It is very important for us to ensure protection of your personal data as regards the collection, processing and use of such data when you visit our homepage.
We would like to take this opportunity below to inform you of the fact that we will ask you for personal data and store and process such data electronically, along with how this will be done as well.
Personal data is information that identifies you. This includes information, such as your name, address, telephone number or email address, but also data such as your place of residence, IP address or bank details. You do not need to disclose personal data in order to use our website. In certain cases we may, however, require your name, address and other details in order to supply the desired goods or perform the desired services.
This shall apply in particular for sending information materials or for responding to individual queries. We shall make suitable reference in cases where personal data needs to be disclosed. Furthermore, we shall only store and process data that you have voluntarily or automatically disclosed.
Name and contact information for controller of the processing
Responsible for the processing is HEROSE GMBH Armaturen und Metalle, Elly-Heuss-Knapp-Straße 12, 23843 Bad Oldesloe
Represented by its managing directors Dipl.-Jur. Dirk M. Zschalich, MBE and Dr. Jens Silligmüller, tel: +49 (0) 4531/509-0, fax: +49 (0) 4531/509-120 or e-mail: firstname.lastname@example.org
Data Protection Officer
Our external operational Data Protection Officer ensures a professional data privacy approach. We are advised by Mauß Datenschutz.
If you have any queries regarding data privacy, please feel free to get in touch using one of the following options:
Telephone: 040 / 999 99 52-0
Processing of your IP address by the web server
Services on the Internet can only be used from a technical perspective if your IP address is disclosed. This is processed by the web servers delivering the websites in question. Your IP address is stored together with other, non-identifiable information in technical protocol files, known as log files. We shall only use these files in order to be able to analyse the reason and impact in situations where a fault arises. The log files are deleted on a weekly basis. Non-identifiable information includes i.a. the following:
- the names and size (Bytes) of the web pages you have visited
- the name of the browser you are using
- the name and version of your operating system
- the device type of your computer (or mobile telephone or tablet)
- date and time of access
- any search engines used via which you have reached our website
- the names and size (Bytes) of any downloaded files
- user agent (Browser)
Apart from this processing by the web server, we shall only use or store your IP address in anonymous form (for more information on this see Google Analytics section). The legal basis for the storage is Art 6 no 1 lit f) GDPR, our legitimate interest in investigating technical errors and correcting them.
All data entered by you on this website is transmitted to us in an encrypted manner, so that they are protected from being viewed by third parties.
Furthermore, all of our web pages are SSL-encrypted, therefore it is highly unlikely that the content you read can also be read by third parties. We use state-of-the-art encryption methods for this process. Nevertheless, please refrain from sending us personal (or non-personal) medical data, for example, or other sensitive information via our website.
If you are using our contact form to send us messages we use the transmitted personal data to answer your request. Legal basis for our interest to answer your request is Art. 6 no. 1 lit. b) GDPR, or for other purposes to which you have given your consent (legal basis Art. 6 no. 1 lit. a) GDPR and which are described in this data protection declaration. Your data will be erased as soon as it is no longer required for the purpose for which it was collected. If we are legally obliged to store the data for a longer period, the data will be erased after this period has expired.
With respect to our newsletter, we need your e-mail address to send you the newsletter. We welcome any additional data, such as your first and last name, because then we will be able to personally address you, but the only information required is your e-mail address.
The information you provide in the context of subscribing to the newsletter will only be used to send you the newsletter. You may unsubscribe from our newsletter with future effect at any time free of charge.
The information you enter in our registration form is transmitted to us in encrypted form, which means it is protected against access by third parties.
The newsletter, which is sent by e-mail, contains references in graphics that are loaded by our servers when the newsletter is opened from your e-mail programme. Based on this loading activity we can see whether and when you opened the newsletter. Clicking on the “continue...” link in the newsletter will open the respective article in your browser. We also process information on the opening of newsletter articles in the browser.
We use this usage data to evaluate the readers’ interest in the individual articles. If you want to ensure that we cannot specifically allocate usage data to you, you should not provide a name (or provide an alias) when you subscribe to the newsletter and use an e-mail address without any information that identifies you. We do not create a profile or, in particular, combine the information with additional personal or usage data, though.
You have the right to withdraw your consent (Art. 7 no. 3 GDPR). We store and process your personal data until you unsubscribe from the newsletter (“Unsubscribe”). When you unsubscribe from the newsletter, your personal data (in particular the personal data you provided when you subscribed to it) will be deleted. We will permanently store usage data regarding the newsletter in anonymous form. Legal basis for the processing is Art 6 no 1 lit. a GDPR. Legal basis for the anonymization and storage of the data after you have unsubscribed is Art 6 no. 1 lit. f GDPR. Our legitimate interest in this case is to be able to permanently check the success of our marketing activities and to be able to optimize them over longer periods of time and to have a complete database at our disposal.
You can of course also view our website without cookies. If you do not wish us to recognise your computer, you can prevent cookies from being saved on your hard drive by choosing “do not accept cookies” in your browser preferences. You should consult the instructions of your browser’s developer to find out how this works in individual cases.
You can find information how to change the Cookie settings for some of the usual browsers on the following websites:
- Google Chrome
- Internet Explorer https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox (https://support.mozilla.org/en-US/kb/enable-or-disable-cookies-firefox-android)
- Safari (https://support.apple.com/en-gb/guide/safari/sfri11471/mac)
Legal basis for the use of Google Fonts is Art 6 lit f GDPR. Our legitimate interest is based on the technical secure operation of our website
Usercentrics Consent Management Platform
This is a consent management service from
Sendlinger Str. 7, 80331 Munich, Germany
Data processing purposes
Compliance with legal obligations
Storage of consent
Anonymized IP address
Opt-in and opt-out data
Date and time of visit
Art. 6 para. 1 sentence 1 lit. c GDPR
Place of processing
European Union (consent database is in Belgium)
Duration for saving the data
The consent data (given consent and withdrawal of consent) will be kept for three years. Data is exported after the contract has ended.
Data protection officer
Further information and opt-out
Click here to read the data processor's data protection regulations: https://usercentrics.com/privacy-policy/
Cookies of third parties
As part of the use of Google products, Google stores a cookie called NID in your browser. This is according to Google for recognition and to show you tailored advertising in Google offers. The relevant data protection conditions can be found under: https://policies.google.com/technologies/types?hl=en-US
We make use of Google Maps functionality on our website. Google Maps is a service operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you visit one of our web pages containing Google Maps, there is already a link established to Google's servers when the page loads up. In addition to your IP address, it also determines which of our web pages you have already visited. Other personal data, such as your location when accessing such web pages, is also transmitted to Google.
We use the Google reCaptcha service to determine whether a person or a computer makes a certain entry in our newsletter form. Google uses the following data to check whether you are a person or a computer: IP address of the device used, the website that you visit with us and on which the captcha is integrated, the date and duration of the visit, the identification data of the device used Browser and operating system type, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks for which you have to identify images. The legal basis for the data processing described is Article 6 (1) (f) of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing, to ensure the security of our website and to protect us from automated input (attacks).
We use Google Analytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical analysis of our website. Among other things, it includes the number of times our website is accessed, the individual pages users visited and their dwell time.
This information is also used to compile reports about activities on the website.
We process data using Google Analytics for the purpose of optimising our website and for marketing purposes based on your consent in accordance with Art. 6 (1) (a) GDPR.
We have no control over the specific storage period of the data processed as it is established by Google Ireland Limited. Further information is available in the privacy notice for Google Analytics: https://policies.google.com/privacy.
Google Tag Manager
We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through an interface and enables us to control the specific integration of services on our website
This allows us to flexibly integrate additional services in order to analyse how users access our website.
The use of Google Tag Manager is based on our legitimate interests, i.e. the interest in the optimisation of our services, in accordance with Art. 6 (1) (f) GDPR.
We have no control over the specific storage period of the data processed as it is established by Google Ireland Limited. Further information is available in the privacy notice for Google Tag Manager: https://www.google.de/tagmanager/use-policy.html.
We use external scripts from cloudflare.com, a service operated by CloudFlare, Inc., 101 Townsend St., San Francisco, CA 94107. These scripts are downloaded from CloudFlare’s servers when our web pages are loaded. Your IP address is then transmitted to CloudFlare’s servers. CloudFlare also determines in this context which websites you have already visited.
YouTube Video (including DoubleClick)
We have embedded YouTube Video on our website. YouTube Video is a component of the video platform provided by YouTube, LLC, on which users can upload content, share it over the internet, and receive detailed statistics.
YouTube Video allows us to embed content from the platform on our website.
When you access this content, you establish a connection to servers owned by YouTube, LLC. As part of this process your IP address and possibly your browser data (e.g. your user agent) will be transmitted to YouTube, LLC.
The use of YouTube Video is based on your consent (Art. 6 (1) (a) GDPR)
In addition, YouTube Video connects to DoubleClick. DoubleClick is a Google brand which is primarily used to market special online marketing solutions to advertising agencies and publishers. With each impression and with clicks or other activities, DoubleClick transmits data to the DoubleClick server.
Each of these data transmissions triggers a cookie request which is sent to your browser. If the browser accepts the request, DoubleClick will place a cookie in your browser.
DoubleClick uses a cookie ID which is required for the technical process. For example, DoubleClick needs the cookie ID to display an ad in a browser. The cookie ID also allows DoubleClick to remember which ads have already been displayed in a browser to ensure that ads will not be placed multiple times. In addition, the cookie ID enables DoubleClick to track conversions. For example, conversions are recorded when a DoubleClick ad was shown to a user right before this user made a purchase on the advertiser's website using the same web browser.
DoubleClick cookies do not contain personal data, but may contain additional campaign identifiers. The purpose of campaign identifiers is to identify the campaigns you already had contact with on other websites. In the context of this service, Google receives data which is also used by Google to prepare invoices for commissions. Among other things, Google is able to determine whether you have clicked on certain links on our website. In this case your data is disclosed to DoubleClick's operator, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable privacy notice of DoubleClick by Google are available at https://policies.google.com/privacy.
We have no control over the specific storage period of the data processed as it is established by Google Ireland Limited. Further information is available in the privacy notice for Google DoubleClick and for YouTube Video: https://policies.google.com/privacy.
Transmission of personal data into Non-EU Countries
With the exception of the aforementioned transmission to CloudFlare and Google as part of using Google Maps and YouTube as well as Google-Analytics, -Tag Manager, we do not transfer any personal data to non–EU countries. The location of all servers operated and used by us is Germany.
Please note the following information with respect to possible processing of your data collected on this website in the USA:
By giving your consent to any processing of data which involves Google or other companies whose parent company is located in the USA (this includes the use of Google Analytics, for example), you are also consenting to your data being processed in the USA. This consent is required in accordance with Art. 49 (1) Sentence 1 (a) GDPR as the Court of Justice of the European Union considers the USA a country with an inadequate level of data protection based on EU standards. There is no way to exclude the possibility that your data may be processed by U.S. public authorities, for control or for monitoring purposes. Your options for legal remedies are severely limited in the USA. Where you do not give your consent to these processing activities and the related possible transmission of data to the USA, such processing will not occur.
If you want to make use of the following rights please contact our controller for the processing under the above mentioned contact data. Alternatively you can also contact our Data Protection Officer directly.
Right to information
According to Art. 15 GDPR, you have the right to request information from us if we have collected data about you. If so you may request information about this personal data and to further information mentioned in Art 15 GDPR.
Right to rectification
According to Art. 16 GDPR you have the right to demand immediate correction of incorrect personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
Right to delete
According to Art. 17 GDPR, you have the right to request the deletion of your personal data. Herose is obliged to delete personal data immediately, provided that the corresponding requirements of Art. 17 GDPR are met. For further details we refer to Art 17 GDPR.
Right to restriction
In accordance with Art. 18 GDPR, you have the right under certain conditions to demand that Herose restrict the processing of your personal data. Here, too, we refer to the details on Art. 18 GDPR
Right to transmission
According to Art. 20 GDPR, you have the right to receive the personal data which you have provided in a structured, common and machine-readable format, and you have the right to transfer this data to another responsible person without hindrance, provided the processing is based on a consent according to Article 6 paragraph 1 lit. a GDPR or Article 9 (2) lit. a GDPR which is based on a contract pursuant to Article 6 para. 1 lit. b GDPR and processing is done by using automated procedures.
Right to withdraw the consent
If you have given your consent to the processing of your data, you can revoke it at any time. Such revocation affects the admissibility of the processing of your personal data after you have given it to us.
Insofar as we base the processing of your personal data on the balancing of interests, you can file an objection to the processing. This is the case if, in particular, the processing is not required to fulfil a contract with you, as described by Herose in the description of the functions. In the event of such disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.
Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority, without prejudice to any other administrative or judicial remedy. This right shall apply, in particular, to the Member State to your place of residence, to your place of work or to the place of the alleged infringement if you consider that the processing of the personal data concerning you is contrary to the GDPR.
Changes and amendments to this data protection regulation
We reserve the right to change the security and data protection measures, especially if it is required by technical developments. In these cases, we will also, if necessary, adapt these notes on data protection accordingly. Please note always the current version of this data protection regulation.