top of page
Privacy Policy
1) Introduction and contact details of the responsible party

​

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data refers to all data that can be used to identify you personally.

​

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Matthias Häfner, Philipp-Fasel-Str. 6, 97076 Würzburg, Germany, tel.: +49 931 45462999, email: info@heosys.de. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

​

2) Data collection when visiting our website

​

2.1 When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

​

  • Our visited website

  • Date and time of access

  • Amount of data sent in bytes

  • Source/reference from which you accessed the site

  • Browser used

  • Operating system used

  • IP address used (if applicable: in anonymized form)

​​

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for any other purpose. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

​​

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

​

3) Hosting & Content-Delivery-Network

 

3.1 Amazon Web Services

We use the system of the following provider to host our website and display the page content: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA.

All data collected on our website is processed on the provider's servers.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

​​

3.2 Wix

We use the system of the following provider to host our website and display the page content: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel.

Data is also transferred to: Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA.

All data collected on our website is processed on the provider's servers.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to the provider's location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

​

3.3 Google Cloud CDN

We use a content delivery network from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly via a network of regionally distributed servers. The processing is carried out to safeguard our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 (1) lit. f GDPR.

Data may also be transferred to: Google LLC, USA.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

​​

4) Cookies
​

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called “session cookies”), while others remain on your device for longer and enable page settings to be saved (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of your web browser's cookie settings.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either for the performance of the contract, pursuant to Art. 6 (1) (a) GDPR in the case of consent, or pursuant to Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

​

5) Contact

 

When you contact us (e.g. via contact form or email), personal data is collected. The data collected when using a contact form can be seen on the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and the associated technical administration.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no legal retention obligations to the contrary.

​

6) Web Analytics Services

​

Wix Analytics

 

This website uses the web analytics service provided by the following provider: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading terminal and browser information), the service collects and stores pseudonymized visitor data, including information about the terminal used, such as the IP address and browser information, in order to evaluate it for statistical analyses of usage behavior on our website and to create pseudonymized usage profiles. Among other things, this enables the evaluation of movement patterns (so-called heat maps), which show the duration of page visits and interactions with page content (e.g., text entries, scrolling, clicks, and mouse-overs). Pseudonymization fundamentally excludes direct personal reference. There is no merging with other clear data about your person that has been collected in other ways.

All processing described above, in particular the reading or storage of information on the device used, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to the provider's location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

​

7) Tools and miscellaneous
​

Cookie consent tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users when they visit the site in the form of an interactive user interface, on which consent for certain cookies and/or cookie-based applications can be given by ticking a box. When using the tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by checking the box. This ensures that such cookies are only set on the user's respective device if consent has been granted.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is not processed in this process.

If, in individual cases, the storage, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and, consequently, in the legally compliant design of our website.

Another legal basis for processing is Art. 6 (1) (c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

Where necessary, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website.

​​

8) Rights of the data subject

​

8.1 Applicable data protection law grants you the following rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis cited for the respective conditions for exercising these rights:

 

  • Right of access pursuant to Art. 15 GDPR;

  • Right to rectification pursuant to Art. 16 GDPR;

  • Right to erasure pursuant to Art. 17 GDPR;

  • Right to restriction of processing pursuant to Art. 18 GDPR;

  • Right to notification pursuant to Art. 19 GDPR;

  • Right to data portability pursuant to Art. 20 GDPR;

  • Right to withdraw consent pursuant to Art. 7(3) GDPR;

  • Right to lodge a complaint pursuant to Art. 77 GDPR.

​

8.2 RIGHT TO OBJECT

 

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST AFTER WEIGHING UP THE INTERESTS INVOLVED, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNING YOU FOR DIRECT MARKETING PURPOSES.

​​

9) Duration of storage of personal data

 

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and, if relevant, additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that is processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 (1) (b) GDPR, this data will be routinely deleted after the retention periods have expired, provided that it is no longer necessary for the fulfillment or initiation of a contract and/or we no longer have a legitimate interest in its continued storage.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, this data will be stored until you exercise your right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) lit. f GDPR, this data will be stored until you exercise your right to object under Art. 21 (2) GDPR.

Unless otherwise specified in the other information in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

bottom of page