Privacy policy

Preamble

Personal data (hereinafter mostly referred to as “data”) is processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

According to Article 4(1) of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following privacy policy, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we decide either alone or together with others on the purposes and means of processing. In addition, we inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as the controller
II. Rights of users and data subjects
III. Information on data processing

I. Information about us as the responsible party
The responsible party is the provider of this website in terms of data protection law:

Heine Warnecke Design GmbH
Haeckelstraße 11
30173 Hannover
Hanover Local Court HRB 200026
Managing Director Dirk Heine
Phone +49 511 878136-0
E-mail hello@heinewarnecke.com

II. rights of users and data subjects
With regard to the data processing described in more detail below, users and data subjects have the right to

  • to confirmation as to whether data concerning them is being processed, to information about the processed data, to further information about the data processing and to copies of the data (cf. also Art. 15 GDPR);
  • to rectification or completion of incorrect or incomplete data (see also Art. 16 GDPR);
  • to the immediate erasure of the data concerning them (see also Art. 17 GDPR) or, alternatively, if further processing is required in accordance with Art. 17 (3) GDPR, to the restriction of processing in accordance with Art. 18 GDPR;
  • to receive the data concerning them and provided by them and to transfer this data to other providers/controllers (cf. also Art. 20 GDPR);
  • to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection regulations (see also Art. 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider of any rectification or erasure of data or restriction of processing carried out on the basis of Articles 16, 17 (1), 18 GDPR. However, this obligation does not apply if this notification is impossible or involves a disproportionate effort. Notwithstanding this, the user has a right to information about these recipients.

Users and data subjects also have the right to object to the future processing of data concerning them in accordance with Art. 21 GDPR, provided that the data is processed by the provider in accordance with Art. 6 para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permitted.

III. Information on data processing
Your data processed when using our website will be deleted or blocked as soon as the purpose of storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information on individual processing procedures is provided below.

Server data

For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted to us or to our web space provider by your Internet browser. With these so-called server log files, the type and version of your Internet browser, the operating system, the website from which you have switched to our Internet presence (referrer URL), the website(s) of our Internet presence that you visit, the date and time of the respective access and the IP address of the Internet connection from which the use of our Internet presence takes place are collected, among other things.

The data collected in this way is stored temporarily, but not together with other data about you.

This storage takes place on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.
The data will be deleted after seven days at the latest, unless further storage is required for evidentiary purposes. Otherwise, the data is excluded from deletion in whole or in part until an incident has been finally clarified.

Cookies

a) Session cookies/session cookies

We use so-called cookies on our website. Cookies are small text files or other storage technologies that are placed and stored on your end device by the Internet browser you use. These cookies process certain information from you, such as your browser or location data or your IP address, to an individual extent.

This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our website in different languages or the offer of a shopping cart function.
The legal basis for this processing is Art. 6 para. 1 lit. b.) GDPR, insofar as these cookies process data for contract initiation or contract processing.

If the processing does not serve to initiate or execute a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 para. 1 lit. f) GDPR.

These session cookies are deleted when you close your Internet browser.

b) Third-party cookies

Our website may also use cookies from partner companies with whom we cooperate for the purpose of advertising, analysis or the functionalities of our website.
Please refer to the following information for details, in particular on the purposes and legal basis for processing such third-party cookies.

c) Possibility of elimination

You can prevent or restrict the installation of cookies by changing the settings of your Internet browser. You can also delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called Flash cookies, however, processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please also use the help function or documentation of your Flash player or contact the manufacturer or user support.
However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.

Contract processing

The data transmitted by you to make use of our range of services is processed by us for the purpose of processing the contract and is necessary in this respect. Conclusion and execution of the contract are not possible without the provision of your data.

The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

We delete the data once the contract has been fully processed, but must observe the retention periods under tax and commercial law.

As part of the contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes.

The legal basis for the transfer of data is then Art. 6 para. 1 lit. b) GDPR.

Contact by e-mail / fax / post

When contacting us by fax, post or e-mail, the user’s details are processed for the purpose of handling the contact request.

The legal basis for the processing of data transmitted in the course of sending an e-mail, letter or fax is Art. 6 para. 1 sentence 1 lit. f) GDPR. The controller has a legitimate interest in the processing and storage of the data in order to be able to answer user inquiries by email, letter or fax, to preserve evidence for liability reasons and, if necessary, to comply with its statutory retention obligations for business letters. If the e-mail / post / fax contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.

User data may be stored in our Customer Relationship Management System (“CRM System”) or comparable inquiry organization.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, post or fax, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Exceptions to this are statutory archiving obligations, in which case the deletion takes place after their expiry: end of commercial law (6 years) and tax law (10 years) retention obligation.

You have the option to revoke your consent to the processing of personal data at any time in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. If you contact us by email, you can object to the storage of your personal data at any time.

Contact by telephone

When contacting us by telephone, the user’s telephone number is processed and temporarily stored or displayed in the RAM / cache of the telephone device / display in order to process the contact request and its handling. The storage takes place for liability and security reasons in order to be able to provide proof of the call and for economic reasons in order to enable a callback. In the event of unauthorized advertising calls, we block the phone numbers.

The legal basis for the processing of the telephone number is Art. 6 para. 1 sentence 1 lit. f) GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

The device cache stores the calls for 30 days and successively overwrites or deletes old data; when the device is disposed of, all data is deleted and the memory may be destroyed. Blocked telephone numbers are checked annually to see whether they need to be blocked.

You can prevent the telephone number from being displayed by calling with the telephone number suppressed by default.

Use of social media

We maintain profiles on social networks such as Facebook, Twitter, Instagram and Xing in order to communicate with the users connected and registered there and to provide information about our offers and services. The US providers are certified according to the so-called Privacy Shield and are therefore obliged to comply with European data protection. When you use and access our profile on the respective network, the respective data protection notices and terms of use of the respective network apply.
We process the data you send us via these networks in order to communicate with you and to reply to your messages there.
The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external presentation for the purpose of advertising in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.
You can find the data protection notices and opt-out options of the respective networks here:


Google Maps

We use Google Maps on our website to display our location and to provide directions. This is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Through certification in accordance with the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.

In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.
If you access the Google Maps component integrated into our website, Google stores a cookie on your device via your Internet browser. Your user settings and data are processed in order to display our location and create directions. We cannot rule out the possibility that Google uses servers in the USA.

The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in optimizing the functionality of our website.

The connection to Google established in this way enables Google to determine from which website your request was sent and to which IP address the directions are to be transmitted.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under “Cookies”.

In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=de and the Terms and Conditions for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.

In addition, Google offers further information at
https://adssettings.google.com/authenticated
https://policies.google.com/privacy
.

Google Fonts

We use Google Fonts on our website to display external fonts. This is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.
Through certification in accordance with the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.

In order to enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization and economic operation of our website.
Through the connection to Google established when you visit our website, Google can determine from which website your request has been sent and to which IP address the display of the font is to be transmitted.

Google offers further information at
https://adssettings.google.com/authenticated
https://policies.google.com/privacy
, in particular on the options for preventing the use of data.

YouTube

We use YouTube on our website. This is a video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as “Google”.

Through certification in accordance with the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active, Google, and therefore also its subsidiary YouTube, guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.

We use YouTube in connection with the “extended data protection mode” function in order to be able to show you videos. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the “extended data protection mode” function means that the data described in more detail below is only transmitted to the YouTube server when you actually start a video.

Without this “extended data protection”, a connection to the YouTube server in the USA is established as soon as you access one of our Internet pages on which a YouTube video is embedded.

This connection is necessary in order to be able to display the respective video on our website via your internet browser. In the course of this, YouTube will at least record and process your IP address, the date and time and the website you have visited. In addition, a connection to Google’s “DoubleClick” advertising network will be established.
If you are logged in to YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For the purpose of functionality and analysis of user behavior, YouTube permanently stores cookies on your end device via your Internet browser. If you do not agree to this processing, you have the option of preventing the storage of cookies by changing the settings in your Internet browser. You can find more information on this above under “Cookies”.

Google provides further information about the collection and use of data as well as your rights and protection options in this regard in the data protection information available at https://policies.google.com/privacy.

Data protection for applications and in the application process

Applications sent to the controller electronically or by post will be processed electronically or manually for the purpose of handling the application process, and we expressly point out that application documents with “special categories of personal data” in accordance with Art. 9 GDPR (e.g. a photo that gives conclusions about your ethnic origin, religion or marital status), with the exception of any severe disability that you wish to disclose of your own free will, are undesirable. You should submit your application without this data. This will have no effect on your chances of applying. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR and § 26 BDSG n.F. If an employment relationship is entered into with the applicant after completion of the application process, the applicant data will be stored in compliance with the relevant data protection regulations. If you are not offered a position after completion of the application process, your submitted application letter and documents will be deleted 6 months after the rejection is sent in order to be able to meet any claims and obligations to provide evidence under the AGG.

Source: Sample data protection declaration of the law firm Weiß & Partner and JuraForum.de