The responsible person within the meaning of basic data protection regulation, other data protection laws valid in the member states of the European Union, and other regulations of a data protection legal nature is:
Wilhelm Heckel GmbH
Stettiner Str. 7
Tel.: +49 (0)611 661 82
The data protection officer responsible for data control is:
Wilhelm Heckel GmbH
Stettiner Str. 7
Tel.: +49 (0)611 661 82
We use an internet service provider to provide our online presence, the website is stored on their server (hosting) and makes our site available on the internet. Here, the internet service provider processes, on our behalf, contact data, content data, contract data, usage data and inventory data, as well as meta and communication data. The legal basis for the processing described above is our legitimate interest in an efficient and secure provision of our online offer, Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (order processing contract).
If you only use our website for informational purposes, our internet service provider only collects personal data that the browser you used transmits to its server. This is the following data:
- The date and time of accessing our website
- The time-zone difference, based on Greenwich Mean Time (GMT)
- The access status (HTTP Status)
- The transferred amount of data
- The Internet service provider of the accessing system
- The browser type and version you are using
- The operating system you are using
- The website from which you came to our website
- The pages or subpages that you visit on our website
This data is stored as log files on the servers of our Internet service provider. This is necessary in order to correctly deliver and optimise the content of our website, to ensure the continued functioning of our computer systems and the technology of our website, and to provide law enforcement authorities with the information necessary in the event of a cyberattack. When using this general data and information, we draw no conclusions about the person concerned. The above data for the provision of our website is stored for a period of 7 days and then deleted. Since the processing of the above data is absolutely necessary for the provision of our internet presence, there is no right of objection. The legal basis for this is Art. 6 (1) (1) (f) GDPR.
The webhosting service provider we use is 1&1 Telecommunication SE, Elgendrofer Str. 57, 56410 Montabaur, Germany. Detailed information about the data protection of 1&1 can be found here: https://www.1und1.de/Datenschutz.
On our website, we offer you the opportunity to contact us via e-mail, telephone, social media and/ or via a contact form. In this case, the personal data you have voluntarily submitted will be stored for the purpose of processing, and contacting you. The data transfer takes place via an encrypted SSL connection. Transfer of details to third parties does not take place. A comparison of the data collected with data that may be collected by other components of our site, does not take place either. The data is deleted as soon as it is no longer necessary for the purpose of its processing. At any time, you have the right to object to the use of your data for the purpose of contacting you.
You may make enquiries regarding the collection, processing or use of your personal data and its correction, blocking or deletion at any time, or revoke previously given consent. We point out that you are entitled to a correction of incorrect data or the deletion of personal data providing this is not prevented by any legal requirements. We process and store personal information only for the period necessary to meet the purpose of the storage and if required by European directives or other legislators, or any regulations to which we are subject. If the reason for storage is omitted or if a storage period prescribed by the European directives and regulations or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with statutory provisions.
According to the GDPR, you have the following rights, which you can assert at any time, in the processing of personal data.
You have the right to receive information from the person responsible for the personal data stored about you, and a copy of this data. You are also entitled to the following information:
- The purpose of processing
- The categories of personal data being processed
- The recipients, or categories of recipients, to whom the personal data has been disclosed or is yet to be disclosed, in particular to recipients in third countries or international organisations
- Where possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
- The right of correction or erasure of your personal data or restriction of processing by the controller or a right to object to such processing
- The existence of a right of appeal to a regulatory body
- All available information about the origin of the data, if the personal data has not been collected from you
- The existence of automated decision making including profiling
You also have the right to know whether personal data has been transmitted to a third country or to an international organisation. If this is the case, you are otherwise entitled to receive information about the appropriate guarantees in connection with the transfer of data.
You have the right to demand the immediate correction of any incorrect personal data concerning you. You also have the right, under consideration of the purposes of processing, to request the completion of incomplete personal data, including by means of a supplementary statement.
You have the right to demand from the controller that the personal data concerning you be deleted immediately, if one of the following applies and if it is not required for processing:
- The personal data was collected for such purposes or processed in some other way, for which it is no longer necessary.
- You revoke your consent, on which the processing was based in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
- In accordance with Art. 21 (1) GDPR, you object to the processing and there are no prior legitimate reasons for processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary for compliance with a legal obligation under the law of the Union of Member States, to which we are subject.
- The personal data was collected in relation to information services offered in accordance with Art. 8 (1) GDPR.
If the personal data has been made public by us, and if our company is obliged to delete the personal data as the person responsible pursuant to Art. 17 (1) GDPR, we will take appropriate measures, including technical ones, while taking into account the available technology and the implementation costs, to notify other data controllers who process the published personal data, that you have requested the deletion of all links to such personal data or copies or replications of such personal data from these other data controllers, unless the processing is necessary.
You have the right to require the controller to restrict processing if one of the following conditions is met:
- The accuracy of your personal data is contested by you for a period of time that enables the person responsible to verify the accuracy of your personal data.
- The processing is unlawful, you reject the deletion of personal data, and require instead the restriction of the use of personal data.
- The controller no longer needs the personal data for processing purposes, but you need it to assert, exercise, or defend legal claims.
- You have filed an objection against the processing pursuant to Art. 21 (1) GPDR and it has not yet been determined whether the legitimate reasons of responsibility outweigh yours.
You have the right to receive your personal data that you provided to a responsible person in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, and the processing is carried out using automated procedures and provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the data controller. Furthermore, in exercising your right to data portability pursuant to Art. 20 (1) GDPR, you have the right to obtain that the personal data be transmitted directly from one data controller to another, insofar as this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.
You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data concerning you pursuant to Art. 6 (1) (e) or (f) GDPR. In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims. If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising. If you object to us processing personal data for direct marketing purposes, we will no longer process the personal data for this purpose. In addition, you have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to fulfil a task in the public interest.
You have the right to withdraw your consent to the processing of personal data at any time. The legality of the processing of your personal data until the revocation remains unaffected.
The person responsible collects and processes the personal data of applicants for the purpose of processing the application process. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a contact form on the website. If a contract of employment is concluded with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate, the application documents will be automatically deleted two months after decision to reject the candidate has been announced, unless deletion precludes other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
On our website we use the Google Maps component of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America, hereafter referred to as “Google”, to display our location and provide route descriptions (Art. 6 (1) (1) (f) GDPR). Each time Google Maps is used, Google places a cookie to process user settings and data when viewing the page that integrates with Google Maps.
On our website we use components of the social network LinkedIn. LinkedIn allows users to connect with existing business contacts and make new business contacts. The operating company of LinkedIn is LinkedIn Ireland Unlimited Company, Wilon Place, Dublin 2, Ireland.
Each time you call up our website, which is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser you are using to download a corresponding representation of the component from LinkedIn. As part of this technical procedure, LinkedIn receives knowledge of which specific subpage of our website is currently being visited. If you are logged in to LinkedIn and visit our website at the same time, LinkedIn recognizes which specific subpage of our website you are visiting for the entire duration of your respective stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the person concerned. If you click on a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account and stores the personal data. LinkedIn always receives information via the LinkedIn component that you have visited our website if you are simultaneously logged into LinkedIn at the time of calling up our website. This takes place regardless of whether you click on the LinkedIn component or not. If you do not want this information to be transmitted to LinkedIn, you can prevent this transmission by logging out of your LinkedIn account before accessing our website.
You can find detailed information on the data protection provisions of LinkedIn at https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy.
On our website we use components of the social network site Facebook. Facebook’s operating company is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, hereafter referred to as “Facebook”. Those responsible for the processing of personal data, if an affected person lives outside the US or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Each time you call up one of the individual pages of our website, on which a Facebook component (Facebook plug-in) is integrated, this component causes the browser you are using to download a corresponding representation of the Facebook component. Through this process, Facebook is informed about which specific subpage of our website is currently being visited. When you visit our website and at the same time you are logged in to Facebook, Facebook recognises through the information collected by the component what specific subpage you are visiting and assigns this information to your personal user account on Facebook. For instance, by clicking the “Like” button or using the comment function, this information will be transmitted to your account on Facebook and stored there. In addition, the information that you have visited our website will be forwarded to Facebook. This happens regardless of whether you click the component or not. If you do not want such a transmission of this information to Facebook, the transmission can be prevented by logging out of your Facebook user account before using our website. The data policy published by Facebook, which is available at https://www.facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. It also explains what privacy settings Facebook offers.
On our website we use components of the social network site Instagram. Instagram’s operating company is Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA, hereafter referred to as “Instagram”. Those responsible for the processing of personal data are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Each time you call up one of the individual pages of our website, on which an Instagram component (Instagram plug-in) is integrated, this component causes the browser you are using to download a corresponding representation of the Instagram component. Through this process, Instagram is informed about which specific subpage of our website is currently being visited. When you visit our website and at the same time you are logged in to Instagram, Instagram recognises through the information collected by the component what specific subpage you are visiting and assigns this information to your personal user account on Instagram. For instance, by clicking the “Like” button or using the comment function, this information will be transmitted to your account on Instagram and stored there. In addition, the information that you have visited our website will be forwarded to Instagram. This happens regardless of whether you click the component or not. If you do not want such a transmission of this information to Instagram, the transmission can be prevented by logging out of your Instagram user account before using our website. The data policy published by Instagram, which is available at https://help.instagram.com/519522125107875, provides information on the collection, processing and use of personal data by Instagram. It also explains what privacy settings Instagram offers.
On our website we use components of the social network site Twitter. The operating company of this Internet service is Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, hereinafter referred to as “Twitter”. If the Twitter component (Twitter plug-in) is stored on one of the pages you visit on our website, your internet browser downloads a presentation of the plug-in from the Twitter servers in the USA. For technical reasons, it is necessary that Twitter collects information such as your IP address, but also the date and time of visiting our website. If you are simultaneously logged in to Twitter when visiting our website, the information collected by the plug-in will be recognised by Twitter and assigned to your personal user account there. By clicking on the “Re-Tweet” button, this information will be stored in your Twitter account and, if applicable, published via Twitter’s platform. If you want to prevent this, you must either log out of Twitter before visiting our website or make the appropriate settings in your Twitter account. Further information about the collection and use of data, as well as your rights and protection options can be found on Twitter in the privacy policies available at https://twitter.com/privacy.
On our website we use components of the company YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as “Youtube”. Youtube is a subsidiary of Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA, hereinafter referred to as “Google”. Each time you visit one of the pages on our website that incorporates a Youtube component (Youtube video), this component causes the browser you are using to download a corresponding representation of the Youtube component. When you visit our website and at the same time you are logged in to Youtube, Youtube recognises which specific subpage of our website you are visiting by calling up a subpage that contains a Youtube video. This information is collected by Youtube and Google and associated with your Youtube account. This happens regardless of whether you click on a Youtube video or not. If you do not want to provide this information to Youtube and Google, you can prevent it by logging out of your Youtube account before visiting our website. The data protection regulations published by Youtube, which can be accessed at https://policies.google.com/privacy?hl=en, provide information on the collection, processing and use of personal data by Youtube and Google. Further information about Youtube can be found at https://www.youtube.com/yt/about/.
If you order goods from us with costs, payment processing can be carried out via banks and financial institutions as well as via the payment service provider Paypal. Provider of the payment service Paypal is Paypal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. When paying via Paypal, the payment data provided by you together with the information about your order (name, address, bank data such as account or credit card number, invoice amount, currency and possibly transaction number, passwords, TANs, check numbers as well as information about the concluded contract and the recipient of the payment) are transmitted to Paypal. Your data will be forwarded to the payment service provider Paypal in accordance with Art. 6 para. 1 letter b DSGVO exclusively for the purpose of payment processing. Your data will only be passed on if this is actually necessary for the processing of the payment. Detailed information on data protection at Paypal can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
For the fulfillment of the contract in accordance with Art. 6 para. 1 p. 1 letter b DSGVO, we also pass on your shipping data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.