Information on data protection regarding our processing of customer and interested party data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
Address data management
The controller for data collection is
Heidolph Instruments GmbH & Co. KG
Tel: +49 9441 68383-0
Our data protection officer, Ms Nadine Heyn, can be reached at the above address at:
We process your personally identifiable data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations.
The processing and use of your personally identifiable data serves the purpose of customer and supplier support, customer acquisition, processing of enquiries, customer surveys, the transfer of information in the form of an interest-based communication via e-mail, telephone, letter or fax, the procurement of materials, services, operating and working materials and the fulfilment of contracts.
The legal basis for the processing of your personally identifiable data is one of the following:
The following data are processed:
We process personally identifiable data which we receive from you or which you provide via our dealers within the scope of establishing contact or a contractual relationship or within the scope of pre-contractual measures.
Furthermore, we process personally identifiable data which we receive from third party. We only process this data if the data subject has consented to the transmission to third parties and processing by third parties.
Within our company, we pass on your personally identifiable data to those areas that require these data to fulfil contractual and legal obligations or to implement our legitimate interests.
In addition, the following bodies may receive your data:
Your personally identifiable data are mainly processed within the EU/EEA. Only in exceptional cases where we have a legitimate interest (e.g. cost reduction, optimisation of service, etc.) and the recipient has guaranteed an adequate level of data protection, will data be transferred to a third country or international organisation.
If necessary, we process your personally identifiable data for the duration of our business relationship; this also includes the initiation and execution of a contract.
In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), can generally be three years, but in certain cases up to thirty years.
According to the General Data Protection Regulation, you are entitled to the following rights:
If your personally identifiable data are processed, you have the right to obtain information about the data stored about you (Art. 15 GDPR).
Should incorrect personally identifiable data be processed, you have the right to rectification (Art. 16 GDPR).
If the legal requirements are met, you can request the deletion or restriction of the processing and file an objection to the processing (Art. 17, 18 and 21 GDPR).
If you have consented to the processing of your data or if there is a contract for data processing and the data processing is carried out using automated procedures, you may have the right to data transferability (Art. 20 GDPR).
If you wish to exercise any of the above rights, please contact our data protection officer (email@example.com).
You also have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection.
You have the right to object at any time to the processing of your data, which is carried out on the basis of Art. 6 para. 1 a GDPR (consent) or Art. 6 para. 1 f GDPR (data processing for the purposes of the legitimate interests pursued by the controller). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personally identifiable data, unless we can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
We may also process your personally identifiable data for direct marketing purposes. If you do not wish to receive advertising, you have the right to object to this at any time. This also applies to profiling, insofar as it is associated with such direct marketing. We will bear this objection in mind for the future.
We will no longer process your data for the purposes of direct marketing if you object to processing for these purposes.
The objection can be made informally by sending an e-mail to firstname.lastname@example.org or to the address listed under point 2.
You only need to provide the data that is necessary for the execution of a business relationship or for a pre-contractual relationship with us or that we are legally obliged to collect. This may also refer to data required later on within the scope of the business relationship. If we request additional data from you, you will be informed separately about the voluntary nature of the information.
As a matter of principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to justify, perform or implement the business relationship or for pre-contractual measures. Should we use these procedures in individual cases, we will inform you separately or obtain your consent, provided this is required by law.