Home Home

Data protection information for visitors


Dear Visitor,

In accordance with the provisions of Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR), we herewith inform you about the processing of your personal data and your related rights under data protection law. Which data in detail are processed and in which way they are used essentially depends on the reason for your visit. To ensure that you are fully informed about the processing of your personal data within the scope of the handling of your visit, please take note of the following information.

1. Name and contact details of the controller

The controller, the person responsible for data collection, is

Heidolph Scientific Products GmbH
Walpersdorfer Str. 12
91126 Schwabach, Germany

Tel: +49-(0)-9122-9920-0
Email: sales@heidolph.de 

2. Contact details of the data protection officer

Nadine Heyn
Data protection officer of the company
Heidolph Scientific Products GmbH
Ludwigsplatz 8
93309 Kelheim, Germany

Phone: +49-(0)-9441-68383-12
Email: Datenschutz@heidolph.de

3. Purposes and legal basis of the processing

We process your personal data according to the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant data protection regulations.

3.1. Purposes of the processing

Your personal data are processed and used for the purposes of visitor management and compliance with our security concept. These result on the one hand from statutory provisions regarding data protection (e.g., suitable security measures in the context of the GDPR) and regarding the EU Anti-Terror Regulation (sanction list screening or checking personal data against the embargo lists), but also from the requirements of our own business strategy.

3.2. Legal basis of the processing

Your personal data are processed to pursue our legitimate interests and for the defense and establishment of legal claims in accordance with Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in complying with the prohibitive standards of the EU regulations and not to be sanctioned by the relevant authorities.  Equally, we have a legitimate interest in knowing which persons are in our company when and for which reason, in order to security and to prosecute any criminal offenses.

If you issue us with an explicit consent to process personal data for specific purposes, this processing is lawful on the basis of your consent according to Art. 6 para. 1 lit. a GDPR. Consent that has been given can be withdrawn at any time with effect for the future (see section 10 of this data protection information).

4. Categories of personal data processed by us

We only process data related to your visit. This can be general data about you or people in your company (name, address, contact details, etc.) and if applicable, further data that you transfer to us in the context of your visit.


5. Sources of the data

We process personal data that you disclose in the context of your visit.

6. Recipients or categories of recipients of the personal data

We pass on your personal data within our company solely to the departments and persons who need these data to document your visit or to realize our legitimate interests. Otherwise, data are only transferred to recipients outside the company insofar as statutory provisions allow or dictate this, the transfer is required to handle your visit, we have received your consent or we are authorized to issue information. Under these prerequisites, recipients of personal data can be, for example:

  • public bodies and institutions (for example, department of public prosecution, police, supervisory authorities, tax office) if a statutory or official obligation exists,
  • recipients to whom the transfer is directly necessary to claim any damages (for example, lawyers, courts)

 

7. Transfer of your data to a third country or to an international organization

Transfer to a third country is not intended.

8. Period of the storage of personal data

Your data are deleted as soon as they are no longer required for the above-named purpose.

In addition, we are subject to various retention and documentation obligations of two to ten years.

Finally, the storage period also depends on the statutory periods of limitation, for example, according to §§ 195 ff. of the German Civil Code (BGB) generally three years, but in certain cases can also be up to thirty years.

9. Data subject rights

According to the General Data Protection Regulation you have the following rights:

If your personal data are processed, you have the right to receive information about the data stored about you (Art. 15 GDPR).

If inaccurate personal data are processed, you have the right to rectification (Art. 16 GDPR).

If the legal prerequisites exist, you can demand the erasure or restriction of the processing and object to the processing (Art. 17, 18 and 21 GDPR).

If you have consented to the data processing or a data processing contract exists and the data processing is carried out by automated means, you have a right to data portability if applicable (Art. 20 GDPR).

If you want to exercise one of the above-named rights, please contact our data protection officer (datenschutz@heidolph.de).

Furthermore, you have a right to complain to the Bavarian State Commissioner for Data Protection (Bayerischen Landesbeauftragten für den Datenschutz).

10. Information about your right to object Art 21 GDPR

Where data are processed on the basis of your consent, according to Art. 7 GDPR, you are entitled to withdraw your consent to use of your personal data at any time. Please note that the withdrawal applies to the future. Processing that takes place before the withdrawal is not affected by it. Please also note that we must store specific data for a certain period in order to meet statutory requirements if necessary (see section 8 of this data protection information).

If your personal data are processed pursuant to Art. 6 para. 1 lit. f GDPR for the purposes of legitimate interests, according to Art. 21 GDPR you have the right to object to the processing of these data at any time on grounds relating to your particular situation. We then no longer process these personal data, unless we can demonstrate compelling legitimate grounds for the processing. These must override your interests, rights and freedoms, or the processing must serve the establishment, exercise or defense of legal claims. To safeguard your rights, you can contact us using the contact details provided in section 1 or section 2.

11. Obligation to provide the data

You only need to provide the data necessary to conduct a business relationship or for a precontractual relationship with us or which we are legally obliged to collect. This can also relate to data required later in the context of the business relationship. If we ask you for further data, you will be advised separately of the voluntary nature of the information.

12. Automated decision-making

We do not use any fully automated decision-making in accordance with Art. 22 GDPR to justify, fulfill or conduct the business relationship or for precontractual measures. If we use these procedures in individual cases, we will inform you separately or obtain your consent, insofar as this is legally required