.svg)
English
1. Responsible person within the meaning of Art. 4 point 7 GDPR
Responsible within the meaning of Art. 4 Section 7 GDPR is:
Heartland Solutions GmbH
Thurn-und-Taxis-Platz 6
60313 Frankfurt
Telephone: 069-56005572
email: datenschutz@heartland-solutions.com
2. Communication via email/ phone/ contact form/ service portal
Purpose of data processing/legal basis:
We will of course treat personal information that you provide to us by e-mail, telephone, post, contact forms or the service portal confidentially. We use your data exclusively for the purpose of processing your request. The legal basis for data processing is Article 6 (1) f) GDPR. The legitimate interest on the part of Heartland Solutions results from the interest in answering inquiries from our customers, business partners and interested parties and thus maintaining and promoting customer satisfaction.
The company to which you send your request is responsible for processing your request under data protection law.
We use Microsoft Teams telephony features. The information about teams in this privacy policy applies accordingly to the telephony function.
It cannot be ruled out that, for example, email addresses from external parties may be processed in Heartland Solutions systems for IT security purposes.
Recipients/ categories of recipients:
We generally exclude the transfer of data to third parties outside Heartland Solutions. Exceptionally, data is processed by contract processors on our behalf. These are each carefully selected, are also audited by us and contractually bound in accordance with Article 28 GDPR.
It may also be necessary for us to forward inquiries to other companies within Heartland Solutions if this is necessary for processing.
Within the service portal, supervisors at Heartland Solutions customers may be able to view tickets created by other users of the company.
Storage period/ Criteria for determining the storage period:
All personal information that you provide to us for inquiries outside of customer service will be deleted or securely anonymized by us no later than 90 days after the final response has been given to you. The storage of 90 days is explained by the fact that it may occasionally happen that, after an answer, you must be able to contact us again about the same matter and be able to refer to the previous correspondence. Experience has shown that, as a rule, there are no more questions about our answers after 90 days.
Voice messages on answering machines remain saved until the person called deletes them.
Service tickets in the Support, reports and log files of the Service Portal are stored for as long as necessary for Heartland Solutions. Closed tickets are deleted from the service portal after six months.
3. Data processing by contact persons
Purpose of data processing/legal basis:
Heartland Solutions processes the contact details of contact persons with customers, prospects, suppliers and other business partners for communication by e-mail, telephone, fax and post. The legal basis for data processing is Article 6 (1) f) GDPR. The legitimate interest on the part of Heartland Solutions results from the interest in carrying out or initiating a business relationship with customers, interested parties, suppliers and other business partners and in maintaining personal contact with contact persons.
Insofar as there is a legitimate interest, Heartland Solutions companies can compare business partners with so-called sanction lists on the basis of Art. 6 para. 1 lit. f) GDPR.
Recipients/ categories of recipients:
We generally exclude the transfer of data to third parties outside Heartland Solutions. Within Heartland Solutions, your data is shared, among other things, to carry out or initiate the business relationship. Exceptionally, data is processed by contract processors on our behalf. These are each carefully selected, are also audited by us and contractually bound in accordance with Article 28 GDPR.
Storage period/ Criteria for determining the storage period:
Personal data is stored for the purpose of carrying out business relationships for as long as there is a legitimate interest in doing so.
4. Data processing for marketing purposes
Purpose of data processing/legal basis:
Heartland Solutions uses personal data for marketing purposes, in particular for advertising by email, telephone and post. The purpose of data processing as part of marketing measures is to inform data subjects about products and services from Heartland Solutions.
The legal basis for sending advertising by post is Art. 6 (1) f) GDPR. The legitimate interest on the part of Heartland Solutions results from the interest in sending customers and interested parties information about products and services.
The legal basis for marketing measures by e-mail or telephone is usually a declaration of consent given by you. Section 7 UWG may also apply to marketing measures aimed at existing customers.
You can object to receiving advertising at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates by sending a message to info@heartland-solutions.com.
If you declare an advertising objection, we will store your data in an advertising block file based on Art. 6 para. 1 f) GDPR. The legitimate interest on the part of Heartland Solutions results from the interest in ensuring compliance with the asserted objection.
Recipients/ categories of recipients:
As a matter of principle, your data will not be passed on to external bodies. If external contract processors are used to send advertising, they are contractually bound in accordance with Article 28 GDPR and have been checked accordingly to provide appropriate organizational and technical security measures.
Within Heartland Solutions, your data may be shared with other companies for marketing purposes.
Storage period/ Criteria for determining the storage period:
If you object to receiving advertising, your data will be blocked immediately and then deleted unless it is also stored for other purposes.
5. Acceptance of applications
For information about data processing in application processes and when using our career portal, we refer to the career portal's privacy policy.
6. cookies
Some of the websites use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.
You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be limited.
You can change cookie settings here: Activate/deactivate cookies
legal basis:
The legal basis for data processing through so-called “necessary cookies” is Art. 6 para. 1 lit. f DSGVO. Necessary cookies enable basic functions and are required for the website to function properly. We have a legitimate interest in making the website as user-friendly as possible.
The following cookies, which are set by this website, are necessary for the operation of the website:
• Name of cookie: cookieconsent_status
• Storage period: 354 days
7. Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
• Browser type/ browser version
• operating system used
• Referrer URL
• the name and URL of the retrieved file
• Date, time and time zone of the server request
• the IP address of the requesting internet-enabled device
This data cannot be easily attributed to specific persons. This data is not combined with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete evidence of illegal use.
legal basis:
This data is processed on the basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the purposes of data processing listed above. This data is not transmitted to external bodies.
Storage period:
The data is stored for a period of 14 days.
8. Analytics
Purpose of processing/legal basis:
This website uses features of the web analysis service Google Analytics. Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and allow an analysis of your use of the website.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as search history, personal accounts, usage data from other devices and any other data that Google has about you. Data processing is primarily carried out by Google.
The information generated by cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. Both Google and potentially government agencies in the USA have access to this data.
However, the Google Analytics settings on this website will abbreviate or mask your IP address as soon as the data is received by Google Analytics and even before it is stored or processed.
legal basis:
The use of Google Analytics is based on your consent in accordance with Article 6 (1) (a) GDPR and Section 25 (1) (1) TDDDG. You can withdraw this consent at any time with effect for the future.
Cookies related to Google Analytics:
• _ga (storage period: 2 years)
• _ga_f56s6h339D (storage period: 2 years)
Recipients/ categories of recipients:
As part of the Google Analytics service, Google Ireland Limited supports us as a contract processor in accordance with Art. 28 GDPR. Data processing can also be carried out by Google outside the EU or the EEA (in particular in the USA).
Storage period:
We store user and event data for a period of 2 months.
9. Google reCAPTCHA
To protect Internet forms, we also use the reCAPTCHA service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). This service includes the transmission of your IP address and any other data to Google that is required for the reCAPTCHA service.
legal basis:
Art. 6 para. 1 lit. f) GDPR — our legitimate interest lies in protecting our Internet forms and in the interest of protecting against spam and misuse.
10. Microsoft Teams
If you are taking part in an online meeting as an external participant, you will receive an access link via email from the meeting host. When registering for the online meeting, you must then provide your name and, if applicable, your e-mail address.
If you do not want to exchange data with us via Microsoft Teams in accordance with Art. 9 GDPR, please redact this data in advance or otherwise obscure it.
Microsoft Teams is a service provided by Microsoft Corporation. You can find more information about the processing of your data when using “teams” at:
• https://privacy.microsoft.com/de-de/privacystatement
• https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer/
Purposes of data processing/legal basis:
We use the “Microsoft Teams” tool to conduct online meetings, video conferences and/or webinars and, if necessary, exchange documents with participants.
• Art. 6 para. 1 lit. f) GDPR — Communication with contact persons
• Art. 6 para. 1 lit. b) GDPR — direct contractual partner (natural persons)
• Art. 9 para. 2 lit. a) GDPR — Consent to the processing of special categories of personal data (e.g. camera, microphone, profile picture)
Recipient/ transfer of data:
As a matter of principle, personal data is not passed on to third parties unless it is intended for transfer. The Microsoft Teams provider necessarily receives knowledge of data as part of the order processing contract.
Data processing outside the EU:
We generally restrict storage locations to data centers in the EU. However, it may happen that data is routed via servers outside the EU. There are EU standard contractual clauses with Microsoft. In addition, Microsoft in the USA is subject to the EU-US Data Privacy Framework.
Storage period:
In principle, we delete personal data when there is no need for further storage.
11. Your rights as a data subject
You have the following rights under GDPR:
• Information (Art. 15 GDPR)
• Correction (Art. 16 GDPR)
• Deletion (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Objection (Art. 21 GDPR)
• Data portability (Art. 20 GDPR)
• Withdrawal of consent (Art. 6 para. 1 a)/Art. 9 para. 2 a) GDPR)
You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
12. No obligation to provide personal data
The provision of personal data is not required by law or contract or required to conclude a contract. However, failure to provide them may mean that we are unable to provide certain services (e.g. answering inquiries, participation in application processes).
13. data protection officer
Our company data protection officer:
Bastian Schätzle
Thurn-und-Taxis-Platz 6
60313 Frankfurt
Email: privacy @heartland -solutions.
14. Privacy statement for social media sites
We, Heartland Solutions GmbH, operate the following social media sites:
• LinkedIn: https://www.linkedin.com/company/heartland-solutions/
In addition to us, the operator of the respective platform is also responsible in terms of data protection law.
We process your data (e.g. comments, messages, likes), insofar as they are accessible to us through the platform, exclusively for communication as part of our public relations work.
legal basis:
Art. 6 para. 1 lit. f) GDPR — Public relations and communication.
More information:
• LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
• Shared responsibility: https://legal.linkedin.com/pages-joint-controller-addendum
.svg){kind=icon}