under the following links:

Storage period of your personal data

We adhere to the principles of data economy and data avoidance. This means that we store the data you provide to us only for the length of time needed to fulfil the purposes mentioned above or in line with the various retention periods determined by local law. If a given purpose no longer applies, or after the respective deadline, your data is routinely blocked or deleted in accordance with legal regulations.

Our company has created an internal concept to ensure this procedure.

Contact

If you contact us by email, telephone, fax, contact form or any similar means, you agree to electronic communication. Personal data is collected when you contact us. The specific information that is collected when a contact form is used can be seen on the respective form. Your data is transmitted with SSL encryption. The details you provide will be stored solely for the purpose of processing the enquiry and any possible follow-up questions.

We would like to specify the legal basis of these activities:        

Processing to perform our services and complete contractual measures Article 6(1)(b) of the GDPR
Processing to protect our legitimate interests Article 6(1)(f) of the GDPR

 

We use software to manage customer data (a CRM system) or similar software based on our legitimate interests (efficient and fast processing of user enquiries).

We operate this system in-house, which means that no data is transferred to third parties.

We would like to point out that emails can be read or changed without authorisation while they are being transferred, and this may go unnoticed. Furthermore, we would like to note that we use software to filter unwanted emails (a spam filter). The spam filter may reject emails if they are incorrectly identified as spam due to certain features.

What rights do you have?

a)            Right of access

You have the right to obtain free information about your stored data. Upon request, we will inform you in writing about the personal data we have stored about you in accordance with the applicable law. This also includes details of the origin and recipients of your data as well as the purpose of data processing.

b)           Right to rectification

You have the right to have any of your data stored by us rectified if it is incorrect. You can also request that processing be restricted if, for example, the accuracy of your personal data is contested. 

c)            Right to blocking

Furthermore, you can have your data blocked. In order to manage the blocking of your data at any time, this data must be kept in a lock file for control purposes.

d)           Right to erasure

You can also request that your personal data be deleted so long as there are no statutory retention requirements. If such an obligation exists, we will block your data on request. If the corresponding legal prerequisites are met, we will delete your personal data even if you have without receiving a corresponding request from you.

e)           Right to data portability

You are entitled to request that we provide the personal data transmitted to us in a format that allows it to be transferred to another location.

f)            Right to lodge a complaint with a supervisory authority

You have the opportunity to lodge a complaint to a data protection supervisory authority.

Bavarian Data Protection Authority (BayLDA)

Promenade 27, 91522 Ansbach, Germany

Phone: +49 (0)981 531 300

Fax: +49 (0)981 5398 1300

The BayLDA complaint form, which is in German, can be found under the following link: www.lda.bayern.de/de/beschwerde.html

g)            Right to object

You have the opportunity at any time to revoke your consent to the use of your data for internal purposes with future effect. It is sufficient in such cases to send an email to dsb@heine.com. However, such an objection does not affect the legality of processing operations already carried out by us. This does not affect data processing with respect to any other legal basis, such as negotiating contracts (see above).

Protection of your personal data

We have state-of-the-art contractual, organisational and technical safeguards in place to ensure compliance with data protection laws and to protect the data we process against accidental or intentional manipulation, loss or destruction as well as access by unauthorised persons.

A key security measure is encrypted data transfers between your browser and our server. A 256-bit SSL (AES 256) encryption method is used for this purpose.

Your personal data is protected under the following points (excerpt):

a)            Maintaining the confidentiality of your personal information

In order to maintain the confidentiality of your personal data stored by us, we have taken various measures to control physical entry and electronic access.

b)           Maintaining the integrity of your personal information

In order to maintain the integrity of your personal data stored by us, we have taken various measures to control sharing and data entry.

c)            Safeguarding the availability of your personal data

In order to safeguard the availability of your personal data stored by us, we have taken various measures to control data processing and availability.

The security measures used are continuously improved in line with technological developments. Despite these precautions, we are unable to guarantee the security of data transfers with respect to our website due to the unsafe nature of the Internet. Because of this, all data transfers from your system to our website take place at your own risk.

Protection of minors

Individuals under the age of 16 may not provide us with personal information unless they have the express consent of a legal guardian. This data is processed in accordance with our privacy policy.

Cookies

We use cookies. Cookies are small text files that are stored locally in the cache of your web browser. Cookies make it possible for your web browser to be recognised. These files are used to help the browser navigate the website and to allow full use of all its features.

Our website uses browser cookies.

Control of cookies by the user

Browser cookies: you can set all browsers to accept cookies on request only. The settings also make it possible to accept cookies only for the pages currently being visited. All browsers offer features that support the selective deletion of cookies. The acceptance of cookies can also be disabled at a general level, but users must be willing to tolerate certain limitations with respect to the user-friendliness of this website.

Use of first-party cookies (Google Analytics cookies)

Google Analytics cookies create a record of:

  • Distinct users – Google Analytics cookies record and group your data. All activities during a website visit are summarised together. A distinction is made between users and distinct users through the use of Google Analytics cookies.
  • User activities – Google Analytics cookies also store data about the start and end time of each visit to the website and the number of pages you have viewed. When the browser is closed or the user is idle for a long time (usually 30 minutes), the user session ends and the cookie records that the visit has been terminated. Furthermore, the date and time of the first visit are recorded. The total number of visits for each distinct user is also logged. External link: www.google.com/analytics/terms/gb.html

You can prevent information generated by cookies relating to use of the website (including your IP address) from being collected and sent to Google as well as the processing of this data by Google by downloading and installing the browser plug-in provided on the following link:

External link: tools.google.com/dlpage/gaoptout.

More detailed information can be found under ‘Google Analytics/Universal Analytics Web analysis service’ below.

Use of third-party cookies

On our website, third parties use (additional) third-party cookies to display editorial content or advertisements. Third-party providers are also subject to strict data protection requirements concerning the availability of personal data.

Lifespan of cookies used

Cookies are managed by the web server of our website. This website uses

transient cookies/session cookies (single usage).

Lifespan: until the website is closed.

Disabling or removing cookies (opt-out)

Every web browser offers options to restrict and delete cookies. More information can be found on the following websites:

  • Internet Explorer:

windows.microsoft.com/en-GB/windows7/How-to-manage-cookies-in-Internet-Explorer-9

  • Firefox:

support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

  • Google Chrome:

support.google.com/chrome/answer/95647

  • Safari:

support.apple.com/en-gb/HT201265

Google Analytics/Universal Analytics Web analysis service

We use Google Analytics, a web analysis service provided by Google Inc. (‘Google’). Google Analytics uses cookies, which are text files that are stored on your computer to allow an analysis website use. Generally speaking, the information generated by the cookie about use of this website is sent to a Google server in the US and stored there. This means that data is transmitted to a third country. Here it is taken into account that suitable, adequate guarantees are in place and that you are accordingly entitled to enforceable rights and effective legal remedies

A copy of the appropriate guarantees can be found under the following links:

However, if IP anonymisation is activated on our website, Google will first shorten your IP address within EU member states or in other member states of the European Economic Area.

Only in exceptional cases is the full IP address sent to a Google server in the US, where it is then shortened. Google will use this information on our behalf to evaluate use of the website, to compile website activity reports and to provide us with additional services associated with the use of the website and the Internet in general. The IP address provided by your browser to Google Analytics will not be associated with any other information held by Google. You can prevent the storage of cookies by selecting the appropriate settings in your browser. In this case, however, we would like to point out that you may be unable to use all the website features to the full extent.

Please note that this website uses Google Analytics with the ‘_anonymizeIp()’ extension, which means that IP addresses are always shortened before being processed so that they cannot be directly associated with individual users.

Data sent by us and linked to cookies, user identifiers (e.g. user IDs) or advertising IDs is automatically deleted after 14 months. For data whose retention period has expired, deletion automatically takes place once a month. For more detailed information about terms of use and data protection, please visit www.google.com/analytics/terms/gb.html or policies.google.com.

You can also prevent information generated by cookies relating to your use of the website (including your IP address) from being collected and sent to Google as well as the processing of this data by Google by downloading and installing the browser plug-in provided on the following link: tools.google.com/dlpage/gaoptout.

Use of Google Maps

We use Google Maps to display maps and to create route plans. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you agree to the collection, processing and use of data that is automatically recorded or entered by you (including your IP address) by Google and any of its representatives or third parties. The terms of service for Google Maps can be found at the following link:

policies.google.com/terms

Extensive details about transparency and the choices available to users as well as the privacy policy can be found in Google’s data protection centre: policies.google.com/privacy

DoubleClick by Google Web analytics service

We use the online marketing tool DoubleClick by Google, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘DoubleClick’).

DoubleClick uses cookies to display advertisements that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same advertisements multiple times. Google uses a cookie ID to record which advertisements are being displayed in which browser and can prevent them from being shown multiple times.

Additionally, DoubleClick can use cookie IDs to track conversions, which are related to advertisement enquiries. For example, a user may see a DoubleClick advertisement and later visit the advertiser’s website using the same browser and buy something there. According to Google, DoubleClick cookies do not contain personal data. Due to the marketing tools used, your browser automatically establishes a direct connection to a Google server. We have no control over the scope and further use any data that is collected by Google through use of this tool, and we therefore provide you with this information to the best of our knowledge. The integration of DoubleClick means that Google is informed that you have accessed the relevant part of our website or have clicked on one of our advertisements. If you have registered for a service provided by Google, Google may associate this visit with your account. Even if you have not registered with Google or have not logged in, it is possible that the provider will find out and store your IP address.

You can object to participating in this tracking process by turning off cookies for conversion tracking. To do this, set your browser to block cookies from the domain www.googleadservices.com, www.google.com/settings/ads – although do note that this setting will be reset if you delete your cookies. Alternatively, you can visit the Digital Advertising Alliance at www.aboutads.info to find out about the use of cookies and how to make the appropriate settings. Finally, you can set your browser to inform you when cookies are being used and decide on a case-by-case basis whether to accept or not, or to refuse cookies in specific cases or in general. If cookies are not enabled, some functions and features of our website may not work properly.

Google LLC, based in the United States, is certified under the EU-US Privacy Shield agreement, which ensures compliance with the level of data protection required in the EU. For more information about the privacy policy of DoubleClick by Google, visit the following website: policies.google.com/privacy

Use of YouTube

Our website includes features of the YouTube video viewing and playback service. These features are offered by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066 USA. For more detailed information, please refer to YouTube’s privacy policy.

On our website, the extended privacy mode is used, which according to information from the provider means that user data is not stored until a video is played.

Once the playback of an embedded YouTube video begins, YouTube uses cookies to gather information about user behaviour. According to YouTube, this information helps to record video statistics, to improve user-friendliness and to prevent misuse, among other things. Independent of embedded video playback, a connection is made to the Google network ‘DoubleClick’ every time you access our website, which may trigger further data processing without our influence.

For more details about the use of cookies on YouTube, please refer to YouTube’s privacy policy at: www.youtube.com/t/privacy_at_youtube
 

Social networks

In addition to this website, we also maintain presences on various forms of social media, which you can access by clicking on the corresponding buttons on our website. When you visit one of our social media pages, personal data may be transmitted to the social network provider. In addition to storing the data you specifically enter into this social medium, it is also possible that the social network provider will also process further information.

Furthermore, the social network provider may process the most important data about the computer system you are using to visit it – such as your IP address, the type of processor you are using and the browser version and plug-ins you are using.

If you are logged in with your personal user account for the respective network when you visit such a page, this network can assign your visit to this account.

To find out about the purpose and extent of the respective medium’s data collection activities and the further processing of your data there, plus your rights in this regard, please refer to the respective provisions set forth by the respective controller, e.g. at:  

Twitter:            https://twitter.com/en/privacy 

Instagram:       https://help.instagram.com/155833707900388

Google:            https://policies.google.com/privacy?hl=en  

YouTube:          https://policies.google.com/privacy?hl=de&gl=de

Facebook:         https://en-gb.facebook.com/full_data_use_policy

LinkedIn:          https://www.linkedin.com/legal/privacy-policy?_l=EN

Xing:                https://www.xing.com/app/share?op=data_protection 

Kununu:           https://www.kununu.com/us/privacy 

We would also like to point out that our website contains other links to external third-party websites, on which we have no influence over data processing activities.   Facebook fan page:

When you visit our Facebook fan page, Facebook will collect statistical data that we can access. Such data includes categories such as the total number of page views, ‘Like’ information, page activities, interactions with posts, video views, the reach of posts, comments, shared content, responses, proportion of men and women, origin by country and town/city, language, clicks on route planners, etc.

Click on the following link to find out more information about Facebook’s data collection activities:

https://www.facebook.com/about/privacy/.  

In this respect, Facebook and Heine Optotechnik GmbH & Co. KG are joint controllers according to Article 26 of the General Data Protection Regulation (GDPR) and are jointly and severally liable. You will find the agreement with Facebook at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum

 

Cookie Consent

We use the application ‘Cookie Consent’ provided by Silktide Ltd, Brunel Parkway, Pride Park, Derby, DE24 8HR, UK. This is a plug-in that can be used to obtain consent to the use of cookies and/or tracking technology. Cookie Consent does not collect any personal data itself. Details about this tool can be found online at: cookieconsent.insites.com.

Newsletter

We do not offer a newsletter subscription service.

Changes to our data privacy policy

We reserve the right to adjust our privacy policy on occasion so that it always complies with current legal requirements or in order to reflect changes to our services in the privacy policy. This may happen, for instance, when new services are introduced. The new privacy policy will be valid for your next visit in such cases.

Trademark protection

Each brand or trademark mentioned here is the property of the respective company. Brands and names are used in the document for purely informative purposes.

C.  Specific terms for Russia

The following applies to users resident in the Russian Federation:

The above services provided through our website are not intended for citizens of the Russian Federation who are resident in Russia.

If you are a Russian citizen based in Russia, we hereby explicitly inform you that any personal data you provide to us through this website is your sole responsibility and risk. Furthermore, you agree not to hold us responsible for any failure to comply with the laws of the Russian Federation.

Duty to provide information when personal data is collected from applicants

Note

General Act on Equal Treatment (AGG)

For the sake of readability, no gender-specific terms are used in this document. Any reference to an individual applies equally to both sexes.

  1. Duty to provide information when data is collected from applicants

 

This data protection information provides you with information about how your applicant data is processed at Heine GmbH & Co.KG.

 

Summary:

  • We use your data for the sole purpose of processing your application.
  • During the course of the application process, there are clear rights of inspection: Only the recruitment consultants and decision-makers will see your application documents.
  • Your application is only passed on with regard to further vacancies in our company, for example, with your consent.
  • If you are not hired, we will delete your data after six months.
  • If you are hired, we will incorporate relevant data into your personnel file.

 

 

Data protection of applicant data at Heine GmbH & Co.KG.

According to Art. 4 (1) of the GDPR, your personal data includes all information that relates or may relate to you as a person.

 

 

Personal information and personal data

Heine GmbH & Co.KG. receives information (in both paper and digital form) through your application. This is the data that you provide to us in the course of your application. This information includes, for example:

  • Name
  • Address
  • Date of birth
  • Place of birth
  • Information about your education, your vocational, advanced and further training and your qualifications
  • Certificates

 

Purposes of collection and processing

Heine GmbH & Co.KG. collects, processes and uses your personal data for the sole purpose of processing your application (= initiating an employment relationship).

Your data will only be processed for purposes other than that mentioned insofar as doing so is permissible pursuant to Art. 6 (4) of the GDPR and is compatible with the original purpose. We will inform you that your data will be further processed prior to doing so.

 

Your rights under data protection legislation

You have a right of access to the personal data stored about you, the purposes of processing, possible transfer to other bodies and the duration of storage.

To exercise your right of access, you may also receive extracts or copies. If data is inaccurate or no longer necessary for the purposes that it was collected for, you may request that it be rectified, erased or restricted. Insofar as provided for in the processing procedures, you may also inspect your data yourself and correct it if necessary.

Should your particular personal situation give rise to grounds against processing of your personal data, you may object to such processing, provided that processing is based on a legitimate interest. In a situation such as this, we will only process your data if there are special compelling interests.

If you have any questions about your rights and exercising them, please contact the Human Resources Department or the Data Protection Officer.

 

Legal basis for processing your personal data

Your data is required to implement pre-contractual measures (Art. 6 (1) b of the GDPR). This means that we need and therefore process your data for the purpose of potentially hiring you.

We may obtain your consent to processing or transfer of your data on a case-by-case basis. This may happen, for example, if your application is being kept for an extended period of time or if your application is being considered for another position within our company. Your consent in these situations is voluntary and you are free to revoke it at any time with effect for the future.

 

Transferring your personal information

Your data will not be transferred to external bodies.

 

Certain personnel administration and personnel management tasks are performed centrally by the Human Resources Department in Herrsching. This particularly includes application management and organising trips. Specially defined bodies have limited access rights to your data for this purpose. Your data will only be transferred or disclosed to the extent necessary for this purpose and in compliance with the relevant data protection regulations.

 

Controller for processing your personal data

Unless contractually agreed otherwise, the competent controller for collecting, processing and using your personal data is Heine GmbH & Co.KG. in the Federal Republic of Germany.

Applicant data is stored and processed in personnel data processing systems. The technical installation is designed in such a way that only a narrow circle of specially authorised individuals are authorised to access the data and any other access or other knowledge of the data is excluded in accordance with the state of the art.

 

Complaints regarding processing of your personal data

If you have any concerns or questions regarding the processing of your personal data and information, you are welcome to contact the Human Resources Department. However, you may also contact the Data Protection Officer or the data protection supervisory authority using the contact details below.

 

Alissa Lenz
Deutsche Datenschutzkanzlei – Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstrasse 50
87435 Kempten
Germany

Email: dsb@heine.com
Web: www.deutsche-datenschutzkanzlei.de

 

You have the opportunity to lodge a complaint with a data protection supervisory authority.

Bavarian Data Protection Authority (BayLDA)

Promenade 27, 91522 Ansbach, Germany

Phone: +49 (0)981 531 300

Fax: +49 (0)981 5398 1300

 

Duration of storage

Your personal data will only be stored for as long as knowledge of the data is necessary for the purposes of the employment relationship or the purposes that it was collected for, or for as long as there are legal or contractual storage regulations.

 

If a contractual relationship is not concluded, we will keep your application data for 6 months for the purposes of traceability under the General Act on Equal Treatment.

 

If a contractual relationship is concluded (= employment), we will transfer the necessary information to the personnel file.