Home Home

Data protection information for visitors


Dear visitor,

According to the requirements of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of your personal data as well as your corresponding data protection rights. It mainly depends on the reason of your visit which data are processed in detail and used in which manner. In order to ensure that you are fully aware of the processing of personal data within your visit, please take note of the following information.

 

1. Name and contact details of the responsible person

Heidolph Instruments GmbH & Co. KG
Ludwigsplatz 8
93309 Kelheim (Germany)
Phone: +49 9441 68383-0
E-mail: sales@heidolph.de
 
is the company responsible for data collection. 

2. Contact details of the data protection officer

You can contact our data protection officer Mrs. Nadine Heyn using the address above or the e-mail address datenschutz@heidolph.de

3. Purposes of processing and legal bases

We process your personal data according to the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act and other relevant regulations regarding personal data.

3.1. Purposes of processing

Your personal data will be processed exclusively for the purpose of visitor management as well as for the compliance with our safety concept. Those purposes are the result on the one hand of legal data protection requirements (e.g. appropriate security measures within the GDPR) and the EU anti-terror ordinance (sanction list screening or examination of personal data against embargo lists), on the other hand of the requirements of our own business strategy.

3.2. Legal basis for processing

The processing of your personal data is realized for ensuring our legitimate interests as well as for averting and asserting legal claims according to Art. 6 (1) lit. f GDPR. We have a legitimate interest in complying with the prohibition standards of EU regulations and in not being sanctioned by the relevant authorities.  We also have a legitimate interest in knowing when and for what reasons visitors are staying in our company to ensure its security and to prosecute eventual criminal offenses.

If you expressly give your consent to the processing of your personal data for specific purposes, such processing is on the legal basis of your consent according to Art. 6 (1) lit. a GDPR. A given consent can be withdrawn at any time with effect for the future (see clause 10 of this data protection information).

4. Personal data categories being processed by us

We only process data being related to your visit. Those can be general data about your person or about persons of your company (name. address, contact details etc.) as well as, if necessary, further data that you provide us within the visit.


5. Sources of the data

We process personal data that you provide within your visit.

6. Recipients or categories of recipients of the personal data

We only share your personal data within our company with the departments and persons that need these data for the documentation of your visit or for the implementation of our legitimate interest. Data will only be passed on to recipients outside of the company if legal provisions permit or require such, if it is necessary for the management of your visit, if you have agreed to such or if we are authorized to provide information. Under these prerequisites, recipients of personal data can include for example:

·       public bodies and institutions (e.g. public prosecutor's office, police, supervisory authorities, tax office) in the event of a legal or official obligation,

·       recipients that immediately require the transfer of your personal data to assert any damages (e.g. lawyers, courts).

7. Transfer of your data to a third country or an international organization

It is not intended to transfer data to a third country.

8. Period of storage of personal data

Your data will be fully deleted as soon as they are no longer necessary for the above mentioned purpose.

In addition, we are subject to a variety of retention and documentation obligations ranging from two to ten years.

The retention period is ultimately determined on the basis of national statutory limitation periods. Sections 195 et seq. of the German Civil Code, for example, specify a standard limitation period of three years, in certain cases also up to thirty years.

9. Data subject rights

In accordance with the applicable General Data Protection Regulation, you have the following rights:

You have the right to receive information concerning the data stored about your person (Art. 15 GDPR).

You have the right for correction of incorrect processed data (Art. 16 GDPR).

If there are legal reasons for doing so, you may request to have the processing deleted or limited, or to object to the processing (Art. 17, 18 and 21 GDPR).

If you have consented to data processing or processing is based on a contract and data processing is carried out by automated means, you may, if applicable, be entitled to data portability (Art. 20 GDPR).

If you want to exert your rights stated above, please contact our data protection officer (datenschutz@heidolph.de).

You also have the right to appeal to the responsible Bavarian state officer for data protection.

10. Information about your right to object, art. 21 GDPR

If the processing of information is based on your consent, you are entitled according to Article 7 GDPR to revoke your consent regarding the use of your personal information at any time. Please note that the revocation can only have a future effect. Processing that took place before the revocation is not affected. Please also note that we may need to retain certain data for a certain period of time to comply with legal requirements (see clause 8 of this data protection information).

Where we justify the processing of your personal data by our legitimate interest pursuant to Article 6 (1) sentence 1 lit. f GDPR, you can object, for reasons arising from your particular situation, to the processing of these data at any time, according to Article 21 GDPR. We will then no longer process these personal data, unless we can demonstrate compelling legitimate reasons for the processing. Those may prevail your interests, rights and freedoms or the processing serves for assertion, execution or defense of legal claims. To defend your rights, you can contact us using the contact details in clause 1 or clause 2.

11. Obligation to provide the data

You only need to provide us with those data that are necessary for the execution of a business relation or for a pre-contractual relationship with us or that we are required to collect by law. This may also relate to data required at a later stage within the business relation. If we request additional data from you, we will inform you expressly about the voluntary nature of your compliance.

12. Automated decision-making

To establish and conduct the business relation as well as for pre-contractual measures, we generally do not use fully automated decision making as referred to in Art. 22 GDPR. Should we use these methods in particular cases, we will inform you about it or seek your consent, provided this is required by law.