We appreciate your visit to our website and your interest in our company.
The protection of your personal data is very important to us at Heidelberger Druckmaschinen AG. Below, we provide information about how we handle your personal data in accordance with Articles 12, 13, and 21 of the EU General Data Protection Regulation (hereinafter referred to as GDPR).
This data protection information describes how we process your personal data, in particular the data we collect from you, how we use it, and your rights. Please note that this data protection information no longer applies if you follow links to third-party websites or register in areas that are controlled by other controllers in terms of data protection law.
Name of the controller and contact details of the data protection officer:
Heidelberger Druckmaschinen AG and its affiliated companies pursuant to Section 15 AktG (German law on stock corporations) in conjunction with Section 18 AktG in the appendix (hereinafter "HEIDELBERG") are pleased that you have visited our website and app and are interested in our products.
The controller responsible for the data processing described in this privacy policy is
Heidelberger Druckmaschinen AG
Kurfürstenanlage 52-60
69115 Heidelberg, Germany
Tel.: +49 (0)6221 92 00
Fax: +49 (0)6221 92 69 99
Email: information@heidelberg.com
And of the subsidiaries.
Data Protection Officer
Heidelberger Druckmaschinen AG
Gutenbergring
69168 Wiesloch, Germany
Email: datenschutzbeauftragter@heidelberg.com
The GDPR and the German Federal Data Protection Act (BDSG) provide for various rights for data subjects, which we will explain below.
In accordance with Art. 15 GDPR and the conditions set out in § 34 BDSG, you have the right to obtain information about the processing of your personal data. Pursuant to Art. 16 GDPR, you have the right to request the immediate correction of inaccurate personal data concerning you. In addition, pursuant to the conditions of Art. 18 GDPR, you may request a restriction of processing, pursuant to Art. 20 GDPR, a transfer of your personal data, and pursuant to the conditions of Art. 17 GDPR and § 35 BDSG, an erasure.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) GDPR. If you object, we will no longer process your personal data on this legal basis, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing. If you object to the processing of your personal data for the purpose of direct marketing, we will no longer process your personal data for these purposes.
Please contact us regarding your rights as a data subject and any questions you may have at: datenschutz@heidelberg.com.
According to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority. The supervisory authority responsible for us is:
Der Landesdatenschutzbeauftragter für Datenschutz und Informationsfreiheit Baden Württemberg (The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg)
Lautenschlagerstraße 20
70173 Stuttgart, Germany
Tel.: 0711/615541-0
Fax 0711/615541-15
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de
Please note all of the processing operations listed below that may take place in connection with the use of the services described in this privacy policy. This document describes the processing of information and data in connection with the HEIDELBERG website and the individual services mentioned by name, including user administration. Processing of personal data via other apps that can be used via the HEIDELBERG website is described in this document at the relevant point for each type of processing.
Data that users transmit as personal data in the context of communication and telecommunications is processed for the purpose of processing. The legal basis for this is Art. 6 (1) (b) GDPR. In addition to the data transmitted directly by users, messages and communications contain metadata, such as the phone number, email address, and IP address used, as well as the date and time of processing.
If users request support from Heidelberger Druckmaschinen AG or the locally responsible national and sales company or sales partner, the necessary data will be processed on the legal basis of Art. 6 (1) (b) GDPR. Within the scope of this contract fulfillment or preparatory measures at the request of the party concerned, it may be necessary in individual cases to transfer data to external service providers, e.g., hosting providers, software providers, IT specialists, but also, for example, the user's service providers.
In order to continuously improve the services we offer, based on an analysis of the usage data collected on our website/apps on a pseudonymized basis and the evaluation of the availability and speed of our website, the data is processed on the legal basis of Art. 6 (1) (a) GDPR. Your consent is voluntary and can be revoked at any time for the future. Furthermore, pursuant to Art. 6 (1) (f) GDPR in conjunction with Recital 47 GDPR, we have a legitimate interest in promoting our business by optimizing our website and the services we offer so that they best meet the expectations and needs of users.
In order to conduct market research activities based on information relating to our existing customers/their representatives (name and email address obtained in connection with our business relationship), the data is processed on the legal basis of Art. 6 (1) (f) GDPR in conjunction with Recital 47 GDPR. It is in our legitimate interest to promote our business by conducting market research on this basis and optimizing our services and products.
In order to make our podcasts available to our users and to analyze and optimize them in line with our users' expectations, we process the data on the legal basis of Art. 6 (1) (f) GDPR in conjunction with Recital 47 GDPR. We have a legitimate interest in the secure and efficient provision, analysis, and optimization of our podcast offering in order to promote our business.
Certain log data that can be used to detect and trace security-related events is stored separately. This serves to protect HEIDELBERG, its users, and their data. Potential cyber attacks can thus be detected at an early stage and, if necessary, repelled or reconstructed retrospectively. Our legitimate interest is to secure the HEIDELBERG CUSTOMER PORTAL, detect and ward off potential attacks, and document the relevant processes. In addition, this data may be used within the scope of legitimate interest (Art. 6 (1) (f) GDPR) to assert, exercise, or defend legal claims or damages. In individual cases, this may also require disclosure to third parties; see also section "Recipients or categories of recipients of personal data."
We also process the contact data of interested parties and users collected in the context of the use of the website and the HEIDELBERG services described below for advertising purposes on the legal basis of Art. 6 (1) (f) GDPR in conjunction with Recital 47 GDPR. It is in our legitimate interest to inform interested parties and users about our products and services for advertising purposes.
The relevant contact details collected, as well as interest in our products and services, will be forwarded to the respective state or sales company or sales partner as necessary. Processing takes place in our CRM program, as well as in our email and telecommunications systems.
Please note your right to object to processing for direct marketing purposes, which you will find in the section "Rights of data subjects ".
In Germany, we require the voluntary consent of the data subjects for the use of certain contact channels for advertising purposes. This consent is requested during registration or in the course of using the website and the HEIDELBERG services described below. The receipt of promotional emails must be confirmed by data subjects via double opt-in. Consent pursuant to Art. 6 (1) (a) GDPR is voluntary and can be revoked at any time. The HEIDELBERG CUSTOMER PORTAL can also be used without consent or after consent has been revoked.
In order to fulfill legal obligations that apply to us (e.g., tax obligations or data storage obligations), we process data on the legal basis of Art. 6 (1) (c) GDPR.
Personal data may be processed within the scope of legitimate interests (Art. 6 (1) (f) GDPR) for the purpose of asserting, exercising, or defending legal claims, regulating damages, or complying with regulations. In individual cases, this may also require disclosure to necessary third parties. Information on the right to object in individual cases is provided in the "Rights" section. Information on possible recipients is provided in the "Recipients or categories of recipients of personal data" section.
We have compiled further information on the purposes we pursue and the legal bases on which we rely for certain services, as well as the tools we use for you, in this privacy policy.
When you access our website, you transmit data to our web server via your Internet browser (for technical reasons). The following data is collected for communication purposes between your Internet browser and our web server during the connection establishment:
For technical security reasons, in particular to defend against attempts to attack our web server, we temporarily store this data. We are not able to trace directly the data back to a specific person directly. Due to our legitimate interest in security and troubleshooting, we store the data and logs for a maximum of seven days from the end of processing in accordance with Art. 6 (1) (f) GDPR. After that, the data is anonymized by shortening the IP address at the domain level so that it can no longer be linked to the individual user. The data is also processed in anonymized form for statistical purposes; it is not compared with other data sets or passed on to third parties, either in whole or in part.
Access to the data on the HEIDELBERG website and the associated services is granted to authorized employees of Heidelberger Druckmaschinen AG, the locally responsible national and sales companies or sales partners of Heidelberger Druckmaschinen AG, as well as commissioned service providers and their subcontractors.
If commissioned service providers have access to personal data and this constitutes order processing, an order processing agreement has been concluded with the service providers, which also takes into account regulations for possible subcontractors.
With the exception of the cases mentioned in this privacy policy, we do not pass on your personal data to third parties (this also applies to our affiliated companies). Your personal data may be transferred to the following categories of recipients:
Service providers:
We grant selected third parties who provide services on our behalf access to your personal data or transfer it to them. We have entered into agreements with these service providers that oblige them to comply with the same data protection standards as we do. The service providers act only on our behalf and on the basis of our instructions as so-called processors.
For transfers to service providers in countries outside the European Economic Area ("EEA"), see section Usage data or categories of personal data.
Third parties:
We also share your personal data with the following categories of trusted third parties who either assist us in conducting our business or have a legal right to receive the data:
Further information about third parties commissioned by us (e.g., providers of social plug-ins) can be found in the following sections of this privacy policy.
For transfers to third parties in non-EEA countries, see section Intention to transfer data to a third country or international organization
The relevant contact details collected during registration and use of the HEIDELBERG website and HEIDELBERG services, as well as interest in products and services or support requests, are transferred to the respective competent national or sales company or sales partner of HEIDELBERG.
Beyond the above-mentioned processing, the controller will not transfer user data to a third country or other international organization in accordance with the GDPR, unless
Duration or criteria for the duration of storage We store your personal data for as long as is necessary to pursue the respective processing purpose or as long as we have a legitimate interest in further storage. We delete personal data, taking into account statutory retention obligations, as soon as there is no longer any obligation to store it further.
Personal data that we process on the basis of consent will be processed by us for as long as the wording of the consent allows or until the consent of the data subject is revoked. Unless otherwise specified in the consent, we retain proof of consent and opt-out for 3 years after the end of processing in order to be able to demonstrate compliance with data protection regulations.
We store personal data relevant to commercial and tax law for six and ten years, respectively, in order to comply with our respective retention obligations in accordance with Section 147 (3) of the German Fiscal Code (AO) in conjunction with Section 147 (1) No. 1, 4 and 4 a AO, Section 257 (4) first half-sentence of the German Commercial Code (HGB) in conjunction with Section 257 (1) No. 1 and 4 HGB, and Section 14b (1) sentences 1 and 2 of the German Value Added Tax Act (UStG).
In addition, we store personal data that is relevant for the defense or assertion of legal claims until the expiry of the applicable limitation period of three years from the end of the year in which the claim arose, in accordance with Art. 6 (1) sentence 1 lit. f GDPR.
Information on storage periods for your personal data relating to specific processing scenarios (e.g., events or surveys) or to the tools we use on our website/app (e.g., Google Analytics) can be found in the following sections. We only store personal analysis and statistical data, such as Google Analytics data on user behavior, for as long as is necessary to create anonymized data sets. This means that the data is deleted after a very short period of time.
The transmission of data between the user's device and the HEIDELBERG website is encrypted using TLS/SSL in accordance with the latest technology.
We use a platform to manage consent. This service allows you to decide which of the various services available on our website (that involve the processing of personal data) you wish to use only on the basis of consent. It also enables us to document your consent to the use of cookies and data processing and to provide the legally required proof thereof.
The platform stores your consent decision in "local storage." Local storage is a feature in web browsers that stores information so that it can be reused when you leave the website and return. Your consent declaration may apply to several of our websites (cross consent domain sharing), such as the corporate website or e-shop. For countries belonging to the European Union and the European Economic Area, consent is always obtained on the first visit or in the absence of information on consent decisions from previous sessions. As a user, you can always adjust your consent decision regardless of your location. To do so, go to the Privacy Center in the footer.
The following data is processed:
The legal basis for this is our obligation to document compliance with data protection requirements in accordance with Art. 6 (1) (c) GDPR in conjunction with Art. 5 (2) and Art. 24 GDPR, combined with our legitimate interest in proving compliance with the requirements of Art. 6 (1) (f) GDPR in conjunction with Art. 5 (2) GDPR.
You can revoke your consent to cookies at any time for the future or adjust your settings.
The platform is operated by our processor, Usercentrics GmbH, Sendlinger Straße 780331 Munich, Germany.
Further information on data protection at Usercentrics can be found here.
Account Engagement as a service provider for newsletter distribution
Based on the user's consent, we use the Account Engagement Marketing Automation System to send newsletters, emails, and electronic notifications. The provider is Salesforce.com EMEA Limited (Salesforce), village 9, floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY.
Statistical collection and analysis
The newsletters contain a so-called "web beacon," i.e., a pixel-sized file that is retrieved from the Account Engagement server when the newsletter is opened. During this retrieval, technical information such as information about your browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used for technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times.
The statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked.
Although the technical data can be assigned to individual recipients, it is used exclusively to analyze general reading habits and to adapt content based on interests. The technical data is not used for individual user observation.
Online access and data management
There are cases in which we direct newsletter recipients to the Account Engagement websites. For example, our newsletters contain a link that allows newsletter recipients to access the newsletters online (e.g., in case of display problems in the email program). Furthermore, newsletter recipients can subsequently correct their data, such as their email address. Similarly, Account Engagement's privacy policy is only available on their website.
Processed data:
When using Account Engagement, data transfer to the USA cannot be ruled out. Since 2015, Salesforce.com Inc. has had Binding Corporate Rules approved by the European Data Protection Board, which ensures a level of data protection that complies with the GDPR. See:
Salesforce's Processor Binding Corporate Rules for the processing of personal data (Salesforce BCRs | Salesforce Compliance)
In addition to the data processing agreement, EU standard contractual clauses have also been concluded.
Account Engagement uses this information to send and evaluate newsletters on our behalf. For more information on data protection at Account Engagement, please visit: www.salesforce.com/company/privacy/.
In this context, we would like to point out that cookies are used on the Account Engagement websites and that personal data is therefore processed by Account Engagement, its partners, and service providers (e.g., Google Analytics). We have no influence on this data collection. For more information on data protection at Account Engagement, please visit: www.salesforce.com/company/privacy/.
In order to optimize the loading times of our website and our eShop application, we use a so-called Content Delivery Network (CDN) provided by Akamai Technologies, Inc. 145 Broadway, Cambridge, MA 02142, USA ("Akamai").
Akamai is a provider of content delivery and cloud infrastructure services that coordinates and optimizes the load balancing of web content for online applications. We use Akamai services to accelerate our websites so that they can provide acceptable response times worldwide.
Processed data:
The legal basis for the use of Akamai is Art. 6 (1) (f) GDPR.
To object to data processing, click here.
Information about the privacy policy of Akamai Technologies, Inc. can be found here. The company's data protection officer can be contacted directly at the following email address: privacypolicy@akamai.com
For our eShop, we use the search engine from Coveo Solutions Inc.,
401-1100 avenue des Canadiens-de-Montréal
Montreal QC H3B 2S2
Canada
The search terms you enter are sent to the Coveo cloud system to process your search queries and provide you with relevant results.
The queries are client-independent; no information about the person making the query is transmitted.
The search terms and results, specifically which results are selected by the user, are sent to an AI and processed there.
We use Google Tag Manager. The provider of the Google Tag Manager component is Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043. This service enables the management of website tags via an API. Google Tag Manager only implements tags. This means that no cookies are used. Google Tag Manager triggers other tags that can be used to collect data, but Google Tag Manager does not have access to this data. If deactivation has been carried out at the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.
We have integrated YouTube videos into our online offering, which are stored on http://www.youtube.com and can be played directly from our website.
The legal basis for the use of YouTube is Art. 6 (1) (a) GDPR.
When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This happens regardless of whether YouTube provides a user account that you are logged in to or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not want the association with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for advertising, market research, and/or the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in their privacy policy. There you will also find further information about your rights and settings options for protecting your privacy: https://www.google.de/intl/de/policies/privacy.
This service (e.g., for contact forms and newsletter registrations) is used for identification and prevents the services offered from being misused by machines. "Captchas" are generated and verified on HEIDELBERG application servers. No data is passed on to third parties.
Processed data:
The legal basis for the use of reCAPTCHA is Art. 6 (1) (a) GDPR.
The data protection provisions of the processor can be found at here.
An overview of the cookies set by reCAPTCHA, including their storage duration, can be found below:
Name: _grecaptcha
Provider: Google reCAPTCHA
Description: Used to protect against spam
Expiration: Session cookie
We use Google Analytics 4, a web analytics service provided by Google Ireland Ltd. ("Google"), to tailor our pages to your needs and continuously optimize them. This use is based on your consent in accordance with Art. 6 (1) (a) GDPR. Google Analytics 4 uses cookies that enable an analysis of your use of our websites and online services. In this context, our processor Google creates pseudonymized usage profiles and uses cookies.
Processed data:
In addition, your usage behavior is recorded during your visit to the website, e.g.
Google Analytics 4 is implemented on our websites on the server side. With server-side tracking, usage data is first sent to a dedicated HEIDELBERG server in the EU, where IP addresses are pseudonymized by truncation. This data is then forwarded to Google's own servers for further processing. Server-side tracking enables increased control and security over data.
If server-side tracking is not set up for a website, IP address anonymization is enabled by default in Google Analytics 4. This means that the IP addresses of users within member states of the European Union or other signatory states to the Agreement on the European Economic Area are truncated by Google. Only in exceptional cases (e.g., in the event of a technical defect in the European Union) will the IP address be transferred to a server in the USA and truncated there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.
Transfer to third countries (outside the EU and the EEA): In the course of analyzing user behavior, Google receives personal data based on your consent and processes it worldwide to the extent necessary for the provision of services.
Google's contact information is as follows:
Google Ireland Limited,
Gordon House, Barrow Street
Dublin 4
Ireland
Tel: +353 1 543 1000
Fax: +353 1 686 5660
Email: support-deutschland@google.com
The data we send and link to cookies is automatically deleted from the Google Analytics 4 user interface after 14 months.
You can withdraw your consent at any time with future effect by adjusting the relevant settings in our consent management platform (which you can access in the footer below) or by downloading the browser add-on to disable Google Analytics 4.
An overview of the cookies set in connection with Google Analytics 4, including their storage duration, can be found below:
Name: _ga, _ga_, _ga_session_
Provider: Google Analytics 4
Description: The cookies analyze browsing patterns and enable the creation of flow statistics; _ga is used to distinguish individual users by assigning a randomly generated number as a client identifier, which enables the calculation of visits and sessions; _ga_ and _ga_session_ are used to distinguish between different sessions that a user may initiate and refer to a predefined group of data.
Storage period: _ga, _ga_, _ga_session_ | Two years from creation, update, or until the cookies are deleted from your browser
Name: FPID, FPLC
Provider: Google Analytics 4
Description: FPID is used to distinguish individual users by assigning a randomly generated number as a client identifier, which enables the calculation of visits and sessions; FPLC is used to track your visit behavior across multiple websites (cross-domain tracking).
Storage period: FPID | 400 days from creation, update, or until the cookies are deleted from your browser; FPLC | 20 hours from creation, update, or until the cookies are deleted from your browser
Name: visitorFromIntranet
Provider: Heidelberger Druckmaschinen AG
Description: The cookie is used to exclude internal users, such as employees of Heidelberger Druckmaschinen AG, from evaluations of website activities.
Storage period: visitorFromIntranet | 1 week from creation, update, or until the cookies are deleted from your browser.
So-called Google Analytics Advertising Features (including Google Signals) are also activated in Google Analytics 4. With your consent in accordance with Art. 6 (1) (a) GDPR, we use Google Analytics advertising features on our website. By linking your pseudonymized usage data collected via Google's DoubleClick advertising network, we can analyze the demographic composition of our website visitors and the impact on the interests of our users, provided you have allowed personalized advertising in your Google account. The purpose of using these features is to tailor our website content and advertisements more specifically to the interests of our target groups and to compile statistical evaluations of our visitors. Google Analytics Advertising Features does not identify individuals, as the data is provided in aggregate form. You can find more information about Google Analytics Advertising Features here: https://support.google.com/analytics/answer/2700409
So-called "audiences" (i.e., target groups) are created in Google Analytics. These are classified according to selection criteria based on the behavior (e.g., visiting certain pages) and characteristics of the user on our website. These audiences are exported to Google Ads and used for remarketing purposes. This helps us optimize the placement of ads relevant to the target group. Further information on Google Ads can be found in the respective section.
You can revoke your consent at any time with future effect by adjusting the relevant settings in our consent management platform (which you can access at the bottom of the footer). If you have consented to ad personalization on Google, you can view and change the information collected by Google in connection with Google Signals here: https://myactivity.google.com/myactivity
We use Google Ads on our website. Google Ads is an online advertising program from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively, for example, by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time with future effect by adjusting the corresponding settings in our consent management platform (which you can access in the footer below).
For more information, please visit: https://policies.google.com/privacy and https://business.safety.google/adscontrollerterms/sccs/.
This website uses Google Remarketing features. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Remarketing analyzes your user behavior on our website (e.g., visits to certain pages) in order to classify you into specific advertising target groups and then display appropriate advertising messages to you when you visit other online offerings (remarketing or retargeting). Furthermore, the advertising target groups created with Google Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been tailored to you based on your previous usage and surfing behavior on one device (e.g., cell phone) can also be displayed on another of your devices (e.g., tablet or PC).
So-called "audiences" (i.e., target groups) are created within the framework of Google Analytics 4. These are classified according to selection criteria based on the behavior (e.g., visiting certain pages) and characteristics of the user on our website. Inclusion in a target group only takes place if the person concerned has previously consented to data processing by Google Analytics 4. These audiences are exported to Google Ads and used for remarketing purposes. This helps us to optimize the placement of ads relevant to the target group. Further information on Google Analytics 4 can be found in the relevant section.
If you have a Google account, you can opt out of personalized advertising at the following link: https://myadcenter.google.com
The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and can be revoked at any time with effect for the future.
Further information and the privacy policy can be found in Google's privacy policy at: https://policies.google.com/technologies/ads
When you visit our website in the United Kingdom, we use the Microsoft Advertising service provided by Microsoft Ireland Operations Limited (Ireland/EU) (formerly Bing Ads). Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us deliver targeted ads via the Microsoft Bing search engine. Microsoft Advertising uses cookies for this purpose. Personal data is processed in the form of online identifiers (including cookie IDs), IP addresses, device IDs, and information about device and browser settings.
Microsoft Advertising collects data via UET that we can use to track target groups using remarketing lists. To do this, a cookie is stored on the device used when visiting our website. Microsoft Advertising can thus recognize that our website has been visited and display an advertisement when Microsoft Bing or Yahoo is used at a later date. The information is also used to generate conversion statistics, i.e., to record how many users have visited our website after clicking on an ad. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information that can be used to personally identify users.
Further information on these processing activities, the technologies used, the data stored, and the storage period can be found in the settings of our consent management tool. Processing only takes place with your consent in accordance with Art. 6 (1) (a) GDPR and can be revoked at any time with effect for the future.
You can also disable personalized advertising at Microsoft at: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/personalisierte-anzeigen.
For more information on data protection at Microsoft, please refer to Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement.
We use the so-called "Meta Pixel" from Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, to create so-called "custom audiences." This serves the purpose of optimizing our advertisements on the social network Facebook or Instagram, displaying only relevant advertisements there, and measuring the success of our Facebook or Instagram advertising campaigns. Meta Pixel enables Facebook to identify visitors to our website as a target group for displaying advertisements on the Facebook social network.
When you visit the website, the Meta Pixel implemented on the website establishes a direct connection to the Facebook servers. This transmits to the Facebook server that you have visited our web pages, which pages you have viewed, and which ads you have clicked on in the Facebook social network. In addition, individual information and parameters are transmitted that are needed to optimize our advertisements, increase their relevance, and measure their success. If you are registered with a Facebook service, Facebook can assign the visit to your account. If you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying characteristics.
The legal basis for processing is your consent in accordance with Art. 6 (1) (a) GDPR.
Please also note that consenting to the use of Facebook may result in your data being transferred to the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and surveillance purposes, possibly without legal recourse. For more information about Facebook's collection and use of data, as well as your rights and options for protecting your privacy, please refer to Facebook's privacy policy at https://www.facebook.com/privacy/policy/.
You can revoke your consent at any time with future effect by adjusting the relevant settings in our consent management platform (which you can access at the bottom of the footer).
We use conversion tracking with LinkedIn Insights Tag, a tool from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland, on our website. For this purpose, the LinkedIn Insight Tag is integrated into our pages and a cookie is set on your device by LinkedIn. This informs LinkedIn that you have visited our pages, and your IP address is also recorded. In addition, timestamps and events such as page views are stored. This enables us to statistically evaluate the use of our website in order to continuously optimize it. For example, we can find out which LinkedIn ad or interaction on LinkedIn brought you to our website. This allows us to optimize the display of our advertising.
We have LinkedIn deliver our ads to target groups. We determine within the campaign planning which criteria the target group should meet. We can choose from options such as location, company, age or gender, education, professional experience, and interests. In this context, we do not process any personal data of members and do not have access to this data.
The legal basis for this processing is your consent in accordance with Art. 6 (1) (a) GDPR.
Please also note that consenting to LinkedIn Insight Tag may result in your data being transferred to the US. The US is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and surveillance purposes, possibly without legal recourse.
Further information on conversion tracking can be found at https://business.linkedin.com/de-de/marketing-solutions/conversion-tracking. Please note that the data may be stored and processed by LinkedIn, enabling it to be linked to the respective user profile and allowing LinkedIn to use the data for its own advertising purposes. For more information, please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy.
You can revoke your consent at any time with future effect by adjusting the relevant settings in our consent management platform (which you can access at the bottom of the footer). You can also prevent LinkedIn from analyzing your usage behavior and displaying interest-based recommendations at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Purposes of processing and legal basis(es):
Please note all of the following processing operations that may take place in the context of the event.
Registration
You have the option of registering for the HEIDELBERG Media Library to gain access to interesting content. In doing so, we collect the following personal data from you: title, email address, last name, first name, company, job title, number of employees, city, language, country. The Media Library portal can be accessed at medialibrary.heidelberg.com (formerly "Innovationweek 2021").
The relevant contact details collected during your visit to the Media Library, as well as your interest in our products and services, will be forwarded to the relevant state or sales company. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR; use of this service is voluntary.
Confirmation of email address (double opt-in) and email communication
To complete the registration process, it is necessary to confirm your registration. For this purpose, a confirmation email will be sent to the email address provided during registration. This email contains a link that can be used to confirm and complete the registration. The system used stores the date and time of registration and confirmation.
The email address will then also be used to send emails containing information.
Video and streaming
In the HEIDELBERG Media Library, we provide you with some video content on demand at medialibrary.heidelberg.com.
For this purpose, we use plugins from youtube.com. These are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit Heidelberg Druckmaschinen AG websites that contain such plugins, a connection to YouTube servers is established and the plugin is displayed on the website by notifying your browser. This results in cookies being stored on your computer (VISITOR_INFO1_LIVE, VISITOR_PRIVACY_METADATA, YSC). Furthermore, the YouTube server is informed which of our websites you have visited. If you are logged in as a member of YouTube, YouTube assigns this information to your personal user accounts on these platforms. When you use these plugins, e.g. by clicking the start button to play a video or audio file or when sending a comment, this information is assigned to your YouTube user account. You can prevent this by logging out of YouTube before calling up the file or sending a comment.
The legal basis is our contractual obligation under Art. 6 (1) (b) GDPR to provide the participant with the contractually agreed services.
For information on the purpose and scope of data collection and use by Google, as well as your rights and settings options for protecting your privacy as a YouTube user, please refer to YouTube's privacy policy.
Cookies
We also use cookies on our media library page. For cookies that are not technically necessary, e.g., Google Analytics 4, we request your voluntary consent via our content management solution ("cookie banner"). This consent is voluntary and can be revoked at any time. Further information about the processing of the online event page, Google Analytics 4, and cookies can be found in the respective section.
Use of contact data for advertising purposes in the legitimate interest
We process the contact details and interests collected during registration for advertising purposes on the legal basis of Art. 6 (1) (f) GDPR in conjunction with Recital 47 GDPR. It is in our legitimate interest to hold events to generate contact details of interested parties.
The relevant contact details collected during the event, as well as interest in our products and services, are forwarded to the respective state or sales company. Processing takes place in our CRM program, as well as in our email and telecommunications systems.
Please note the right to object to processing for direct marketing purposes, which you will find in the "Rights" section.
Use of contact data for advertising purposes with consent
In Germany, we require your voluntary consent to use certain contact channels, such as telephone and email, for advertising purposes. This consent is requested during registration or in the course of the event. Consent pursuant to Art. 6 (1) (a) GDPR is voluntary and can be revoked at any time.
If consent for promotional contact is given by email, you will be given the opportunity to confirm this email via double opt-in before it is used.
Other processing within the scope of legitimate interest
Personal data may be processed within the scope of legitimate interests (Art. 6 (1) (f) GDPR) for the purpose of asserting, exercising, or defending legal claims or damages. In individual cases, this may also require disclosure to necessary third parties. Information on the right to object in individual cases can be found in the section on your rights as a data subject.
We use a platform to manage consent. This service allows you to decide which of the various services available on our websites (that involve the processing of personal data) you wish to use only on the basis of consent. It also enables us to document your consent to data processing and to provide the legally required proof thereof. Your declaration applies to all our websites and apps.
The following data is processed:
The legal basis for processing is Art. 6 (1) (f) GDPR in conjunction with Art. 7 (1) GDPR.
Recipients or categories of recipients of personal data:
Only authorized employees and commissioned service providers and their subcontractors have access to the data of the HEIDELBERG Media Library and the associated services. If commissioned service providers have access to personal data and this constitutes order processing, an order processing agreement has been concluded with the service providers, which also takes into account regulations for possible subcontractors.
Other processing within the scope of legitimate interest
For other processing within the scope of legitimate interest, personal data may be disclosed to judicial authorities, public authorities, legal representatives, insurance companies, and necessary companies, e.g., Internet providers.
Intention to transfer data to third countries or international organizations:
The relevant contact details collected during registration in the HEIDELBERG Media Library, as well as interest in our products and services, will be transmitted to the respective competent state or sales company.
Beyond the above-mentioned processing, the controller will not transfer participant data to a third country or other international organization unless this is necessary for processing, the participant is based there or operates corresponding devices or services for communication there, or routing takes place for technical reasons over which we have no influence.
Duration or criteria for the duration of storage:
We provide you with new content at regular intervals in the HEIDELBERG Media Library. If you wish to delete your account, your data will be deleted after the statutory retention periods have expired. Data transmitted to our CRM system and Google Analytics 4 remains unaffected by this.
The data of participants will be processed for advertising purposes until the data subject objects or the purpose of the advertising use ceases to apply. In individual cases, longer storage may be necessary for legitimate interests (Art. 6 (1) (f) GDPR).
Regarding further data storage: All information is stored for three years after the end of processing. The legal basis for this is our obligation to document compliance with data protection requirements in accordance with Art. 6 (1) (c) GDPR in conjunction with Art. 5 (2) and Art. 24 GDPR, combined with our legitimate interest in proving compliance with the requirements under Art. 6 (1) (f) GDPR in conjunction with § 41 of the German Federal Data Protection Act (BDSG) and § 41 (2) No. 1 of the German Administrative Offenses Act (OWiG). The platform is operated by our processor, event it AG, Pelikanplatz 7-9, 30177 Hanover, Germany.
Automated decision-making:
There is no automated decision-making in individual cases, including profiling, in accordance with Art. 22 GDPR.
Google Analytics 4
Within the protected Media Library platform (formerly "Innovation Week"), we use Google Analytics 4 for the purpose of performing our contractual obligations in accordance with Art. 6 (1) (b) GDPR and additionally use and evaluate the collected data in order to offer you interesting content on our site and to enable personalized support. Outside the protected area, we only use Google Analytics 4 with your consent, which you can revoke at any time, in accordance with Art. 6 (1) (a) GDPR.
Google Analytics 4 is a web analytics service provided by Google Ireland Ltd. ("Google"). Google Analytics 4 uses cookies that enable an analysis of your use of our websites. In this context, our processor Google creates pseudonymized usage profiles and uses cookies. For more information about Google Analytics 4 and the cookies used, please refer to the section on marketing cookies.
Cookies used
Name: evesessid
Provider: Event it
Description: Used to obtain or set the session ID for the current session.
Storage period: Expires after the session
Name: srv_id
Provider: Event it
Description: Used to manage the user session on the server side.
Storage duration: Expires after the session
Name: eveprotect
Provider: Event it
Description: Used to defend against various attack scenarios on the web.
Storage duration: Expires after the session
On our website, you can sign up for newsletters, white papers, and competitions from HEIDELBERG.
By giving your consent, you have confirmed that we may send you our newsletter or white paper, or that you would like to participate in the competition and that we may contact you for this purpose and for advertising purposes.
When you register, we collect your first and last name and your email address. In addition, you can voluntarily provide the following information: country, company, position. The data you provide will not be used for any other purposes.
The legal basis for the processing of your personal data is your consent in accordance with Art. 6 (1) (a) GDPR.
Your data will not be passed on to third parties.
Your data will be stored until the purpose has been fulfilled; in the case of your consent, this ends with your revocation.
If you participate in one of our surveys, we will process your answers anonymously or pseudonymously, as far as possible. If personal data is collected (e.g., for queries or competitions), this is done on the basis of your consent (Art. 6 (1) (a) GDPR) or for the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR).
We process the data exclusively for the purpose of analyzing the results and improving our offers and, if applicable, for conducting a competition. We do not pass on your data to third parties.
Your data will be deleted as soon as the purpose has been fulfilled and there are no legal retention obligations or these have expired.
If you use our contact form, the data you enter (e.g., name, email address, message) will be processed for the purpose of handling your inquiry. Depending on the content of the request, processing is carried out on the basis of Art. 6 (1) (b) GDPR (pre-contractual/contractual measure) or Art. 6 (1) (f) GDPR (legitimate interest).
We do not pass on your data to third parties.
Your data will be deleted as soon as it is no longer required for processing your request, unless statutory retention periods prevent this. In this case, the data will be deleted after the retention period has expired.
In connection with visits by customers, suppliers, visitors, and other external parties to our locations, we collect personal data for access control and security on the premises, for documenting visits (e.g., for security or verification purposes), for compliance with legal requirements, and, if necessary, for implementing health and safety measures (e.g., visitor briefing/safety instruction). In this context, we collect your first and last name, the date of your visit, the company you work for, the name of the contact person at our company, and your vehicle registration number.
The provision of your data is necessary for security reasons in order to grant you access to our sites. Without this data, a visit is generally not possible.
This is based on the legal basis of contract fulfillment when customers or suppliers enter our location (Art. 6 (1) (b) GDPR), legitimate interest (Art. 6 (1) (f) GDPR) to ensure the security of the locations and the people working there, and to fulfill legal obligations (Art. 6 (1) (c) GDPR).
Personal data is passed on to internal departments and external service providers who are responsible for plant security, insofar as this is necessary for the provision of the relevant services. Data is only passed on to authorities with the consent of the person concerned or if there is a legal obligation to do so.
The master data collected during registration is stored for a period of 15 months. Access data logged by the access system is stored for a maximum of six months and then deleted. Documentation on the transport of dangerous goods is kept for a period of 5 years and then deleted.
There are no plans to transfer personal data to countries outside the European Economic Area. Automated decisions, including profiling, do not take place during registration.
What personal data do we process, for what purpose, on what legal basis, and for how long?
In connection with and for the purpose of using the LMS, users' personal data is processed automatically, namely company, country, first name, last name, email address, user name, learning modules assigned and completed by the user or by an administrator. These categories of data are necessary for the authentication of the learner, for planning and for the traceable learning progress by the respective responsible internal employee or administrator.
After 5 years following registration, both the technical account data and the contents of the account are deleted. If the user has been active in the system within this period, the processing of this data is extended by a further 12 months.
This follows the legal basis of Art. 6 (1) (b) GDPR.
Logging of system data and storage of IP addresses
When using the website, the IP address of the accessing client, date and time, the page accessed, status codes, and browser identification are stored in the web server log files to ensure operational security. This is based on the legal basis of Art. 6 (1) (f) GDPR. Our legitimate interest is to check web traffic and to record and evaluate possible access and performance problems. This data is processed for 30 days as standard.
Log data is collected and stored for the purpose of optimizing the service and for technical reasons, such as error analysis. This data logs user behavior during operation. They may contain personal data, such as user IDs and other personal data (e.g., user data, organizational data, notifications) from requests or responses from/to other system components. They are used to maintain the service and to detect and correct error states.
This is based on the legal basis of safeguarding the legitimate interests of the controller or a third party in accordance with Art. 6 (1) (f) GDPR. Our legitimate interest is to optimize and maintain operations.
This data is processed for 30 days after collection as standard and then deleted.
Setup, access, and operation of the HEIDELBERG account (authentication)
A HEIDELBERG account is required to register with the LMS. The authentication service is used on the basis of the terms of use and privacy policy of the HEIDELBERG account.
Email notifications as part of registration
To complete the registration process, it is necessary to confirm the registration. For this purpose, a confirmation email is sent to the email address provided during registration. This email contains a link that can be used to confirm and thus complete the registration. The system used stores the date and time of registration and confirmation for this purpose.
The legal basis for these notifications is based on Art. 6 (1) (b) GDPR, the fulfillment of a contract.
This data is processed for 30 days after collection and then deleted.
Further system messages
We would also like to inform you by email about relevant events, such as planned maintenance, changes, and new or modified functions or conditions.
The legal basis for these notifications is based on Art. 6 (1) (b) GDPR, the fulfillment of a contract.
This data is processed for 30 days after collection by default and then deleted.
Support
If users request support from us or the locally responsible state and sales company or sales partner, the necessary data will be processed on the legal basis of Art. 6 (1) (b) GDPR. Within the scope of this contract fulfillment or preparatory measures for the contract at the request of the person concerned, data may be passed on to external service providers, e.g., hosting providers, software providers, IT specialists, in individual cases.
This data is processed for 30 days after collection as standard.
Transport encryption
The transmission of data between the user's device and the LMS is encrypted using TLS/SSL in accordance with the current state of the art.
This data is processed for 12 months after collection as standard and then deleted.
Provision of learning content
In the LMS, we – together with other Group companies – provide our external partners with various training materials (online modules, image, video, and audio recordings, etc.) in connection with the performance of technical services for the purpose of training and further education on a global level. The main purpose is to impart technical knowledge with the aim of providing the best possible professional technical services to our employees and customers. These are predominantly technical, legal, and methodological topics (e.g., methods of knowledge transfer and training design) for HEIDELBERG's product and service portfolio.
The following personal data is processed for the provision of learning content in the LMS: name, email address, course participation, test results (if required for successful participation).
The required data is processed on the legal basis of Art. 6 (1) (b) GDPR.
This data is processed for 12 months after collection as standard and then deleted.
Conducting face-to-face training
Face-to-face training courses are trainer-led training courses that can be conducted either physically, i.e., on site, or online.
For on-site training courses, personal data is processed in the LMS prior to and after the training course as part of the registration process. In addition to the data listed under "Data processing when using the LMS" (see above), the participant's attendance is also recorded ("attended"; "did not attend"; "attended partially").
Online training courses are conducted via "Teams." The web server for operating the online training courses is technically operated by Microsoft. The participant's name, email address, and attendance ("attended"; "did not attend"; "partially attended") are processed.
Five years after registration, both the technical account data and the contents of the account will be deleted. If the user has been active in the system within this period, the processing of this data will be extended for a further 12 months.
This is based on the legal basis of Art. 6 (1) (b) GDPR.
Provision of billing data
For the purpose of invoicing for the training course booked, we process your participant data (name, email address, company) and pass it on to the relevant internal departments for invoice verification and controlling or to the group companies.
The necessary data will be processed on the legal basis of Art. 6 (1) (b) GDPR.
This data is processed for a standard period of 10 years after the end of the calendar year in which the invoice is issued and then deleted.
Reporting
For the purpose of continuous training planning for the entire HEIDELBERG Group and for planning regarding the design of the platform, user and license management, we regularly carry out internal reporting. The following personal data is processed in this context: name, email address, company, training title.
This data is processed for 12 months after collection as standard and then deleted.
Feedback (request and evaluation)
For the purposes of planning and quality assurance, we and/or a group company request your feedback. In the context of face-to-face training, participants can take part in a paper-based evaluation.
Data that you as a user transmit as personal data in the context of communication and telecommunications is processed for the purpose of processing. The legal basis for this is Art. 6 (1) (b) GDPR. In addition to the data transmitted directly by users, messages and communication processes contain metadata, such as the email address and IP address used, and the date and time of processing.
This data is processed for 30 days after the training as standard.
What data do we process and for what purpose
In fulfilling the concept customer agreement, we process the following data for the agenda, meeting minutes, and for organizing hospitality before and after the concept customer meeting: last name, first name, company, company address, business telephone number, and business email address.
We also process this data for the purpose of conducting internal compliance checks with regard to compliance with internal guidelines and legal requirements.
You are not obliged to provide the listed data for the purposes stated.
Legal basis for processing
We process your personal data for the purposes listed above on the basis of the following provisions:
The legal basis for the processing of your personal data for the purpose of executing the concept customer agreement is the fulfillment of the contract in accordance with Art. 6 (1) (b) GDPR.
The legal basis for storing your data as proof of hospitality expenses is our legal obligation under Art. 6 (1) (c) GDPR in conjunction with tax law provisions that require us to retain such data.
The legal basis for the processing of your personal data for the purpose of conducting internal compliance checks with regard to compliance with internal guidelines and legal requirements is Art. 6 (1) (c) GDPR in connection with Sections 299 and 300, in connection with Section 78(3)(3), 4 in conjunction with Section 78a of the German Criminal Code (StGB), Section 130 of the German Administrative Offenses Act (OwiG), Section 309 in conjunction with Section 57 of the Austrian Criminal Code (ÖStGB), Section 7(1) and Article 11 of the UK Bribery Act, and Article 322 et seq. of the Swiss Criminal Code (ChStGB).
Disclosure of data and transfer of data to a third country
Internal disclosure:
Participant data is disclosed to the departments responsible for content in order to prepare and carry out the event and to organize the topics.
Transfer to third parties:
For the purpose of the organizational and technical implementation of a concept customer meeting, your data will be disclosed to third parties, as this is necessary for the smooth running of the event. External service providers are involved, for example, for the following services:
In order to assert and defend legal claims, your data may need to be passed on to third parties such as insurance companies, courts, and authorities.
Duration of data processing
All data relating to the fulfillment of the contract will be processed for the duration of the concept customer agreement and for 10 years after the end of the event.
We delete data whose processing is based on your consent after 3 years or after your revocation.
If necessary, for example to assert or defend legal claims, we may also store your data for longer.
Virtual Workspace
The Virtual Workspace is a virtual workplace that enables users to access Heidelberg's virtual working environment without HEIDELBERG PC hardware.
The entity responsible for data protection in connection with the Virtual Workspace is Heidelberger Druckmaschinen AG, Kurfürsten-Anlage 52-60, 69115 Heidelberg, Germany.
Your user and log data are processed in order to manage your user account and grant you access, to enable communication from HEIDELBERG to your device, and for the purposes of usage and security analysis. Your data will be stored for 30 days for these purposes.
The legal basis for the processing of your personal data is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. HEIDELBERG has a legitimate interest in providing secure and stable access for employees and external parties without the provision of HEIDELBERG hardware.
Your personal data may be transferred to the following categories of recipients:
Internally: Employees from the areas of information security, internal audit, information technology (Operation Team and Azure Global Administrators);
External: Service providers in the field of software and IT infrastructure and service providers in the field of endpoint security services. This may also involve the transfer of personal data to third countries (see "Transfer to third countries or to an international organization").
HEIDELBERG processes participants' personal data in connection with our on-site and online events (e.g., Prinect Days, webinars, training courses).
We collect and process the following personal data for the purpose of conducting and organizing the event: first and last name, email address, company, country, position. For online events, additional technical usage data such as IP address and device information is also processed.
Your data is processed exclusively for the purpose of organizing and conducting the event, communicating with participants, providing information about the event, and issuing certificates of attendance (for training courses).
Registration is carried out either by one of our employees on behalf of our customer or independently by you. The data you provide is collected and processed exclusively for the further organization and implementation of the event.
We use the following services for online events:
In doing so, personal data may also be transferred to third countries (e.g., the USA). Microsoft and GoTo process data on our behalf in accordance with Art. 28 GDPR. We have concluded appropriate data processing agreements with both processors and have put in place suitable safeguards in accordance with Art. 46 GDPR (e.g., EU standard contractual clauses).
Further information on processing by the providers can be found at
Photos and video recordings may be made during the events. These are used for documentation and public relations purposes and may be published on our website and on social media (LinkedIn, XING, YouTube, Facebook, Instagram).
The legal basis for the production and publication is our legitimate interest pursuant to Art. 6 (1) (f) GDPR, unless consent is obtained in individual cases pursuant to Art. 6 (1) (a) GDPR.
If you do not wish to be recorded, please inform us on site or before the start of the digital event.
Your data will only be stored for as long as is necessary for the above-mentioned purposes or for as long as the statutory retention periods apply.
HEIDELBERG maintains an online presence on the social network Facebook in order to communicate with customers, interested parties, and users active on that platform and to inform them about our services. When you visit our Facebook fan page, Facebook processes your personal data. We would like to point out that this data processing may take place outside the European Union. Processing is based on joint responsibility in accordance with Art. 26 GDPR between Facebook Ireland Ltd. and HEIDELBERG. For more information about data processing by Facebook and your rights as a data subject, please refer to Facebook's privacy policy at: https://www.facebook.com/privacy/policy. HEIDELBERG does not have full access to the data processed by Facebook, but only receives aggregated evaluations (e.g., page statistics). To exercise your rights as a data subject, we recommend that you contact Facebook directly. Of course, you can also contact us—we will then forward your request.
HEIDELBERG operates a company page (known as an "Instagram profile") on the Instagram platform, which is provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When you visit our profile, Meta processes users' personal data, in particular to compile usage statistics (insights) and to display personalized content. The processing is based on joint responsibility in accordance with Art. 26 GDPR. For more information about data processing by Meta and your rights as a data subject, please refer to the Instagram Privacy Policy at: https://privacycenter.instagram.com/policy. HEIDELBERG only receives anonymized statistical evaluations from Meta and has no access to the personal data of individual users. To assert your data protection rights, we recommend that you contact Meta directly. We will be happy to assist you and forward your request.
HEIDELBERG operates a company page on the LinkedIn platform, which is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. When you visit our LinkedIn page, LinkedIn processes users' personal data, in particular to compile page statistics and provide personalized content. Processing is based on joint responsibility in accordance with Art. 26 GDPR. For more information about data processing by LinkedIn and your rights as a data subject, please refer to LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy. HEIDELBERG receives only aggregated and anonymized evaluations of the use of the page from LinkedIn. To exercise your data protection rights, we recommend that you contact LinkedIn directly. Of course, you can also contact us—we will be happy to assist you with your request.
HEIDELBERG operates a company profile on the XING platform, a service provided by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. When you visit our XING profile, XING processes users' personal data, in particular to analyze user behavior and provide information about reach and interactions. Processing is based on joint responsibility in accordance with Art. 26 GDPR. For more information about data processing by XING and your rights as a data subject, please refer to XING's privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung. HEIDELBERG only receives anonymized statistical evaluations from XING and has no access to the personal data of individual users. To assert your data protection rights, please contact XING directly. We will be happy to assist you with your request.
We offer you the opportunity to take a virtual tour of the HEIDELBERG training center. Clicking on the link will take you to the virtual tour, which is provided on the vr-easy.com website. The operator and responsible party for the website is VR-EASY GmbH, Eisenbahnstr. 92/93, 16225 Eberswalde, Germany. HEIDELBERG has no access to data processed on vr-easy.com.
The legal basis for processing is your consent in accordance with Art. 6 (1) (a) GDPR.
Further information on the data protection provisions of VR-EASY GmbH can be found at https://vr-easy.com/platform/p3_datenschutzerklaerung_de.html.
You can find VR-EASY GmbH's cancellation policy at https://vr-easy.com/platform/p4_widerruf_de.html
HEIDELBERG participates in Girls and Boys Day and would like to give young people the opportunity to gain insight into technical professions. As part of this, we process personal data from students and their legal guardians for the purpose of organizing and carrying out the event.
We require and process the following data for participation: first and last name of the participant, name of the legal guardian employed by the company, department within the company, internal telephone number, private telephone number, work and private email address.
In addition, photos and videos may be taken during the event.
The data will be processed exclusively for the purpose of planning and implementing Girls' and Boys' Day, communicating with participants and their legal guardians, and for public relations purposes.
We process the data on the basis of the following legal grounds:
Participation in Girls and Boys Day and the taking of photos and videos is only permitted with the express written consent of the legal guardians. This consent can be revoked at any time with effect for the future.
Provided that the relevant consent has been given, the photos and video recordings made during Girls and Boys Day may be published for documentation and reporting purposes on the company website, intranet, social media (LinkedIn, XING, Facebook, Instagram), and in print media.
The data will only be stored for as long as is necessary for the implementation and follow-up of the event day or until consent is revoked. Otherwise, the statutory retention periods apply.
HEIDELBERG customer portal and associated apps
Data protection information for applicants
Last review: November 2025
Social media