HEYEN Business Solutions              

        Holistic consulting for all your sales processes 
 

privacy policy


Version 2.0 dated 01.01.2025 

HEYEN Business Solutions values the protection of personal data of customers, employees, applicants, and all other third parties connected with us. We collect, use, and store your personal data exclusively in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) of the Federal Republic of Germany. You can be assured that we are committed to protecting your privacy and your right to data protection at all times. Below, we inform you about the nature, scope, and purpose of data collection and use.

1. General Section

I. Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws, as well as other data protection regulations, is:

HEYEN Business Solutions
Alter Kirchweg 44
42389 Wuppertal - Germany

Phone: +49 202 870 571 42
E-Mail: info@heyen-bs.de
Website: www.heyen-bs.com

II. Name and address of the Data Protection Officer

The Data Protection Officer of the data controller can be contaced at:

HEYEN Business Solutions
Data Protection Officer  

Alter Kirchweg 44

42389 Wuppertal

Germany
Phone: +49  202 – 870 571 42
E-Mail: datenschutzbeauftragter@heyen-bs.de 
Website: www.heyen-bs-com

III. General information on data processing

Scope of processing personal data

HEYEN Business Solutions processes personal data of its users primarily only to the extent necessary to provide a functional website and its content and services. The processing of personal data of its users usually only occurs with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

Legal basis for the processing of personal data

Where we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the case of processing personal data required to fulfill a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Where the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
If the processing is necessary to safeguard the legitimate interests of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the aforementioned interest, Article 6(1)(f) GDPR serves as the legal basis for processing.

Online presence on social media

We maintain online presences within social networks and platforms to communicate with interested parties and users active there and to inform them about our services.
We would like to point out that data of users may be processed outside the European Union. This may pose risks for users, as the enforcement of user rights could be more difficult. With regard to US providers that are certified under the Privacy Shield, we would like to point out that they commit to complying with the EU's data protection standards.

Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created based on user behavior and resulting interests. These usage profiles can then be used to display targeted advertisements both within and outside the platforms, which are likely to align with the interests of users. For these purposes, permanent cookies are typically stored on users' computers, where user behavior and interests are recorded. Additionally, usage profiles may store data independently of the devices used by users (especially if users are members of the respective platforms and logged in).
The processing of users' personal data is based on our legitimate interests in effectively informing users and communicating with them in accordance with Article 6(1)(f) GDPR. If users are asked by the respective providers to consent to data processing (e.g., by ticking a checkbox or confirming a button), the legal basis for processing is Article 6(1)(a), Article 7 GDPR.
For a detailed description of the respective processing and opt-out options, we refer to the provider’s information linked below.


∙        Processed data: Contact data, content data, usage data, metadata.

∙        Special categories of personal data: Generally no, unless provided by users.

∙        Legal basis: Article 6(1)(a) / Article 6(1)(f) GDPR.

∙        Affected individuals: Users of the social media presences (which may include customers and prospects).

∙        Purpose of processing: Information and communication.

∙        Type, scope, and functionality of processing: Typically by the operators of the respective platforms:
         Permanent cookies, tracking, targeting, remarketing, content-based and behavior-based advertising.

∙        Necessity / Interest in processing: User expectations of those actively engaged on the platforms, business interests.

∙        Disclosure to external parties and purpose: To social networks/platforms.

∙        Data deletion: The deletion rules of the respective platforms apply.

∙        Services used: Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy policy / Opt-Out:
         https://privacy.king.com/de/datenschutzerklaerung.


Data deletion and retention period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Further storage may occur if this is provided for by European or national legislators in Union regulations, laws, or other provisions to which the data controller is subject. Data will also be blocked or deleted when the retention period prescribed by the aforementioned norms expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.

2. Individual processing activities

I.   Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling device. The following data is collected:

1.     Information about the browser type and version used

2.     The user's operating system

3.     The user's internet service provider

4.     The user's IP address

5.     Date und time of access 

6.     Websites from which the user's system accesses our website

7.     Websites accessed by the user's system via our website

Only the user's IP address is stored in our system's log files. These data are not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) of the GDPR.

3. The purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is carried out to ensure the functionality of the website. Additionally, the data is used to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also represent our legitimate interest in data processing according to Art. 6 (1) lit. f GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose of its collection. In the case of data collected for the provision of the website, this occurs when the respective session is terminated.
In the case of data stored in log files, this happens after a maximum of seven days. Further storage is possible. In this case, the IP addresses of users are deleted or anonymized, so that assignment to the requesting client is no longer possible.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no possibility for the user to object.

II. Use of Cookies

1) Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a unique string of characters that enables the identification of the browser when the website is accessed again.
We use cookies to make our website more user-friendly. Some elements of our website require the browser to be identifiable even after navigating to another page.

The following data is stored and transmitted in the cookies:

1.     Language settings

2.     Screen resolution

2) Legal basis for data processing

The user data collected through technically necessary cookies is not used to create user profiles.
Our legitimate interest in processing personal data, as outlined in Article 6(1)(f) of the GDPR, lies in these purposes.

3) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after navigating to another page.

We use cookies for the following applications:

1.     Adoption of language settings

2.     Adjustment of screen resolution

The user data collected through technically necessary cookies is not used to create user profiles.
Our legitimate interest in processing personal data, as outlined in Article 6(1)(f) of the GDPR, lies in these purposes.

4) Duration of storage, possibility of objection and removal

Cookies are stored on the user's device and transmitted to our site from there. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, some features of the website may no longer be fully usable.
The cookies we store will be deleted after a maximum of 24 hours.

III. Contact form and email contact

1. Description and scope of data processing

On our website, there is a contact form that can be used for electronic communication. If a user takes advantage of this option, the data entered in the input fields will be transmitted to us and stored. These data are:

1.     First name

2.     Last name

3.     E-Mail

4.     Phone

5.     Message

At the time the message is sent, the following data is also stored

1.     The user's IP address

Your consent is obtained as part of the submission process for processing the data, and reference is made to this privacy policy.

Alternatively, contact can be made via the provided email address. In this case, the personal data of the user transmitted with the email will be stored.

In this context, the data will not be shared with third parties. The data will be used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for processing the data, when the user's consent is given, is Article 6(1)(a) of the GDPR.

The legal basis for processing the data transmitted in the course of sending an email is Article 6(1)(f) of the GDPR. If the email contact aims to conclude a contract, an additional legal basis for processing is Article 6(1)(b) of the GDPR.

3. Purpose of data processing

The processing of personal data from the input fields is solely for handling the contact request. In the case of contact via email, the necessary legitimate interest in processing the data also lies in this purpose.
The other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

After the completion of your inquiry, personal data will be automatically deleted, unless legal retention periods prevent deletion.

The personal data additionally collected during the submission process will be deleted no later than seven days after the submission.

5. Possibility of objection and removal

The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored during the contact process will be deleted in this case.

IV. Use of Google Maps

This website uses the Google Maps API to visually display geographic information. When using Google Maps, Google collects, processes, and utilizes data about the use of the map features by visitors. Additionally, Google sets a cookie. For more information on how Google processes data, you can refer to Google's privacy policy. There, you can also change your personal privacy settings in the Privacy Center.

3. Rights of the data subject

If personal data concerning you is processed, you are a data subject within the meaning of the GDPR, and you have the following rights against the data controller:

1. Right to access

You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing occurs, you can request the following information from the controller:

1.     the purposes for which the personal data is being processed;

2.    the categories of personal data that are being processed;

3.     the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;

4.     the intended duration of the storage of the personal data concerning you, or, if specific details are not possible, the criteria used to determine the storage period;

5.     the existence of the right to rectification or deletion of the personal data concerning you, the right to restriction of processing by the controller, or the right to object to such processing;

6.     the existence of the right to lodge a complaint with a supervisory authority;

7.     all available information about the source of the data, if the personal data has not been collected from the data subject;

8.    the existence of automated decision-making, including profiling, as defined in Article 22(1) and (4) of the GDPR, and — at least in these cases - meaningful information about the logic involved, as well as the scope and intended consequences of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards in accordance with Article 46 of the GDPR related to the transfer.

2. Right to rectification

You have the right to rectification and/or completion with respect to the controller if the personal data concerning you is inaccurate or incomplete. The controller must make the correction without delay.

3. Right to restriction of processing

Under the following conditions, you can request the restriction of processing of your personal data:

1.     if you contest the accuracy of the personal data concerning you, for a period that allows the controller to verify the accuracy of the personal data;

2.     the processing is unlawful, and you oppose the deletion of the personal data and instead request the restriction of its use;

3.     the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or

4.     if you have objected to the processing under Article 21(1) of the GDPR, and it has not yet been determined whether the legitimate grounds of the controller override your reasons.

If the processing of your personal data has been restricted, these data – apart from their storage – may only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
If the restriction of processing has been lifted under the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

4. Right to be forgotten

a) Obligation to erase

You can request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

1.    The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

2.    You withdraw your consent on which the processing was based according to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.

3.   You object to the processing under Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing under Article 21(2) of the GDPR.

4.    The personal data concerning you has been processed unlawfully.

5.    The erasure of the personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

6.     The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

1.     to exercise the right to freedom of expression and information;

2.   for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

3.     for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

4.   for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

5.    for the assertion, exercise or defense of legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right vis-à-vis the controller to be informed about these recipients.

6. Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the option, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures that use technical specifications.

7. Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

4. Changes to our privacy policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.