Website Data Protection Notice

This Website Data Protection Notice describes how HeiScreen GmbH, Im Neuenheimer Feld 672, 69120 Heidelberg ("HeiScreen" or "we" or "us" or "our") as controller processes the personal data and other information of the users ("you" or "your") in particular within the meaning of the General Data Protection Regulation ("GDPR") when using the website [heiscreen.de] ("Website").

1. Categories of personal data, processing purposes, legal basis and source

1.1 Personal Data actively provided by you:

If you create a user account on our Website, you will be asked to provide the following personal data about you: Name, postal address, email address, selected password. HeiScreen processes such personal data for the purpose of providing our services to you. Providing such personal data is voluntary. However, without providing such personal data, you will not be able to create a user account. The legal basis for the processing of such personal data is the contract on the use of the Website concluded with you (Art. 6 (1) lit. b GDPR).

1.2 Other passively collected information:

In addition to the personal data that you actively provide, the Website may automatically collect, process and store certain information on a pseudonymous basis from you:

The legal basis for this purpose are our legitimate interests (Art. 6 (1) lit. f GDPR) which are the following: to monitor and maintain the performance of the Website and to analyze trends, usage and activities in connection with our Website. More information on the balancing test is available upon request.

2. Recipients

2.1 Transfer to service providers

HeiScreen may engage external service providers, who act as a data processor of HeiScreen, to provide certain services to HeiScreen such as website service providers, marketing service providers or IT support service providers. When providing such services, the external service providers may have access to and/or may process your personal data.

Those external service providers will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data and to process the personal data only as instructed.

2.2 Other recipients

HeiScreen may also transfer your personal data to law enforcement agencies, governmental authorities, legal counsel and external consultants in compliance with applicable data protection law. The legal basis for such processing is compliance with a legal obligation to which the HeiScreen is subject to or are legitimate interests, such as exercise or defense of legal claims. More information on the balancing test is available upon request.

2.3 International transfers of Personal Data

The personal data that we collect or receive about you may be transferred to and processed by recipients which are located inside or outside the European Economic Area ("EEA") and which do not provide for an adequate level of data protection. The countries that are recognized to provide for an adequate level of data protection from an EU law perspective (Art. 45 GDPR) are Andorra, Argentina, Canada, Switzerland, Faeroe Islands, Guernsey, the State of Israel, Isle of Man, Jersey, New Zealand, the Eastern Republic of Uruguay and Japan. Recipients in the US may partially be certified under the EU-U.S. Privacy Shield and thereby deemed to provide for an adequate level of data protection from an EU law perspective (Art. 45 GDPR). To the extent your personal data are transferred to countries that do not provide for an adequate level of data protection from an EU law perspective, we will base the respective transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission (Art. 46 (2) GDPR). You can ask for a copy of such appropriate safeguards by contacting us as set out in Section 5. The access is limited to recipients with a need to know.

3. What rights do you have and how can you assert your rights?

If you have declared your consent for any personal data processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.

Pursuant to applicable data protection law you may have the right to: request access to your personal data, request rectification of your personal data; request erasure of your personal data, request restriction of processing of your personal data; request data portability, and object to the processing of your personal data. Please note that these aforementioned rights might be limited under the applicable national data protection law. For further information on these rights please refer to the Exhibit Your Rights.

You also have the right to lodge a complaint with a data protection supervisory authority. To exercise your rights please contact us as stated in Section 5.

4. How long do we keep your Personal Data?

Your personal data will be retained as long as necessary to provide you with the services requested. When HeiScreen no longer needs to use your personal data to comply with contractual or statutory obligations, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it, unless we need to keep your information, including personal data, to comply with legal or regulatory obligations to which HeiScreen is subject, e.g. statutory retention periods which can result from e.g. Commercial Code, Tax Code and usually contain retention periods from 6 to 10 years, or if we need it to preserve evidence within the statutes of limitation, which is usually three years but can be up to thirty years.

5. Cookies

When you use our website, we may send one or more cookies – small text files containing a string of alphanumeric characters – to your device. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits of our website. Your web browser may provide you with some options regarding cookies. Please note that if you delete, or choose not to accept, cookies, you may not be able to utilize the features of the services provided via our website to their fullest potential. We may use third party cookies in connection with the services provided via our website as well.

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google").

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

Google will use this information on behalf of the operator of this website for the purpose of profiling by evaluating your use of the website, compiling reports on website activity for the website operator and providing the website operator with other services relating to website activity and internet usage. For more information on how Google uses your data when you use this website please visit: https://www.google.com/intl/en/policies/privacy/partners/

The following personal data is collected and processed with Google Analytics: IP address (is truncated)

The IP address is truncated as IP-anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there.

The IP-address, that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google.

The following third party cookies are used in connection with Google Analytics:

More detailed information on the cookies provided by Google can be found under: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: https://tools.google.com/dlpage/gaoptout?hl=en-GB

The cookies have a lifespan of up to two years:

_gat: 1 mins

_ga: 2 years

_gid: 24 hours

AMP_TOKEN: 30 seconds to 1 year

_gac_<property-id>: 90 days

_utma: 2 years from set/update

__utmb: 30 mins from set/update

__utmc: end of browser session

__utmt: 10 mins

__utmt_b: 30 mins from set/update

__utmz : 6 months

Your personal data collected by Google Analytics will be transferred to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The personal data will be, thus, processed by recipients which are located outside the EEA and which do not provide for an adequate level of data protection. In the absence of an adequacy decision of the European Commission appropriate safeguards are in place with the recipient (i.e. Google is certified under the EU-U.S. Privacy Shield).

6. Contact us

If you have concerns or questions regarding this Website Data Protection Notice, please contact us as follows:

HeiScreen GmbH

Im Neuenheimer Feld 672

69120 Heidelberg

[info@heiscreen.de].

The contact details of our data protection officer are as follows:

Theo Özen [theo.oezen@heiscreen.de]

HeiScreen GmbH

Im Neuenheimer Feld 672

69120 Heidelberg

Exhibit

Your Rights

1. Right of access

You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access. The right of access is limited pursuant to Section 34 FDPA. The right of access does e.g. not apply if the data (a) were recorded only because they may not be erased due to legal or statutory provisions on retention, or (b) only serve the purposes of monitoring data protection or safeguarding data, and providing information would require a disproportionate effort, and appropriate technical and organizational measures make processing for other purposes impossible.

You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.

2. Right to rectification

You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to erasure ("right to be forgotten")

Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data. Such right to erasure does pursuant to Section 35 FDPA, for instance, not apply if in the case of a non-automated processing erasure would be impossible or would involve disproportionate effort due to the specific mode of storage and if your interest in erasure can be regarded as minimal. In such case, you may have the right to restriction of processing.

4. Right to restriction of processing

Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes.

5. Right to data portability

Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.


6. Right to object

Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data.

Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us.


This Website is using Cookies. 
If you proceed browsing, 
we assume you agree to that.