It is very important for us to ensure protection of your personal data as regards the collection, processing and use of such data when you visit our homepage.
We would like to take this opportunity below to inform you of the fact that we will ask you for personal data and store and process such data electronically, along with how this will be done as well.
Personal data is information that identifies you. This includes information, such as your name, address, telephone number or email address, but also data such as your place of residence, IP address or bank details. You do not need to disclose personal data in order to use our website. In certain cases we may, however, require your name, address and other details in order to supply the desired goods or perform the desired services.
This shall apply in particular for sending information materials or for responding to individual queries. We shall make suitable reference in cases where personal data needs to be disclosed. Furthermore, we shall only store and process data that you have voluntarily or automatically disclosed.
Name and contact information for controller of the processing
Responsible for the processing is HEROSE GMBH Armaturen und Metalle, Elly-Heuss-Knapp-Straße 12, 23843 Bad Oldesloe
Represented by its managing directors Dipl.-Jur. Dirk M. Zschalich, MBE and Dr. Jens Silligmüller, tel: +49 (0) 4531/509-0, fax: +49 (0) 4531/509-120 or e-mail: firstname.lastname@example.org
Data Protection Officer
Our external operational Data Protection Officer ensures a professional data privacy approach. We are advised by Mauß Datenschutz.
If you have any queries regarding data privacy, please feel free to get in touch using one of the following options:
Telephone: 040 / 999 99 52-0
Processing of your IP address by the web server
Services on the Internet can only be used from a technical perspective if your IP address is disclosed. This is processed by the web servers delivering the websites in question. Your IP address is stored together with other, non-identifiable information in technical protocol files, known as log files. We shall only use these files in order to be able to analyse the reason and impact in situations where a fault arises. The log files are deleted on a weekly basis. Non-identifiable information includes i.a. the following:
- the names and size (Bytes) of the web pages you have visited
- the name of the browser you are using
- the name and version of your operating system
- the device type of your computer (or mobile telephone or tablet)
- date and time of access
- any search engines used via which you have reached our website
- the names and size (Bytes) of any downloaded files
- user agent (Browser)
Apart from this processing by the web server, we shall only use or store your IP address in anonymous form (for more information on this see Google Analytics section). The legal basis for the storage is Art 6 no 1 lit f) GDPR, our legitimate interest in investigating technical errors and correcting them.
All data entered by you on this website is transmitted to us in an encrypted manner, so that they are protected from being viewed by third parties.
Furthermore, all of our web pages are SSL-encrypted, therefore it is highly unlikely that the content you read can also be read by third parties. We use state-of-the-art encryption methods for this process.Nevertheless, please refrain from sending us personal (or non-personal) medical data, for example, or other sensitive information via our website.
Contact forms and business contact
If you are using our contact form to send us messages or contact us as a prospective customer, supplier, service provider or other business partner, we use the transmitted personal data, such as contact details or correspondence, to the extent necessary to process your request. Legal basis for our interest to answer your request is Art. 6 no. 1 lit. b) GDPR, or for other purposes to which you have given your consent (legal basis Art. 6 no. 1 lit. a) GDPR and which are described in this data protection declaration. Your data will be erased as soon as it is no longer required for the purpose for which it was collected. If we are legally obliged to store the data for a longer period, the data will be erased after this period has expired.
The same applies if you are an employee of a prospective customer, supplier, service provider or other business partner and we receive your personal data in this context; the legal basis in this case is our legitimate interest in initiating or conducting the business relationship with your employer (Art. 6 no. 1 lit. f) GDPR).
Usual contact in the course of business (e.g. trade fair)
In the usual course of business, situations may arise in which a notice pursuant to Art.13 and Art. 14 GDPR cannot usually be given. These are mainly such cases as the spontaneous business contact data exchange at trade fairs, events, business meals or other official activities, e.g. through the exchange of business cards or even the initial contact by us or by you with business content.
We regularly collect the following data from you in such situations: Contact data, such as your name, address, e-mail or telephone number, data on your company, such as address, e-mail, business field, job description, title, data on your input/inquiry, such as content, time of inquiry and means of communication.
This data is processed for storage in our contact databases in the context of business activities and customer data management for the purpose of resuming contact and/or processing your request and further handling.
The processing of your data for these purposes is based on our legitimate interest pursuant to Art. 6 no. 1 lit. f) GDPR. Our legitimate interest is the establishment of contact for a possible business initiation with you, the resumption of contact and / or processing your request and further handling. If you have any questions about the balance of interests, you can always contact one of the contacts mentioned under Name and contact information for controller of the processing.
With respect to our newsletter, we need your e-mail address to send you the newsletter. We welcome any additional data, such as your first and last name, because then we will be able to personally address you, but the only information required is your e-mail address.
The information you provide in the context of subscribing to the newsletter will only be used to send you the newsletter. You may unsubscribe from our newsletter with future effect at any time free of charge.
The information you enter in our registration form is transmitted to us in encrypted form, which means it is protected against access by third parties.
The newsletter, which is sent by e-mail, contains references in graphics that are loaded by our servers when the newsletter is opened from your e-mail programme. Based on this loading activity we can see whether and when you opened the newsletter. Clicking on the “continue...” link in the newsletter will open the respective article in your browser. We also process information on the opening of newsletter articles in the browser.
We use this usage data to evaluate the readers’ interest in the individual articles. If you want to ensure that we cannot specifically allocate usage data to you, you should not provide a name (or provide an alias) when you subscribe to the newsletter and use an e-mail address without any information that identifies you. We do not create a profile or, in particular, combine the information with additional personal or usage data, though.
You have the right to withdraw your consent (Art. 7 no. 3 GDPR). We store and process your personal data until you unsubscribe from the newsletter (“Unsubscribe”). When you unsubscribe from the newsletter, your personal data (in particular the personal data you provided when you subscribed to it) will be deleted. We will permanently store usage data regarding the newsletter in anonymous form. Legal basis for the processing is Art 6 no 1 lit. a GDPR. Legal basis for the anonymization and storage of the data after you have unsubscribed is Art 6 no. 1 lit. f GDPR. Our legitimate interest in this case is to be able to permanently check the success of our marketing activities and to be able to optimize them over longer periods of time and to have a complete database at our disposal.
General data collection when calling up our jobs page
When you use the jobs page for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. This data is technically necessary for us to display our website to you and to ensure stability and security (legal basis is the provision of our service according to Art. 6 para. 1 p. 1 lit. f DSGVO).
For technical reasons, these are stored by default as so-called log files (log files).
Applications via our career portal
You can apply for vacant positions or send us an unsolicited application via the careers portal on our website. For the career portal of our website, we use the applicant management tool Haufe Umantis.
In the operation of our career portal, we use an applicant management tool - "Umantis"-, a cloud-based software for talent management (basis) packages applicants of Haufe-Lexware GmbH & Co. KG a company of the Haufe Group SE, Munzinger Straße 9, 79111 Freiburg (hereinafter "Haufe").
We have concluded an order processing agreement with Haufe for the use of Umantis in accordance with Art. 28 DSGVO.
Therefore, if you are interested and open one of our job advertisements, you will automatically be redirected to our Umantis website. We use a so-called frame for the transmission of your data. This means that Umantis is embedded directly in our careers website and you as a user may not notice the transition directly, as our Umantis website also has the HEROSE design. You can recognise this by the fact that the URL starts with "recruitingapp-5404.en.umantis.com".
If you would like to apply via our career portal, you must first register (user account). Personal data that must be provided is marked as mandatory in the respective registration form, any additional information is voluntary.
Your online application via our career portal will be transferred directly to Umantis via an encrypted connection and thus forwarded to the HR department and, of course, treated confidentially. Please note that unencrypted e-mails will not be transmitted in an access-protected manner. In the case of a postal application, the data may be collected and entered into the tool by the HR department.
If you apply with us, your IP address will be recorded by Haufe for troubleshooting and security checks.
Haufe records your IP address for troubleshooting and security checks and deletes it after 12 months without leaving any residue.
You can of course also view our website without cookies. If you do not wish us to recognise your computer, you can prevent cookies from being saved on your hard drive by choosing “do not accept cookies” in your browser preferences. You should consult the instructions of your browser’s developer to find out how this works in individual cases.
You can find information how to change the Cookie settings for some of the usual browsers on the following websites:
- Google Chrome
- Internet Explorer https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Firefox (https://support.mozilla.org/en-US/kb/enable-or-disable-cookies-firefox-android)
- Safari (https://support.apple.com/en-gb/guide/safari/sfri11471/mac)
Legal basis for the use of Google Fonts is Art 6 lit f GDPR. Our legitimate interest is based on the technical secure operation of our website
Usercentrics Consent Management Platform
This is a consent management service from
Sendlinger Str. 7, 80331 Munich, Germany
Data processing purposes
Compliance with legal obligations
Storage of consent
Anonymized IP address
Opt-in and opt-out data
Date and time of visit
Art. 6 para. 1 sentence 1 lit. c GDPR
Place of processing
European Union (consent database is in Belgium)
Duration for saving the data
The consent data (given consent and withdrawal of consent) will be kept for three years. Data is exported after the contract has ended.
Data protection officer
Further information and opt-out
Click here to read the data processor's data protection regulations: https://usercentrics.com/privacy-policy/
Cookies of third parties
As part of the use of Google products, Google stores a cookie called NID in your browser. This is according to Google for recognition and to show you tailored advertising in Google offers. The relevant data protection conditions can be found under: https://policies.google.com/technologies/types?hl=en-US
We use Google Analytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical analysis of our website. Among other things, it includes the number of times our website is accessed, the individual pages users visited and their dwell time.
This information is also used to compile reports about activities on the website.
We process data using Google Analytics for the purpose of optimising our website and for marketing purposes based on your consent in accordance with Art. 6 (1) (a) GDPR.
We have no control over the specific storage period of the data processed as it is established by Google Ireland Limited. Further information is available in the privacy notice for Google Analytics: https://policies.google.com/privacy.
Google Tag Manager
We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through an interface and enables us to control the specific integration of services on our website
This allows us to flexibly integrate additional services in order to analyse how users access our website.
The use of Google Tag Manager is based on our legitimate interests, i.e. the interest in the optimisation of our services, in accordance with Art. 6 (1) (f) GDPR.
We have no control over the specific storage period of the data processed as it is established by Google Ireland Limited. Further information is available in the privacy notice for Google Tag Manager: https://www.google.de/tagmanager/use-policy.html.
YouTube Video (including DoubleClick)
We have embedded YouTube Video on our website. YouTube Video is a component of the video platform provided by YouTube, LLC, on which users can upload content, share it over the internet, and receive detailed statistics.
YouTube Video allows us to embed content from the platform on our website.
When you access this content, you establish a connection to servers owned by YouTube, LLC. As part of this process your IP address and possibly your browser data (e.g. your user agent) will be transmitted to YouTube, LLC.
The use of YouTube Video is based on your consent (Art. 6 (1) (a) GDPR)
In addition, YouTube Video connects to DoubleClick. DoubleClick is a Google brand which is primarily used to market special online marketing solutions to advertising agencies and publishers. With each impression and with clicks or other activities, DoubleClick transmits data to the DoubleClick server.
Each of these data transmissions triggers a cookie request which is sent to your browser. If the browser accepts the request, DoubleClick will place a cookie in your browser.
DoubleClick uses a cookie ID which is required for the technical process. For example, DoubleClick needs the cookie ID to display an ad in a browser. The cookie ID also allows DoubleClick to remember which ads have already been displayed in a browser to ensure that ads will not be placed multiple times. In addition, the cookie ID enables DoubleClick to track conversions. For example, conversions are recorded when a DoubleClick ad was shown to a user right before this user made a purchase on the advertiser's website using the same web browser.
DoubleClick cookies do not contain personal data, but may contain additional campaign identifiers. The purpose of campaign identifiers is to identify the campaigns you already had contact with on other websites. In the context of this service, Google receives data which is also used by Google to prepare invoices for commissions. Among other things, Google is able to determine whether you have clicked on certain links on our website. In this case your data is disclosed to DoubleClick's operator, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable privacy notice of DoubleClick by Google are available at https://policies.google.com/privacy.
We have no control over the specific storage period of the data processed as it is established by Google Ireland Limited. Further information is available in the privacy notice for Google DoubleClick and for YouTube Video: https://policies.google.com/privacy.
Transmission of personal data to third parties and to countries outside the EEA
We transmit personal data to third parties only to the extent that this is necessary for the provision of our service or is required by law. Within the scope of the purposes stated here, personal data is forwarded to service providers who work for us and support us in particular in the provision of services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound by further contractual data protection requirements. This includes in particular a data processing agreement according to Art. 28 GDPR.
We will only pass on your data to state authorities within the scope of legal obligations or on the basis of an official order or court decision and only to the extent that this is permitted under data protection law.
With the exception of the aforementioned transmission to Google as part of using YouTube as well as Google-Analytics, -Tag Manager and to Salesforce.com Inc. in the context of our customer data management, we do not transfer any personal data to non–EU countries. The location of all servers operated and used by us is Germany.
Please note the following information with respect to possible processing of your data collected on this website in the USA:
By giving your consent to any processing of data which involves Google or other companies whose parent company is located in the USA (this includes the use of Google Analytics, for example), you are also consenting to your data being processed in the USA. This consent is required in accordance with Art. 49 (1) Sentence 1 (a) GDPR as the Court of Justice of the European Union considers the USA a country with an inadequate level of data protection based on EU standards. There is no way to exclude the possibility that your data may be processed by U.S. public authorities, for control or for monitoring purposes. Your options for legal remedies are severely limited in the USA. Where you do not give your consent to these processing activities and the related possible transmission of data to the USA, such processing will not occur. Salesforce.com Inc. is committed to data protection compliance under Binding Corporate Rules. In addition, we encrypt personal data with a key that is managed by us or by a trustee based in the EEA that we use.
If you want to make use of the following rights please contact our controller for the processing under the above mentioned contact data. Alternatively you can also contact our Data Protection Officer directly.
Right to information
According to Art. 15 GDPR, you have the right to request information from us if we have collected data about you. If so you may request information about this personal data and to further information mentioned in Art 15 GDPR.
Right to rectification
According to Art. 16 GDPR you have the right to demand immediate correction of incorrect personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
Right to delete
According to Art. 17 GDPR, you have the right to request the deletion of your personal data. HEROSE is obliged to delete personal data immediately, provided that the corresponding requirements of Art. 17 GDPR are met. For further details we refer to Art 17 GDPR.
Right to restriction
In accordance with Art. 18 GDPR, you have the right under certain conditions to demand that HEROSE restrict the processing of your personal data. Here, too, we refer to the details on Art. 18 GDPR
Right to transmission
According to Art. 20 GDPR, you have the right to receive the personal data which you have provided in a structured, common and machine-readable format, and you have the right to transfer this data to another responsible person without hindrance, provided the processing is based on a consent according to Article 6 paragraph 1 lit. a GDPR or Article 9 (2) lit. a GDPR which is based on a contract pursuant to Article 6 para. 1 lit. b GDPR and processing is done by using automated procedures.
Right to withdraw the consent
If you have given your consent to the processing of your data, you can revoke it at any time. Such revocation affects the admissibility of the processing of your personal data after you have given it to us.
Insofar as we base the processing of your personal data on the balancing of interests, you can file an objection to the processing. This is the case if, in particular, the processing is not required to fulfil a contract with you, as described by Herose in the description of the functions. In the event of such disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.
Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority, without prejudice to any other administrative or judicial remedy. This right shall apply, in particular, to the Member State to your place of residence, to your place of work or to the place of the alleged infringement if you consider that the processing of the personal data concerning you is contrary to the GDPR.
Changes and amendments to this data protection regulation
We reserve the right to change the security and data protection measures, especially if it is required by technical developments. In these cases, we will also, if necessary, adapt these notes on data protection accordingly. Please note always the current version of this data protection regulation.