Data Protection
Responsible for data processing on these websites:
Heidelberg Materials AG (in the following „we“), represented by:
Dr Dominik von Achten, Chairman
René Aldach
Dr Katharina Beumelburg
Roberto Callieri
Axel Conrads
Hakan Gurdal
Dennis Lentz
Jon Morrish
Chris Ward
Berliner Straße 6
69120 Heidelberg
Germany
Phone: +49 6221-481-0
Fax: +49 6221-481-13217
E-Mail: info@heidelbergmaterials.com
Data Protection Officer:
Berliner Straße 6
69120 Heidelberg
Germany
E-Mail: info.dataprotection@heidelbergmaterials.com
Phone: +49 6221-481-39603
1. Collection and processing of data
We collect and process personal data if you provide it to us by filling an entry form on our website or by other means, e.g. by e-mail. In addition, we collect and process data arising from your use of our website. Our data will be processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and the German Telecommunication – Telemedia-Data Protection Act (Telekommunikation-Telemedien-Datenschutzgesetz (“TTDSG”)). Personal data is all information relating to an identified or identifiable natural person. In the following we explain in detail how we collect which data on which legal basis. In addition, we will explain to you what rights you have and how long your data will be stored.
2. Processing of Data via Cookies and Logfiles
Information on the use of cookies on our website can be found in our cookie policy.
In accordance with Art. 6 para. 1 sent. 1 b) and Art. 6 para. 1 sent. 1 f) GDPR, our website also uses so-called log files, in which access data are stored each time a page is accessed. The data record saved contains the following details:
- Your IP address, the date, the time, to which the file was accessed, the status, the request made by your browser to the server, the amount of data transmitted and the webpage from which you accessed the requested page (referrer) as well as
- The product and version information of the browser used, your operating system and your country of origin.
The log data are routinely deleted after 30 days. In other words, all data contained therein is irretrievably deleted. The usage of the log-files and its temporary storage is used to ensure a proper technical performance of the websites and to protect our websites against attacks and misuse. We do not use the log data for any other purposes.
3. External links
Our website contains links to external websites. Social plugins such as the Facebook "Like" button are not used. The website protects your privacy by not directly integrating the external content into the website in these cases, but only by linking. Data can only be transmitted to the operator of the respective website when the link is activated. We are not responsible for the websites of other operators. In these cases, the data protection regulations of the other operator apply.
4. Third party provider: Etracker
We use the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. In principle, no information from your device is read or stored for this analysis. Only the browser and header information is used for analysis purposes.
Legal basis for the processing of your personal data is Art. 6 para 1 sent.1 f) GDPR. Our legitimate interest is the optimisation of our online offer and our website. You can object to the processing of your personal data by selecting the corresponding setting in our cookie banner or in your browser.
To the extent that we use analysis and optimisation cookies beyond that, we will obtain your explicit consent separately in advance via our cookie-banner. If you have consented, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.
The data generated by etracker is processed and stored exclusively in Germany on our behalf and thus is subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.
As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.
5. Processing of personal data by contacting us
If you provide us with personal data by contacting us, e.g. by email or by entering your data in one of our input forms, we process your data in accordance with Art. 6 para.1 sent. 1 b) GDPR for the purpose of fulfilling the contract or for the implementation of pre-contractual measures which take place on your request or in accordance with Art. 6 para. 1 sent. 1 f) GDPR on the basis of our legitimate interest in answering your request. We process your data only for the purpose of processing your specific request. This may also include forwarding to an affiliated company if this is necessary to respond to your request. We do not use your data beyond these purposes.
After each filling out and submitting an input form available on our website - with the exception of forms from third-party providers - you will receive an email that gives you an overview of which data we are processing from you, i.e. the content of the respective form, any consent or other declarations of intent.
You can also assert the rights listed in Section 10 of this data protection declaration. Requests that we have answered or forwarded and for which there is no further legal basis for storage are automatically deleted from our systems after 2 (in words: two) months. Further information on the deletion of your data can also be found in section 11 of this data protection declaration.
6. Encryption
Data you insert on our website is transmitted using SSL encryption. We protect our website and other systems by technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons.
7. Categories of recipients of personal data; data transfer to a third country
Service providers and auxiliary agents used by us in connection with the website, e.g. host providers, agencies and IT service providers may have access to your personal data. If these service providers and auxiliary agents process data on our behalf, they only act in accordance with our instructions and are contractually bound by us accordingly. This also applies to service providers which have their legal seat in a third country (outside the EU or the EEA).
In third countries, the same level of data protection may not be guaranteed as in the European Economic Area. If data is transferred to a third country, we ensure that this transfer only takes place in accordance with the statutory provisions (Chapter V GDPR). In this respect, we always orientate ourselves on the current case law and follow the applicable recommendations of authorities in order to be able to ensure that your data is protected at the same level as the GDPR.
8. Your rights
According to Art. 15 GDPR you have the right to receive information free of charge upon request about the personal data that has been stored about you. You also have the right to have incorrect data corrected and your personal data disabled and deleted in accordance with Art. 16, 17 and 18 GDPR.
Subject to conditions laid down in Art. 20 GDPR, you are also entitled to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit this data to another controller without hindrance.
In addition, you are entitled pursuant to Art. 21 para. 1 GDPR to object to the processing of your personal data on the basis of Article 6 para. 1 sent. 1 (e) or (f) GDPR including profiling, from reasons arising from your particular situation. We will fulfill your aforementioned rights, as far as the legal requirements for the assertion of the rights are given. If personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such advertising, including profiling, in so far as it is related to such direct marketing, pursuant to according to Art. 21 para. 2 GDPR.
Please direct any request regarding your personal data to our contact details mentioned at the beginning of this privacy policy or in the imprint of our website.
Every data subject has the right to lodge a complaint with a supervisory authority regarding the alleged infringement.
9. Duration of data storage and routine deletion
Unless explicitly stated above we process and store personal data only for the period, which is required to achieve the processing purpose or as long and to the extent as statutory laws require us to process and/or store such data.
If the purpose of processing no longer applies or if the applicable statutory retention requirement expires, we will as a matter of routine erase data or restrict the processing of data in accordance with the applicable statutory laws.
© Heidelberg Materials AG, Heidelberg. All rights reserved.