Privacy Policy
We, at heo GmbH, take the protection of your personal data very seriously and adhere strictly to the rules of data protection laws. Personal data is collected on this website only to the technically necessary extent. Under no circumstances is the collected data sold or disclosed to third parties for any other reasons. The following declaration gives you an overview of how we ensure this protection and what type of data is collected for which purpose.
Name and address of the responsible body
The point of contact and so-called responsible body for the processing of your personal data when you visit this website within the meaning of the EU General Data Protection Regulation (GDPR) is heo GmbH (hereinafter referred to as “heo”, “we” or “us”)
West Campus 1
76863 Herxheim
info@heo.com
You can also contact our Data Protection Officer at any time for all questions concerning the topic of data protection in connection with our products or the use of our website.
JS Jursearch GmbH
Eichborndamm 167
13403 Berlin
Germany
info@jursearch.de
1. Access data and hosting
You can visit our pages without providing any personal information. During every visit of a website, the web server automatically saves a so-called server log file which contains, for example, the name of the requested file, your IP address, date and time of the visit, the amount of data transmitted and the requesting provider (access data) and documents the visit. This access data is evaluated exclusively for the purpose of ensuring smooth operation of the site and improving our offer. Pursuant to art. 6 para. 1 clause 1 lit. f GDPR, this serves for the protection of our legitimate interests in the proper presentation of our offer that are overriding in the balancing of interests. All access data is deleted no later than 40 days after the end of your visit to the site.
Third-party hosting services
Within the framework of processing on our behalf, a third-party provider provides the hosting and presentation services for our website. This serves for the protection of our legitimate interests in the proper presentation of our offer that are overriding in the balancing of interests. All data collected within the scope of the use of this website or in forms provided in the online shop as described below is processed on its servers. Processing on other servers takes place only within the framework explained here.
This service provider is located in a country of the European Union or the European Economic Area.
2. Contact and interaction
When you contact us (via the contact form or by e-mail), your information is processed for the processing of the contact request and its handling through the support and ticket system “Freshdesk” of the provider Freshworks GmbH (hereinafter referred to as “Freshworks”), Alte Jakobstraße 85/86, Hof 3, Haus 6, 10179 Berlin, Germany. For customers and for the initiation of the contract, we process the data pursuant to art. 6 para. 1 lit. b) GDPR. If you are not a customer or the request does not lead to the conclusion of a contract, the processing pursuant to art. 6 para. 1 lit. f) GDPR will be based on our legitimate interests (efficient and fast processing of user requests).
The information recorded by Freshworks is processed on various servers, some of which are located in the USA. Freshworks is certified for the EU-US-Privacy-Shield, i.e. for users in Europe, Freshworks must comply with a privacy standard, which is considered by the European Commission as being comparable to the European standard. More information about the Privacy-Shield status of Freshworks can be found here.
The Freshworks data protection regulations can be found here.
The data collected by us will be deleted after complete processing of your request, unless we still need your request for the fulfilment of contractual or legal obligations.
3. Data collection and use for contract processing and when opening a customer account
We collect personal data when you voluntarily provide it to us in connection with your order, when contacting us (e.g. via the contact form or by e-mail) or when opening a customer account. Mandatory fields are marked as such, since, in these cases, we absolutely require the data for contract processing or for processing your contact or opening of the customer account, and you cannot complete the order or the account opening or cannot send the contact without providing this information. Which data is collected can be seen from the respective input forms. We use the data provided by you pursuant to art. 6 para. 1 clause 1 lit. b GDPR for contract processing and processing your requests. After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the storage periods under tax and commercial law, unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration. The deletion of your customer account is possible at any time and can take place either through a message to the contact option described below or via a function provided for this purpose in the customer account.
4. Data transfer
For contract fulfilment pursuant to art. 6 para. 1 clause 1 lit. b GDPR, we disclose your data to the shipping company commissioned with the delivery as far as this is necessary for the delivery of the ordered products. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for the processing of payments to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account there. In this case, you must log in with the payment service provider with your access data during the ordering process. The Privacy Policy of the respective payment service provider will apply in this regard.
The same will apply for the disclosure of data to our manufacturers or wholesalers in cases, where they take over the shipping for us (drop shipment).
We use payment service providers and shipping providers, which have their registered office in a country outside of the European Union. The transmission of personal data to these companies takes place only to the extent necessary for contract fulfilment.
Disclosure of data to shipping providers
If you have given your explicit consent for this during or after your order, we will disclose your e-mail address and telephone number to the selected shipping provider based on this consent pursuant to art. 6 para. 1 clause 1 lit. a GDPR, so that it can contact you before delivery for the purpose of delivery notification or coordination. The consent can be revoked at any time by sending a message to the contact option described below or directly to the shipping provider at the following contact address. Upon revocation, we will delete your data provided for this purpose, unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
DHL Express Germany GmbH
Sträßchensweg 10
53113 Bonn
DPD Deutschland GmbH
Wailandtstraße 1
63741 Aschaffenburg
UPS Europe SPRL/BVBA
Avenue Ariane 5
1200 Brussels Belgium
FedEx Express Germany GmbH
Langer Kornweg 34 k
65451 Kelsterbach
GO EXPRESS & LOGISTICS (AUSTRIA) GMBH
Teinfaltstr. 8
1010 Vienna
Schenker Deutschland AG
Lyoner Straße 15
60528 Frankfurt am Main
DACHSER SE
Thomas-Dachser-Str. 2
87439 Kempten
5. E-mail newsletter and postal advertising
E-mail advertising with registration for the newsletter
If you subscribe to our newsletter, we will use the data required or separately provided by you for this purpose to regularly send you our e-mail newsletter based on your consent pursuant to art. 6 para. 1 clause 1 lit. a GDPR.
Unsubscribing from the newsletter is possible at any time and can take place either through a message to the contact option described below or via a link provided for this purpose in the newsletter. Upon unsubscribing, we will delete your e-mail address, unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
The newsletter will be sent as part of the processing on our behalf by a service provider, to whom we disclose your e-mail address for this purpose.
This service provider is located in a country of the European Union or the European Economic Area.
6. Use of data for payment processing
Credit assessment
If we make deliveries before payment, e.g. in case of a purchase on account, it is necessary for the conclusion of the contract pursuant to art. 22 para. 2 lit. a GDPR to obtain identity and credit information from specialised service providers (credit agencies). For this purpose, we will transfer your personal data that is needed for the credit assessment to the following company(ies):
Coface
Isaac-Fulda-Allee 1
55124 Mainz
While doing so, we take appropriate measures to protect your rights, freedoms and legitimate interests. You can contact at the contact option described below to submit your opinion and contest the decision. After complete processing of the contract, your data processed for this purpose will be deleted unless you have explicitly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
7. Cookies and web analysis
We use so-called cookies on various pages to make the visit to our website attractive and to enable the use of certain functions, to display suitable products or for market research purposes. This serves for the protection of our legitimate interests in the optimised presentation of our offer that are overriding in the balancing of interests pursuant to art. 6 para. 1 clause 1 lit. f GDPR. Cookies are small text files that are automatically saved on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser during your next visit (persistent cookies). You can see the duration of storage in the overview in the cookie settings of your web browser. You can set your browser in such a way that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:
Edge™
Safari™
Chrome™
Firefox™
Opera™
If cookies are not accepted, the functionality of our website may be limited.
Use of Google Analytics for web analysis
This website uses Google Analytics, a web analysis service by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Analytics uses cookies and similar technologies to help us analyse and improve our website based on your user behaviour. Google may transfer the data collected in this context to a server in the USA for evaluation and store it there. If personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield. However, your IP address is truncated before the usage statistics are evaluated so that no one can draw conclusions on your identity. For this purpose, Google Analytics has been extended on our website by the code “anonymizeIP” to ensure anonymous collection of IP addresses.
Google will process the information obtained through cookies in order to evaluate your use of the website, to compile reports on website activities for website operators and to provide other services related to the website usage and Internet usage.
You can configure your browser as explained above, so that it rejects cookies, or you can prevent the collection of data generated by cookies and related to your use of our websites in the cookie settings of Google’s privacy policy. Alternatively, you can also prevent the processing of this data by Google by downloading and installing the browser add-on
provided by Google (the latter does not work on mobile devices).
As an alternative to the browser plug-in, you can click this link to prevent the collection by Google Analytics on this website in the future. This stores an opt-out cookie on your end device. If you delete your cookies, you must click the link again.
More information can be found in the privacy policy of Google Analytics.
Google reCAPTCHA
For the purpose of protection against misuse of our web forms as well as against spam, we use, as part of some forms on this website, the Google reCAPTCHA Service from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). By verifying a manual input, this service prevents automated software (so-called bots) from carrying out abusive activities on the website. Pursuant to art. 6 para. 1 clause 1 lit. f GDPR, this serves for the protection of our legitimate interests in the protection of our website against misuse as well as smooth presentation of our online presence that are overriding in the balancing of interests.
By means of a code embedded in the website, a so-called JavaScript, Google reCAPTCHA uses methods as part of the verification that allow analysis of your use of the website, for example cookies. The automatically collected information about your use of this website, including your IP address, is usually transmitted by Google to servers in the USA and stored there. In addition, other cookies stored by Google services in your browser are evaluated by Google reCAPTCHA.
Personal data is not read out or stored from the input fields of the respective form. Google is certified under the EU-US-Privacy Shield. A current certificate can be checked here. Based on this agreement between the USA and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield. You can prevent the collection of the data generated by the JavaScript or the cookie and data related to your use of the website (including your IP address) as well as the processing of this data by Google, by preventing the execution of JavaScripts or the placement of cookies in your browser settings. Please note that this may limit the functionality of our website for your use.
More information on Google's privacy policy can be found here.
Google fonts
The “Google Fonts” script code from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google) is integrated into this website. This serves for the protection of our legitimate interests in the uniform presentation of the contents on our website that are overriding in the balancing of interests pursuant to art. 6 para. 1 lit. f GDPR.
In this context, a connection is established between the browser you are using and the Google servers. Google thus knows that our website was accessed through your IP address. Google is certified under the EU-US-Privacy Shield. A current certificate can be checked here. Based on this agreement between the USA and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.
More information on the data processing by Google can be found in the data protection notices of Google.
8. Cookies for online advertising
We use cookies and comparable technologies even for advertising purposes. Some of the access data obtained when you are using our website is used for interest-based advertising. By analysing and evaluating this access data, we are able to present you with personalised advertising on our website and on the websites of other providers. This means you receive advertising that corresponds to your actual interests and needs. The legal basis for the data processing described in the following section is art. 6 para. 1 clause 1 lit. f GDPR based on our legitimate interest in providing you with personalised advertising.
In the following section, we want to explain more about these technologies and their providers.
In particular, the data collected may be
- the IP address of the device,
- the date and time of access,
- the identification number of a cookie,
- the device identifier of mobile devices,
- technical information about the browser and the operating system.
However, the collected data is stored exclusively in an anonymised form so that no direct conclusions can be drawn about the persons.
You can deactivate the option of storing these cookies at any time in the system settings of your browser and delete existing cookies. Furthermore, there are extensions/plug-ins for browsers that prevent the placement of cookies. Each user can also view the offer without cookies. However, if you do not accept cookies, this may restrict the functionality of our offer. In the following descriptions of the technologies used by us, you will find information on the possibilities of opting out of our analysis and advertising measures by means of a so-called opt-out cookie. Please note that after deleting all cookies in your browser or later using another browser and/or profile, an opt-out cookie must be placed again.
In the following, we describe the possibilities of opting out of our analysis and advertising measures. Alternatively, you can exercise your opt-out through appropriate settings on the websites of Digital Advertising Alliance or European Interactive Digital Advertising Alliance (EDAA), which provide bundled opt-out options for many advertisers. Both sites allow deactivation of all advertisements at once for the providers listed using opt-out cookies, or alternatively adjustment of the settings individually for each provider. On an iOS device, you can also use the “No Ad Tracking” setting; on an Android device, the “Disable Personalised Advertising” setting can be used to prevent interest-based advertisements from being displayed.
8.1 Google Ads
Our website uses Google Ads (formerly Google Adwords), a service from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Google uses cookies and similar technologies to show you advertisements that are relevant to you. The use of these cookies enables Google and its partner websites to place advertisements based on previous visits to our or other sites on the Internet. Google may transfer the data collected in this context to a server in the USA for evaluation and store it there. If personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield.
You have the option of setting advertising preferences. If these settings are restricted, no personalised advertisements will be placed. If you use these settings without a Google account, your advertising preferences will only be saved until you delete your cookies in the browser or end device.
Since only Google has access to your user data, we recommend that you contact Google directly if you wish to request information or have other questions about your rights as a user (e.g. the right to deletion).
As a registered user of Google, you here have the option of viewing your collected data or exporting it. Your Google account and associated data can be deleted here.
Furthermore, we recommend that you carry out the Google-provided privacy check, which you can perform through the activity settings and the setting for personalised advertising.
More information can be found in Google’s privacy policy.
9. Our online presence on Facebook, Google, Twitter, Instagram
Our presence on social networks and platforms serves for better and active communication with our customers and interested parties. There, we inform you about our products and ongoing special offers.
When you visit our online social media sites, your data may be collected and stored automatically for marketing research and advertising purposes. From this data, so-called usage profiles are created using pseudonyms. These can be used, for example, to place advertisements on and off the platforms that are likely to correspond to your interests. For this purpose, cookies are generally used on your end device. The visitor behaviour and the interests of users are stored in these cookies.
This privacy policy applies to the following pages / profiles:
Facebook:
https://www.facebook.com/UltimateGuardProtection
https://www.facebook.com/heoGroup
Twitter:
https://twitter.com/Ultimateguard
https://twitter.com/heoGroup
Instagram:
https://www.instagram.com/ultimateguard
https://www.instagram.com/heogroup
Youtube:
https://www.youtube.com/user/UltimateGuardVideos
9.1 Responsibilities
Information on the responsible body for subsequent processing within the meaning of the EU General Data Protection Regulation (GDPR) can be found in the first paragraph of this privacy policy. If there are shared responsibilities for any of our social media channels, you may check this information in the relevant paragraph.
9.2 Which data is collected and why do we collect this data?
We are present on various social media in order to be able to communicate with you and offer you our products. The providers of these media, who make these platforms available to us, collect and process personal data independently or jointly with us. heo processes your data independently only under certain conditions, even if this data is not collected by the provider of the social network. If heo shares your posts, responds to posts or messages, or independently creates posts and therein makes references to your account / profile, the data you publish in the respective social network, such as your user name, will be processed by heo and made accessible to other users associated with heo.
In the following paragraphs, we will inform you in more detail as to which of your data is processed in the respective social networks, what purposes this processing serves and how you can object to it. Subsequent processing is carried out on the basis of the legitimate interest pursuant to art. 6 para. 1 lit f) GDPR, unless otherwise specified in the respective paragraph. Further information about our handling of personal data can be found in heo’s privacy policy at: https://www.heo.com/de/de/privacy-policy
9.3 Rights of visitors and users
Since only the provider / operator of the respective social network has complete access to the user data, heo recommends that you contact the provider / operator directly if you would like to request information or have other questions about your rights as a user (e.g. the right to deletion). Further information and assistance can be found in the corresponding paragraphs of the social network. In case of questions or assertion of your rights to information, blocking or deletion of data, which is processed by heo, you can reach our Data Protection Officer under the aforementioned contact options.
9.4 Facebook and Instagram
The European Court of Justice (ECJ) decided in its judgement dated 5th June 2018 that the operator of a Facebook fan page is responsible for the processing of personal data jointly with Facebook.
By accessing or interacting with one of our Facebook fan pages / Instagram fan pages listed above, personal data will be processed by Facebook and heo.
heo is jointly responsible for the operation of these Facebook fan pages / Instagram fan pages with:
Facebook Ireland Ltd. (hereinafter referred to as “Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
heo is aware that Facebook processes the data of visitors and users of these Facebook fan pages / Instagram fan pages for the following purposes:
- Advertising (analysis, creation of personalised advertising)
- Creation of user profiles
- Market research
Facebook uses cookies to store and further process this information, whether or not you have a Facebook account / Instagram account. Cookies are regularly stored on your end device when visiting a Facebook fan page / Instagram fan page. If you have a Facebook profile / Instagram profile and are logged in to it or log in later, the storage and analysis also takes place across devices. The use of these cookies is decided by Facebook alone. heo has no influence on this.
More details on the use of cookies by Facebook can be found in the data policy and the cookie policy of Facebook as well as the privacy policy
and the cookie policy of Instagram.
Above all, cookies are placed to show you personalised advertising. This is done by showing you advertisements on Facebook and Instagram from Facebook’s advertising partners, whose websites you have previously visited. In addition, cookies make it possible to prepare statistics on the use of a Facebook fan page / Instagram fan page, so that Facebook and heo can understand the usage. heo only has access to the statistics of the Facebook fan pages / Instagram fan pages, which it has created itself.
The collection of your data through cookies in the context of the use of our Facebook fan pages / Instagram fan pages is not required by law or by contract. Also, this is not required for a contract to be concluded. Thus, there is no obligation to submit your data to Facebook. However, the non-submission of your data (e.g. by blocking cookies) has the consequence that we can show you the fan page only to a limited extent.
Through the cookies, your data may be passed on to Facebook Inc. in the USA. Facebook is certified for the EU-US-Privacy-Shield, i.e. for users in Europe, Facebook must comply with a privacy standard, which is considered by the European Commission as being comparable to the European standard. More information about the Privacy-Shield status of Facebook can be found here.
The transmission and further processing of your personal data to third countries, such as the USA, as well as the associated potential risks, cannot be ruled out by heo as the operator of the Facebook fan page / Instagram fan page.
Analysis of data
The so-called “Insights” of the Facebook fan page / Instagram fan page provide statistical data of different categories for heo. These statistics are generated and provided by Facebook. As a website operator, we have no control over the generation and display of this information. heo cannot prevent the generation and processing of this data. For a selectable period as well as for the categories fans, subscribers, persons reached and interacting persons, Facebook provides heo with the following data with reference to our Facebook fan page / Instagram fan page:
Total page views, likes, page activities, post interactions, reach, video views, post coverage, comments, shared content, responses, percentage of men and women, country and city origin, language, views, and clicks in the store, clicks on the route planner, clicks on phone numbers. Data on the Facebook groups linked to this Facebook fan page / Instagram fan page is also provided in this way. Due to the constant development of Facebook, the availability and processing of data changes; as a result, heo refers to the aforementioned Facebook privacy policy for further details.
heo uses this aggregated data to make the posts and activities of heo on this Facebook fan page / Instagram fan page more attractive to visitors and users. For example, heo uses the age and gender distributions for a customised contact and the preferred visiting times of visitors and users for optimised scheduling of posts. Information about the type of end devices used by users helps heo adapt the posts optically and structurally. According to the Facebook / Instagram Terms of Use, which each user has consented to when creating a Facebook profile / Instagram profile, heo can identify subscribers and fans of the page and view their profiles and other information shared by them.
Opt-out options
If you have a Facebook account, you have the option to set advertising preferences . If these settings are restricted, no personalised advertisements will be placed.
You can deactivate the option to store the cookies placed and the associated collection of your personal data at any time in the system settings of your browser and delete existing cookies. Furthermore, there are extensions/plug-ins for browsers that prevent the placement of cookies.
European users also have the option of preventing Facebook from placing cookies using the website of European Interactive Digital Advertising Alliance.
Rights of visitors and users
Since only Facebook has complete access to the user data, heo recommends that you contact Facebook directly if you wish to request information or have other questions about your rights as a user (e.g. the right to deletion).
As a registered user of Facebook, you here have the option of viewing your collected data or exporting or deleting it.
As a registered user of Instagram, you here have the option of viewing your collected data or exporting it. More information about privacy and security at Instagram can be found here.
If you no longer wish to receive information from us in the future and object to the data processing associated therewith, please cancel the link of your user profile with heo's Facebook fan page / Instagram fan page using the functions “I no longer like this page” and/or “Unsubscribe from this page” and/or “Do not follow”.
9.5 Twitter
When you visit our Twitter page, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND (hereinafter referred to as “Twitter”) processes personal data as operator of Twitter. What data is processed by Twitter and for which purposes it is used, can be found in Twitter’s privacy policy. Twitter may transfer the data collected in this context to a server in the USA for evaluation and store it there. If personal data is transferred to the USA, Twitter is subject to the EU-US Privacy Shield, i.e. for users in Europe, Twitter must comply with a privacy standard, which is considered by the European Commission as being comparable to the European standard.
When you use Twitter, your personal data is processed by Twitter – this includes the collection, transfer, disclosure and use of your data in the United States of America, Ireland and all other countries, where Twitter does business. Besides information such as user name, name, e-mail address and telephone number, all voluntarily entered data as well as the contact details of your address book can also be processed.
Twitter also processes all actions you have taken, such as sharing contents, viewing Twitter contents, sharing your personal messages with other users, GPS data, wireless network information and your IP address, which will enable display of targeted advertising or other information to you.
heo has no influence or control over the nature and extent of the data processed by Twitter or disclosed to third parties.
Analysis of data
Under certain circumstances, Twitter uses analysis tools for analysis. heo only receives certain non-personal data from Twitter regarding individual Twitter activities, such as clicks on the profile or individual messages (“Tweets”). The data collected by Twitter using analysis tools has not been commissioned by heo and heo also has no influence or possibility to prevent such processing.
Even if you have not created a profile on Twitter, information about the contents you view can still be processed by Twitter using so-called “log files”. These include the IP address, Internet or mobile service provider, browser type and version, information on the operating system or end device, the page accessed, the page previously accessed (if you opened the current page via a link and did not enter it directly in the address bar), your location, search terms used (if you opened the current page via a search engine) as well as cookie information.
Twitter uses cookies for the storage and further processing of this information, regardless of whether you have a Twitter profile or not. Cookies are regularly stored on your end device when you visit a Twitter page or third-party websites with Twitter buttons or widgets. If you have a Twitter profile and are logged in to it or log in later, the storage and analysis also takes place across devices. The use of these cookies is decided by Twitter alone. heo has no influence on this.
More details on the use of cookies by Twitter can be found in the privacy policy
and the cookie policy of Twitter.
The transmission and further processing of personal data of visitors and users to third countries, such as the USA, as well as the associated potential risks for visitors and users, cannot be ruled out by heo as the operator of the Twitter page.
Opt-out options
With a Twitter account, you have the option to set advertising preferences . If these settings are restricted, no personalised advertisements will be placed.
You can deactivate the option to store the cookies placed and the associated collection of your personal data at any time in the system settings of your browser and delete existing cookies. Furthermore, there are extensions/plug-ins for browsers that prevent the placement of cookies.
European visitors and users also have the option of preventing Twitter from placing cookies using the website of Digital Advertising Alliance.
On an iOS device, you can also use the “No Ad Tracking” setting; on an Android device, the “Disable Personalised Advertising” setting can be used to prevent interest-based advertisements from being displayed.
Rights of visitors and users
Since only Twitter has access to the user data, heo recommends that you contact Twitter directly if you wish to request information or have other questions about your rights as a user (e.g. the right to deletion). As a registered user of Twitter, you here have the option of viewing your collected data or exporting it. In order to be able to delete an account and the associated data, this must first be deactivated. Automatic deletion takes place after 30 days. More information about your data collected by Twitter can be found here.
9.6 Youtube
When you visit our YouTube channel, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “YouTube” or “Google”) processes personal data as the operator of YouTube. What data is processed by Youtube and for which purposes it is used, can be found in Google’s privacy policy.
Google may transfer the data collected in this context to a server in the USA for evaluation and store it there. If personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield, i.e. for users in Europe, Google must comply with a privacy standard, which is considered by the European Commission as being comparable to the European standard.
When you use Youtube, your personal data is processed by Google – this includes the collection, transfer, disclosure and use of your data in the United States of America, Ireland and all other countries, where Google does business. Besides information such as user name, name, e-mail address and telephone number, all voluntarily entered data can also be processed.
In addition, Google also processes all actions you have taken, such as subscribing to channels, videos watched, evaluation of a video, what content is shared, video comments as well as GPS data, wireless network information and your IP address, which will enable display of targeted advertising or other information to you.
heo has no influence or control over the nature and extent of the data processed by Google or disclosed to third parties.
Analysis of data
Youtube uses analysis tools to analyse the uploaded videos. heo only receives certain non-personal data from Google related to individual video activities, such as the clicks on a video, average playback time, access sources or demographics (number of male and female viewers as well as countries of access). The data collected by Youtube using analysis tools has not been commissioned by heo and heo also has no influence or possibility to prevent such processing.
Even if you have not created a profile on Google, information about the contents you view can still be processed by Google using so-called “log files”. These include the IP address, Internet or mobile service provider, browser type and version, information on the operating system or end device, the page accessed, the page previously accessed (if you opened the current page via a link and did not enter it directly in the address bar), your location, search terms used (if you opened the current page via a search engine) as well as cookie information.
Youtube uses cookies for the storage and further processing of this information, regardless of whether you have a Google profile or not. Cookies are regularly stored on your end device when you visit a Youtube or Google page or third-party websites with Google buttons or widgets. If you have a Google profile and are logged in to it or log in later, the storage and analysis also takes place across devices. The use of these cookies is decided by Google alone. heo has no influence on this.
More details on the use of cookies by Google can be found in the privacy policy and the cookie policy of Google.
The transmission and further processing of personal data of visitors and users to third countries, such as the USA, as well as the associated potential risks for visitors and users, cannot be ruled out by heo as the operator of the Youtube channel.
Opt-out options
You have the option of setting advertising preferences. If these settings are restricted, no personalised advertisements will be placed. If you use these settings without a Google account, your advertising preferences will only be saved until you delete your cookies in the browser or end device.
You can deactivate the option to store the cookies placed and the associated collection of your personal data at any time in the system settings of your browser and delete existing cookies. Furthermore, there are extensions/plug-ins for browsers that prevent the placement of cookies.
European visitors and users also have the option of preventing Google from placing cookies using the website of the European Interactive Digital Advertising Alliance (EDAA).
On an iOS device, you can also use the “No Ad Tracking” setting; on an Android device, the “Disable Personalised Advertising” setting can be used to prevent interest-based advertisements from being displayed.
Rights of visitors and users
Since only Google has access to the user data, heo recommends that you contact Google directly if you wish to request information or have other questions about your rights as a user (e.g. the right to deletion). As a registered user of Google, you here have the option of viewing your collected data or exporting it. Your Google account and associated data can be deleted here.
Furthermore, we recommend that you carry out the Google-provided privacy check, which you can perform through the activity settings and the setting for personalised advertising.
10. Contact options and your rights
As a data subject, you have the following rights:
- pursuant to art. 15 GDPR, the right to demand information about your personal data processed by us to the extent specified therein
- pursuant to art. 16 GDPR, the right to immediately demand the correction of incorrect or completion of your personal data stored by us
- pursuant to art. 17 GDPR, the right to demand the deletion of your personal data stored by us, unless further processing is required
- to exercise the right to freedom of expression and information
- to fulfil a legal obligation
- for reasons of public interest or
- to assert, exercise or defend legal claims
- pursuant to art. 18 GDPR, the right to demand the restriction of the processing of your personal data, as far as
- the accuracy of the data is disputed by you
- the processing is illegal, but you reject its deletion
- we no longer need the data, but you need it for asserting, exercising or defending legal claims or
- you have objected to the processing pursuant to art. 21 GDPR
- pursuant to art. 20 GDPR, the right to receive your personal data, which you have provided to us, in a structured, common and machine-readable format or to request the transfer to another responsible body
- pursuant to art. 77 GDPR, the right to complain to a supervisory authority. In general, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.
For questions about the collection, processing or use of your personal data, information, correction, blocking or deletion of data and revocation of granted consents or objection to a certain use of data, please contact us directly using the aforementioned contact options.
Right of objection
Insofar as we process personal data as described above in order to safeguard our legitimate interests that are overriding in the balancing of interests, you may object to this processing with effect for the future. If the processing takes place for the purposes of direct marketing, you can exercise this right at any time as described above. Insofar as the processing takes place for other purposes, you are only entitled to a right of objection if there are reasons that arise from your particular situation.
After exercising your right of objection, we will not process your personal data further for these purposes unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms, or if the processing serves for the assertion, exercise or defence of legal claims. This will not apply if the processing takes place for direct marketing purposes. Then we will not process your personal data further for this purpose.
11. PayPal
Furthermore, it is possible to carry out the payment process with the online payment service PayPal. PayPal allows you to make online payments to third parties. The European operator of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you select PayPal as payment method, your data that is required for the payment process is automatically transferred to PayPal. This regularly includes the following data:
- Name
- Address
- E-mail address
- Telephone and mobile number
- IP address
Under certain circumstances, the data transferred to PayPal will be transferred by PayPal to credit agencies. The purpose of this transfer is identity and credit check. PayPal possibly also forwards your data to third parties if this is necessary for the fulfilment of the contractual obligations or the data should be processed on order. The PayPal data protection regulations can be found at
https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
The legal basis for the data processing is art. 6 para. 1 b) GDPR, since the data processing is necessary for the payment with PayPal and thus, for the execution of the contract.
12. Status of information
Status of information / last amended: 16/07/2019