We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Heinzmann UK Ltd.. The use of the Internet pages of Heinzmann UK Ltd. is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
As the data controller we have prepared this privacy notice to inform you in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR) about the nature, scope and purpose of the processing of personal data in relation to the services we offer on our website.
'Controller' means an organisation which is an individual; or a body corporate; or a partnership; or any other unincorporated association; or a trust which, alone or jointly with others, determines the purposes and means of the processing of personal information;
'Personal data' means any information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not;
'Processing' means any operation or set of operations which is performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
'Recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
'Domestic law' means the law of the United Kingdom or of a part of the United Kingdom.
1. The data controller
Heinzmann UK Ltd.
Stanley House, Wallis Road
Skippers Lane Industrial Estate
Middlesbrough TS6 6JB
Telephone: +44 1642 467 484
2. Contact details of the Data Protection Officer
Telephone: +49 711 4605025-40
Telefax +49 711 4605025-49
3. Legal bases
We process personal information based on at least one of the following legal bases:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 (1)(a) UK GDPR);
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) UK GDPR);
- Processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 (1)(c) UK GDPR);
- Processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 (1)(d) UK GDPR);
- Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party (Art. 6 (1)(f) UK GDPR).
4. Onward transfer of personal data
We forward personal data to recipients (data processors or other third parties) only to the extent required and only if one of the subsequent conditions are met:
- The data subject has consented to the data transfer;
- The onward transfer is required to fulfil a contractual obligation or pre-contractual measure on the request of the data subject;
- We are obliged by law to make such a transfer;
- The onward transfer is made on the basis of our legitimate interest or those of a third party.
5. Third countries
The transfer of personal data to a third country or an international organisation outside the United Kingdom is subject to legal or contractual permission only in accordance with the provisions under Art. 44 et seq. UK GDPR. Pursuant to Art. 45 UK GDPR an adequacy decision of the Secretary of State must be present for the respective country, or appropriate safeguards for data privacy under Art. 46 UK GDPR, or Binding Corporate Rules under Art. 47 UK GDPR must exist. In individual cases, a data transfer may be permitted on the basis of an exception under
Art. 49 UK GDPR.
We may use on our website external services provided by organisations based in the USA. If these services are active, personal data is collected in connection with the provision of the relevant service and may be transferred to and stored on servers in the USA. When data is transferred to the US, there is a fundamental risk that the US authorities may access and use the data for surveillance and monitoring purposes without notification and without the possibility of a legal remedy.
6. Rights of individuals
As a data subject you have the following right:
- Pursuant to Art. 15 UK GDPR to request information about your personal data processed by us. You may also request information regarding the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period, the data source (where personal data is not collected from you), the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing; the existence of the right to request rectification or erasure of data concerning you, the right to restrict processing or to object to such processing, the right to lodge a complaint with a supervisory authority. Finally, you have a right to know whether personal data has been transferred to a third country or to an international organisation, and, if so, the appropriate safeguards relating to this transfer;
- Pursuant to Art. 16 UK GDPR to demand the immediate rectification of inaccurate personal data and to have incomplete personal data which is stored by us completed;
- Pursuant to Art. 17 UK GDPR to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of a legal claim.
- Pursuant to Art. 18 UK GDPR to request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you; the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; you have objected to processing pursuant to Art. 21 (1) UK GDPR pending the verification whether our legitimate grounds override your interests;
- Pursuant to Art. 20 UK GDPR to receive your personal data, which you have provided for us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller;
- Pursuant to Art. 21 UK GDPR to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes and the legal basis for processing is our legitimate interests pursuant to Art. 6 (1)(f) UK GDPR;
- Pursuant to Art. 7 (3) UK GDPR to withdraw your consent given to us at any time. As a result, we are no longer allowed to continue to process the data that was based on this consent in the future;
- Pursuant to Art. 77 UK GDPR to lodge a complaint with the Commissioner. The contact details of the Information Commissioner's Office can be found on this website: ico.org.uk/global/contact-us/
If you wish to assert the individual rights mentioned above, you can contact us or our Group Data Protection Officer at any time using the contact details above.
7. Erasure and restriction of personal data
Unless otherwise provided for in this privacy notice, personal data will be deleted, if this data is no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. In addition, we will erase the personal data processed by us in accordance with Art. 17 UK GDPR on your request, if the conditions provided therein are met. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 UK GDPR. In case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons
We use the following cookies on our website:
8.1 Necessary Cookies
The data processed by necessary cookies are reasonably necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in the provision and operation of our website.
|Purpose||Google Analytics: throttles the request rate to limit data collection on high traffic websites|
|Purpose||This cookie saves whether the cookie banner is hidden.|
|Purpose||Saves the selected language in which the web page is to be displayed.|
|Purpose||Standard Joomla cookie for saving the login state.|
|Expires||End of session|
8.2 Cookies for tracking and statistics
|Purpose||Google Universal Analytics. Differentiation of unique users by randomly generated number as client ID. Used to identify returning visitors, calculate visitor, session and campaign data|
|Purpose||Google Universal Analytics.Used to distinguish user|
|Further information||https://developers.google.com/analytics/devguides/collection/analyticsjs/ cookie-usage?hl=en|
Most browsers accept cookies automatically. However, if you do not wish to accept cookies, you can configure your browser so that no cookies are stored on your device or a message is displayed before new cookies are created. Information on how to remove cookies in Internet Explorer/Edge, please refer to: https://support.microsoft.com/en-gb/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d. Information on the removal of cookies in Firefox, please refer to: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectlocale=en-US&redirectslug=delete-cookies-remove-info-websites-stored. Learn how to remove cookies in Safari here: https://support.apple.com/en-gb/guide/safari/sfri11471/mac.
In order to make our website available, we use services provided by hosting companies, such as: Provision of web servers, disk space, database services, and security or maintenance services. Here we, or our hosting providers, process personal data of website visitors based on our legitimate interests in providing efficient and secure access to our website in accordance with Art. 6 (1)(f) UK GDPR.
2. Access data and log files
By visiting our website or its individual pages, your device's internet browser automatically sends information to the server of our website. This information is stored in so-called log files by us or our hosting provider and will be deleted after 4 weeks at the latest.
The following information is stored:
- IP address of the requesting computer;
- Date and time of access;
- Name and URL of the requested file,
- Website from which our site was accessed (Referrer-URL);
- The browser used and your computer's operating system;
- Status codes and the transferred amount of data;
- Name of your access provider.
This data will be used for the following purposes:
- The provision of our website, including all of its features and contents;
- To ensure a smooth connection to our website;
- To ensure a more user-friendly experience on our website;
- To ensure system security and stability;
- For anonymised statistical evaluation of website access;
- To optimise our website;
- For disclosure to law enforcement authorities in the event of unlawful interference/attacks on our systems;
- For further administrative purposes.
The legal basis for data processing is Art. 6 (1)(f) UK GDPR. Our legitimate interest relates to the data collection purposes mentioned above. Under no circumstances will we use the personal data collected for the purpose of drawing conclusions about a person.
3. General means of contact
If you contact us using the contact details published on our website (for example, by e-mail) and in this context provide us with personal data, we will use this data to process your request on the basis of Art. 6 (1)(b) UK GDPR, if your request is related to the performance of a contract or is required to perform pre-contractual action. In all other cases, processing is based on your consent in accordance with Art. 6 (1)(a) UK GDPR and/or our legitimate interest in the effective processing of requests addressed to us pursuant to Art. 6 (1)(f) UK GDPR. We will store your personal data until you ask us for deletion, revoke your consent to the storage, or the data are no longer necessary for the purpose for which they were collected (for example, after completion of your request). Mandatory statutory provisions - especially retention periods - remain thereof unaffected.
4. Contact form
If you use the contact form, you will be asked to provide your e-mail address, name, telephone, position and any other contact details, so that we can get in touch with you. Further information can be provided voluntarily. The data processing for the purpose of contacting us and answering your request takes place in accordance with Art. 6 (1)(a) UK GDPR based on your voluntary consent. All personal data collected in connection with the contact form will be deleted after your request has been processed, unless further storage is required for the documentation of other transactions (for example, subsequent conclusion of a contract).
5. E-Mail direct marketing to customers
If you are an existing customer and we have received your e-mail address in connection with the sale of goods or services, we may use your name, e-mail address, your company affiliation if you are interacting on behalf of a company, and the type of goods or services you purchased from us for the direct marketing of our own similar goods or services. This only applies if you have not objected and we clearly and unequivocally have advised you of the possibility of objection at the time of collecting the e-mail address, and every time we use it thereafter. The legal basis of processing is our legitimate interest in direct marketing according to Art. 6 (1)(f) UK GDPR. We will store the personal data until you object to the processing
If you would like to receive our newsletter we require your e-mail address. The data processing for the purpose of sending the newsletter takes place in accordance with Art. 6 (1)(a) UK GDPR based on your voluntary consent by means of the so-called double-opt-in procedure. The e-mail address will be used and stored for this purpose until you withdraw your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example by using the link at the bottom of each newsletter. You can also send your withdrawal/unsubscribe request
at any time to the e-mail address given under Clause II.
We embed a so-called counting pixel into our newsletters. A counting pixel is a miniature graphic embedded in the HTML format of the newsletter to allow us an analysis of the reader's reading behaviour. In this context, we gather information on whether, and at what time, a newsletter was opened by you and which of the links contained in the newsletter were accessed by you. We use this data to generate statistical evaluations of the success or failure of a marketing campaign to optimize the distribution of our newsletters and to better tailor the content of future newsletters to your interests. The collected data will not be passed on to third parties and will be deleted after the statistical evaluation.
Provider of the services below is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter 'Google').
The information collected by Google in connection with the provision of the respective services may be transferred to and processed by Google servers in the USA and stored there. Please also note our information above on data transfer to third countries.
For information on the use of data for advertising purposes by Google, settings and your right to object please refer to https://policies.google.com/technologies/partner-sites?hl=en, https://policies.google.com/technologies/ads?hl=en, https://adssettings.google.com/anonymous?hl=en.
1. Google services for which your consent is required
The legal basis for the use of the following services is your voluntarily given consent according to Art. 6 (1)(a) UK GDPR. The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) UK GDPR.
1.1 Google Analytics
Our website uses media content from the YouTube platform. Provider is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter 'Google'). The purpose is to display content of the YouTube platform that relates to the content of our website. This service collects your IP address and any additional data Google may need to provide the YouTube content. The information gathered about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. If you are logged in to your YouTube account while you are visiting our website, Google can link your visit of our website directly to your YouTube user account. If you do not want Google to be able to associate the data collected on our website with your respective user account on YouTube, you must first log out of YouTube.
2. Other Google services
The legal basis for the use of the following services are our legitimate interests according to Art. 6 (1)(f) UK GDPR. Our legitimate interests are listed below for each service individually.
2.1 Google Tag Manager
Our website uses Google Tag Manager to manage the website through a single tag management interface. Google Tool Manager only implements tags. This means no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain effective for all tracking tags as far as they are implemented with the Google Tag Manager. Our legitimate interests in the use of Google Tag Manager are the efficient maintenance of our website and the central administration of HTML elements.
On our website we refer with hyperlinks to social media profiles in social networks. When you actively click on a link to such a profile, your browser establishes a direct connection with servers of the respective social media network, whereby the provider obtains knowledge of your visit. If you are simultaneously logged in to the respective social network, the provider can assign the visit to the profile to your user account. In this context, personal data may be processed in the USA. For more information on the processing of personal data, please refer to the privacy
policy of the respective social media network. The purpose of linking our website to social media profiles is to increase the visibility of our website. Clicking on a social media link takes place on the basis of your voluntary decision in accordance with Art. 6 (1)(a) UK GDPR. The legal basis for any data transfer to the USA is also your voluntarily given consent according to Art. 49. (1)(a) UK GDPR.
Our website partially uses third party content loaded directly from servers of the content providers, as named below. The purpose of integrating this content is to make our website more attractive.
1. Other Media content
The legal basis for the use of the following media content is our legitimate interests according to Art. 6 (1)(f) UK GDPR. Our legitimate interest in using third-party content is to improve the reach of our website through attractive web content. Further legitimate interests are listed individually below
This website uses the OpenStreetMap service to display site plans, maps, terrain data or geographical maps. The provider is the Openstreetmap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom (hereinafter "OSMF"). This service records your IP address, which of our Internet pages you have visited and, if applicable, further data required by OSMF for the provision of the maps (e.g. location data). For more information please refer to OSMF's privacy notice at: https://wiki.osmfoundation.org/wiki/Privacy_Policy.