If you wish to make use of special services of our company via our website or the apps or if you order something via our eShop, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing (for example, the implementation of a contractual agreement), we will ask for your consent.
This Privacy Statement contains information about the data we collect from you, how we use it and how you can object to the use of this data.
Heidelberger Druckmaschinen AG welcomes your visit to our web pages and app and your interest in our products. Please note that this Privacy Statement no longer applies if you follow links to third-party sites or register in areas controlled by other data controllers.
The data controller with respect to this website or app is:
Heidelberger Druckmaschinen AG
Gutenbergring
69168 Wiesloch
Germany
Tel.: +49 (0)6221 92 00
Our data protection officer can be contacted at:
Heidelberger Druckmaschinen AG
Data Protection Officer
Gutenbergring
69168 Wiesloch
Germany
In the following, we will give you a general overview of the processing purposes and legal bases in the context of our web pages and app. We have collected more detailed information for you below, sorted by the tools used.
For technical reasons, certain data must be collected and stored when you visit our web pages, such as the date and duration of your visit, the web pages used, the identification data of the type of browser and operating system used and the website from which you are visiting us.
In order to fulfill a contract, we require certain personal data from you. This data is required to make bookings in the eShop, process payments, carry out credit checks, deliver to the specified address (if items are to be shipped) and, where appropriate, to process cancellations or refunds.
In this case, the contract is the legal basis for the processing of your personal data in accordance with Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR). Art. 6 para. 1 lit. b GDPR also applies in respect of processing operations that are necessary for carrying out pre-contractual measures, for example in the event of inquiries regarding our products or services.
If we obtain your consent for the processing of personal data (for example, if you sign up for the newsletter or use the “stay signed in” option), this serves as the legal basis in accordance with Art. 6 para. 1 lit. a GDPR.
If our company is subject to a legal obligation rendering the processing of personal data necessary, for example in order to meet tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.
In order to constantly improve the services we offer you, we store and analyze usage data from the online area on a pseudonymized basis. The legal basis for this is our legitimate interest in the optimization of our web pages and apps, and in the effective design of our advertising in accordance with Art. 6 para. 1 lit. f GDPR.
Only applies to existing customers: We are also interested in maintaining our customer relationship with you and in providing you with information and offerings that we believe match your interests. We therefore process your data on the basis of Art. 6 para. 1 lit. f GDPR (also with the help of service providers) in order to send you information and offerings. We use your contact data (name and e-mail address that we have received from our business relationship with you) for advertising by post and for market research, unless you object to such use.
We use cookies, tracking tools, targeting methods and social media plug-ins for our website/application. These enable us to make visiting our web pages more attractive, prevent cases of misuse, e.g. in the context of our eShop, and facilitate the use of certain functions. Exactly which procedures are involved and how your data is used for this purpose is explained below in the information on the respective service.
The cookies can be categorized as follows:
If additional legal bases exist, these are indicated under the respective service.
You may object to the processing of your data and the use of cookies, as set out under paragraphs 1. and 2. above, if there are overriding interests that prevent processing. In this case, however, the functionality of the website will be severely limited. You may revoke your consent to the processing of your data and the use of cookies, as set out under paragraph 3., at any time with effect for the future. You will find the link for opting out from marketing and statistics cookies by moving your mouse over here and for adjusting your settings by moving your mouse over here.
Cookies are small text files that are automatically created by your browser and stored on your terminal device (laptop, tablet, smartphone, etc.) when you visit our website. Information in connection with the specific terminal device used is stored in the cookie, however this does not mean that we can obtain direct knowledge of your identity as a result.
Internal transfer of personal data:
Heidelberg's internal IT departments and the selected service providers engaged by them can access user data insofar as this is necessary in the course of fulfilling their tasks.
Orders for information material via the app or our contact form are handed over to Heidelberg’s marketing team or sales team as part of lead management.
Transfers to third parties:
Personal data is usually transferred to third parties in the context of our web pages and apps if their services are deliberately used or accessed by the user.
More detailed, additional or different information, such as further recipients or the transfer to third countries, can be found below under the details of the respective service.
Personal data that we process on the basis of consent will be processed by us for as long as the wording of the consent allows or until the consent of the data subject is revoked. We store tax-relevant personal data for ten years, pursuant to the first sentence of Section 147 para. 3 of the German Fiscal Code (AO), the first half sentence of Section 257 para. 4 of the German Commercial Code (HGB) in conjunction with Section 257 para. 1 nos. 1 and 4 HGB, and sentences 1 and 2 of Section 14b para. 1 of the German VAT Act (UStG). We store personal data on user accounts/master data, for push notifications, and for the allocation of performance data on the basis of our legitimate interest in defending or asserting legal claims up to their limitation period for three years from the end of the year in which the processing was carried out, pursuant to Art. 6 para. 1 lit. f GDPR and Sections 280 para. 1, 195, and 199 para. 1 of the German Civil Code (BGB).
Due to our legitimate interest in security and troubleshooting, we store personal communication data and protocols for a maximum of seven days from the end of processing, pursuant to Art. 6 para. 1 lit. f GDPR.
We store personal analysis and statistical data, such as Google Analytics data relating to user behavior, only for as long as this is necessary in order to create the anonymized data records. This corresponds to a deletion within a very short time.
We may also store your data for a longer period of time if necessary, for example to assert or defend legal claims, solve technical problems, or analyze security incidents.
Erasure of data
We always erase personal data when there is no requirement for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, or so that we can check and allow or fend off warranty claims and, if applicable, guarantee claims. In the event of statutory retention obligations, the data can only be erased after the respective retention obligation has expired.
Unless otherwise specified in the consent, we retain proof of consent and opt-out for 5 years after the end of processing in order to be able to demonstrate compliance with the data protection regulations, Art. 6 para. 1 lit. f GDPR.
We do not carry out profiling or automated decision making in the normal course of business. We expressly refer to exceptions under the respective headings below.
You have various rights under the GDPR as a user* of our app: In accordance with Art. 15 GDPR, you can request information about the personal data relating to you that we process. When requesting this information, you should outline your concern more precisely in order to make it easier for us to compile the necessary data.
If the legal requirements of Art. 15 para. 3 or Art. 20 GDPR are met, you have the right to receive a copy of your data or to have your data transferred to you.
If the information concerning you is not (or no longer) correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed. You can request the deletion of your personal data under the provisions of Art. 17 GDPR.
Within the framework of the provisions of Art. 18 GDPR, you have the right to request that the processing of data concerning you be restricted.
Where data is processed on the basis of legitimate interests, you have the right under Art. 21 GDPR to object at any time to the processing of data concerning you for reasons arising from your particular situation. You may object to the processing of your personal data on the basis of legitimate interests for direct marketing purposes at any time without giving reasons.
You can revoke your consent at any time with future effect.
You may assert these rights against Heidelberger Druckmaschinen AG free of charge via the e-mail address or postal address stated above.
Please feel free to contact us first before you make use of your right to lodge a complaint with the data protection supervisory authorities. Our competent data protection supervisory authority is: “The State Commissioner for Data Protection and Freedom of Information” in Baden-Württemberg.
Registration and implementation of the on-site event
On October 13 and 14, the Innovation Week 2021 will take place as an on-site event in Wiesloch-Walldorf, Print Media Center Registration takes place either via the sales representative on the instructions of the customer or as an independent registration via a hidden registration link on the website at heidelberg.com/innovationweek21/de/onsite. The registration can only be found by entering the URL. Only invited customers have access. The invitation is sent via a printed flyer or a digital mailing to a group of recipients specified by the sales offices. The data transmitted by the sales representative or from the online registration are used to organize the event (travel planning, hotel booking, on-site support).
Responsible employees and the contracted service providers and their subcontractors have access to the data of the on-site event as well as the associated services.
Other processing within the scope of the legitimate interest
For other processing within the scope of the legitimate interest, a transfer of personal data to the judiciary, authorities, legal representation, insurance companies, and required companies, e.g., Internet providers, can take place.
We delete the data in the internal SharePoint after 6 weeks after the end of the event. Data transmitted to our CRM system and Google Analytics remain unaffected.
The data of the participants will be processed for advertising purposes until the person concerned objects or the purpose of the advertising purpose does no longer apply. In individual cases, longer storage may be necessary for legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).
To do this, we need
Registration is not possible without this information.
Optional information, as well as consent to commercial use and the use of non-technically required cookies, are voluntary and do not impact the event.
The Heidelberg Group may make the following personal data available to you on its website or in the app:
Personal data about speakers, presenters at exhibitions and events (such as the date of the event, length of the speech, content of the speech, name of the speaker, brief bio of the speaker). Speakers can be outsiders or employees of the Heidelberg Group. Speakers can be outsiders or employees of the Heidelberg Group.
Personal data on contact persons and experts at exhibitions and events (such as names of people, position at Heidelberg, information about specific expertise, business contact details).
We receive this data directly from the people on a voluntary basis and only use it for advertising and information purposes with express consent and approval. The legal basis for the processing (speaker and contact information) is the consent of the data subject in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.
There is no automated decision in individual cases, including profiling in accordance with Art. 22 GDPR.
Heidelberg uses the software solutions GoToWebinar and GoToMeeting of the LogMeIn Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, in order to facilitate presentations, product introductions, training sessions or similar broadcasts over the Internet. LogMeIn Ireland Unlimited Company is a subsidiary of LogMeIn USA, Inc., 333 Summer Street, Boston, MA 02210, USA. LogMeIn Ireland Unlimited Company is responsible for the provisioning of this service and the associated data processing. LogMeIn's privacy policy can be found here (Link: www.logmeininc.com/legal/privacy).
When registering, the following data from the form is transmitted to LogMeIn, Inc.:
Furthermore, the date and time of the registration are collected.
As part of the registration process, your consent is required pursuant to Article 6 (1) (a) GDPR to process the registration data and to process it for statistical purposes, since statistical data is collected and transmitted to us during and after the event. This includes data such as participation status and duration, questions asked / answered, and interest in the program. We use this data for customer care and to enhance the user experience.
An encrypted connection is established between you and the organizer of the online event for facilitating these events.
During a session, we can record audio or video content to be made available for the participants to access at a later date. The data stored in this context will be deleted after 90 days.
You can find more details regarding the technical features of the tools used as well as further information at: https://www.goto.com/webinar.
Name of the person responsible and representative:
Heidelberger Druckmaschinen AG
Kurfürstenanlage 52-60
69115 Heidelberg
Tel.: +49 (0)6221 92 00
Fax: +49 (0)6221 92 69 99
Email: information@heidelberg.com
Contact information data protection officer:
Data protection officer
Heidelberger Druckmaschinen AG
Gutenbergring
69168 Wiesloch
Email: datenschutzbeauftragter@heidelberg.com
Rights of data subjects:
A detailed description of the rights of data subjects can be found here.
Purposes of the data processing and its legal basis:
Please note all of the data processing listed below that may take place during the event.
Registration and implementation of the online event, including making an appointment, streaming, videos, video calls, and chats
Starting September 20, 2021, all those interested can register for the digital event taking place on October 13-15, 2021.
The portal heidelberg.com/innovationweek2021 (URL: innovationweek.heidelberg.com) and access to the content will also remain available at heidelberg.com/videos (URL: medialibrary.heidelberg.com).
Interested parties can talk to a Heidelberg expert in a video call or in a peer-to-peer chat at heidelberg.com/innovationweek2021 during event days. The connection is encrypted with DTLS-SRTP.
The availability of contact persons depends on the country and language of the participants. The relevant contact data collected as part of the event or during a visit to the Heidelberg Media Library, as well as interest in our products and services, will be transmitted to the relevant national or sales company. The legal basis is our contractual obligation pursuant to Article 6 (1) sub 1 (b) GDPR to provide the participant with the contractual services. Using this offering is optional.
Confirmation of the email address (double opt-in) and email communication
To complete the registration process, it is necessary to confirm the registration. A confirmation email will be sent to the email address provided during registration. This email contains a link via which the registration can be confirmed and thus completed. The system used stores the date and time of registration and the confirmation.
The email address will then be used to send emails with information about the event.
Video and streaming
On the event days October 13-15, 2021, presentations about Heidelberg’s products and services will be shown in a live stream as part of the Innovation Week 2021 event. Additional video content is available on demand at heidelberg.com/innovationweek2021 (as of 25 October 2021: heidelberg.com/videos).
For this we use plug-ins from Youtube.de/youtube.com. These are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you visit the Heidelberger Druckmaschinen AG websites with such a plug-in, a connection to YouTube servers is established and the plug-in is displayed on the website via a message to your browser. This stores cookies on your computer (VISITOR_INFO1_LIVE, PREF, YSC). Furthermore, which of our websites you have visited is transmitted to the YouTube server. If you are registered as a member of YouTube, YouTube will assign this information to your personal user accounts on these platforms. When using these plug-ins, e.g., by clicking the start button to play a video or audio file or when sending a comment, this information is assigned to your YouTube user account. You can prevent this by logging out of YouTube before calling up the file or sending a comment.
The legal basis is our contractual obligation pursuant to Article 6 (1) sub 1 (b) GDPR to provide the participant with the contractual services.
The purpose and scope of data collection and use by Google as well as your rights and setting options to protect your privacy as a YouTube user can be found in YouTube's data protection information.
Video calls and chat during the online event
On the day of the event, registered participants can chat with a Heidelberg expert via video call or chat.
On the day of the event, October 13-15, 2021, as part of the Innovation Week 2021 event, questions or comments can be submitted to Heidelberg in a chat during the live stream broadcast. These texts will only be visible to chat administrators. The chat administrators can answer you personally or send a message to all Innovation Week visitors participating in the chat. All our employees have been and will be trained on the subject of data protection and instructed how to handle customer data securely and confidentially.
The chat will take place in virtual rooms on heidelberg.com/innovationweek2021.
In addition to the data from the registration form, the communication data and organizational data (such as the date and time of registration and confirmation), we also process technical data such as the IP address, location, status reports, session IDs, log files, or accessed videos or streams. The registration data, any consent, as well as information about which of our products and services you are interested in, are transmitted to our CRM system for advertising use of the contact details (see following sections).
The legal basis for the provision of the website until registration is based on the legal basis Article 6 (1) Sentence 1 (f) GDPR “legitimate interest”. It is our legitimate interest to provide an online platform for registration.
The registration and implementation of the event, including stream, video, and communication, is pursuant to Article 6 (1) sentence 1 (b) GDPR "Fulfillment of the contract" or "Request of the data subject prior to entering into a contract".
We also use cookies on our online event and media library page. For cookies that are not technically required, e.g., Google Analytics and Google Tag Manager, we ask for your voluntary consent via our content management solution ("cookie banner"). These consents are voluntary and can be revoked at any time. Further information about the processing of the online event page, Google Analytics, Google Tag Manager, and cookies can be found in the respective section under:
https://www.heidelberg.com/global/en/global_content/privacy_statement.jsp
Use of the contact data for commercial use for legitimate interest
We process the contact details and interests collected during the event for advertising purposes pursuant to Article 6 (1) sentence 1 (f) in connecting with Recital 47 GDPR. It is our legitimate interest to hold events to process contact information from interested parties.
The relevant contact data collected as part of the event, as well as interest in our products and services, will be transmitted to the relevant national or sales company. The processing takes place in our CRM program as well as email and telecommunication systems.
Please note the right of objection for processing for the purpose of direct advertising, which you can find in the section "Rights".
The use of the contact data for commercial use for legitimate interest
In Germany, we need your voluntary consent to use certain contact channels for advertising purposes, such as telephone and email. These consents are requested during registration or during the course of the event. Pursuant to Article 6 (1) sentence 1 (a) GDPR, the consent is voluntarily and can be revoked at any time. Participation in the online event is also possible without consent or after consent has been withdrawn.
If you have given your consent to marketing contact via email, you will be given the option of confirming this email via double opt-in before its use.
Other processing within the scope of legitimate interests
Processing of personal data in the context of legitimate interests (Article 6 (1) sentence 1 (f) GDPR) can take place to assert, exercise, or defend legal claims or damages. For this purpose, it may also be necessary to pass it on to the required third parties in individual cases. Information on the individual right of objection can be found in the "Rights" section.
We use a consent management platform. With this service you can decide which of the various services available on our website (which are associated with the processing of personal data) you only want to use based on consent. It also enables us to document your consent to data processing and to provide the legally required proof of this. Your declaration applies to all of our websites and apps.
The following data are processed:
Date and time of your visit
Device information
Browser information
Anonymized IP address
Opt-in and opt-out data
The legal basis for processing is Article 6 (1) sentence 1 (f) in connection with Article 7 (1) GDPR.
Recipients or categories of recipients of personal data:
Responsible employees and the contracted service providers and their subcontractors have access to the data of the on-site event as well as the associated services. If contracted service providers have access to personal data and this constitutes the processing of data, a data processing agreement has been concluded with the service providers, which also includes provisions for possible subcontractors.
Other processing within the scope of legitimate interests
Other processing within the scope of the legitimate interest, can include a transfer of personal data to the judiciary, authorities, legal representation, insurance companies, and necessary companies, e.g., Internet providers.
Intention to transfer data to third countries or an international Organization:
The relevant contact data collected as part of the event, as well as interest in our products and services, will be transmitted to the relevant national or sales company.
Beyond the processing mentioned above, there is no transfer of the participant data by the person responsible to a third country or an international organization insofar this is necessary for the processing, except for the location where the participant resides or the corresponding devices or services are used there for communication or, for technical reasons, a corresponding routing takes place over which we have no influence.
Duration or criteria for the retention duration:
After the online event has ended, we will continue to provide you with new content on the platform. Once the platform will be closed, the data on the event platform will then be deleted after 6 weeks. Data transmitted to our CRM system and Google Analytics remain unaffected.
The data of the participants will be processed for advertising purposes until the data subject objects or the purpose of the advertising purpose no longer applies. In individual cases, longer data retention may be necessary for legitimate interests (Article 6 (1) sentence 1 (f) GDPR).
Regarding additional data retention: All information is stored for three years after the end of processing. The legal basis for this is our obligation to document our compliance with the data protection requirements pursuant to Article 6 (1) sentence 1 (c) GDPR in conjunction with Article 5 (2) and Article 24 GDPR in connection with our legitimate interest in data detection for complying with the requirements of Article. 6 (1) sentence 1 (f) GDPR in conjunction with Section 41 of the German Federal Data Protection Act (BSSG) and Section 41 (2) sub 1 of the German Administrative Offences Act (OWiG). The platform is operated by our processor, Usercentrics GmbH, Sonnenstraße 23, 80331 Munich, Germany.
More information can be found here.
Provisioning required by law or contractually required as well as the consequences of non-provision:
To do this, we need
Participating is not possible without this information.
Optional information, as well as consent to commercial use and the use of non-technically required cookies, are voluntary and do not impact the event.
Automated decision-making:
There is no automated decision in individual cases, including profiling pursuant to Article 22 GDPR.
Google Tag Manager
We use the Google Tag Manager. The provider of the Google Tag Manager components is Alphabet Inc. This service enables you to manage website tags via an API. The Google Tag Manager implements only tags. This means that cookies are not used and no personal information is collected. Google Tag Manager triggers other tags that can be used to collect data. However, Google Tag Manager does not access this data. If you have been deactivated on a domain or cookie basis, this applies to all tracking tags if they have been implemented with Google Tag Manager.
Google Analytics
As part of the protected platform Innovation Week, we use Google Analytics for the purpose of the contractual services pursuant to Article 6 (1) sentence 1 (b) GDPR and also use and evaluate the data collected in order to offer you interesting content on our website and to enable a personalized experience. Outside the current protection scope, we only use Google Analytics with your consent, which can be revoked at any time, pursuant to Article 6 (1) sentence 1 (a) GDPR. Google Analytics is a web analysis service of Google Ireland Ltd. ("Google"). Google Analytics uses cookies, which enable an analysis of your use of our websites. In this context, our data processor Google creates pseudonymized user profiles and uses cookies.
Processed data
User ID
Browser type/version,
used operating system,
Referrer URL (the previously visited page),
Host name of the accessing terminal device,
Time of the server request
We only use Google Analytics in connection with activated IP anonymization (IP masking). This means: The IP address of a user is truncated by Google for users within the member states of the European Union and other contracting states of the Agreement on the European Economic Area. Only in exceptional cases (e.g., in the event of a technical defect in the European Union) is the IP address transmitted to a server in the USA and truncated there.
The method of anonymizing IP addresses used by Google does not consist of writing IP addresses on a hard disk, because anonymization is performed immediately after receiving the request in memory.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google. You can prevent the installation of cookies by setting your browser accordingly. However, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent.
Transfer to third countries (outside the EU and EEA): In the course of the analysis of user behavior, Google receives personal data based on your consent and processes it worldwide, insofar as this is necessary for the provision of services:
Contact details Google:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland
Tel +353 1 543 1000
Fax +353 1 686 5660
Email: support-deutschland@google.com
The transfer to third countries is based on Google's EU standard contract clauses. We store the data on pseudonymized profiles, which cannot be assigned to any individual person, for a period of 26 months to prevent cases of abuse and to optimize our websites. After 26 months have passed, this data is automatically deleted. Click here to download the browser add-on to deactivate Google Analytics.
Used Cookies
Name: _ga, _gat, _gid
Provider: Google Analytics
Description: Google Universal Analytics | Both analyse the browsing pattern and allow the creation of flow statistics; ga is used to distinguish individual users by means of designation of a randomly generated number as a client identifier, which allows the calculation of visits and sessions; _gat is used to distinguish between the different monitoring objects that are created in the session
Retention period: _ga, _gid - 1 year after setting or update ; _gat - 10 minutes from setting or update
Name: _gtm
Provider: Google Tag Manager
Description: Administration of our consent management solution and the dependent use of Google Analytics.
Retention period: _gtm – 1 year from setting or update
Name: ssm_au_c
Provider: Usercentrics
Description: This cookie is used to manage the cookie consent on our website and to save your preferences.
Retention period: They remain until you delete the cookies from your browser or make changes to the cookie consent feature.
Name: evesessid
Provider: Event it
Description: Used to get or set the session ID of the current session.
Retention period: Expires after the session
Name: srv_id
Provider: Event it
Description: Serves to manage the user session on the server side.
Retention period: Expires after the session
Name: eveprotect
Provider: Event it
Description: To defend against various attack scenarios on the web.
Retention period: Expires after the session
If you register to use the Heidelberg App, you will be asked to provide the following information: last name, first name, e-mail address, country, and customer affiliation. Providing the information is voluntary. If you provide us with this information, we will use it to identify users and to make personal and individual content of the app visible.
If users receive a voucher from us, these vouchers will be assigned to user e-mail addresses and displayed within the app, provided that the user logs into the app with this e-mail address. We receive the e-mail address via the registration; the allocation of vouchers by HDM AG and its Sales and Service Center.
When you set up the app, you will be asked if the app is allowed to send you notifications. If you agree, we will use push notifications to send you alerts about the app, as well as marketing messages. The service then sends the registration ID (Android) or the token (iOS) to the registered device. The app sends the ID or token to the server, where it is stored in a database. If a push notification is to be sent, the server sends the desired message with registration ID/token to the platform’s push service, which forwards the push notification to the respective devices.
You can suspend receipt of push notifications when not using the app by explicitly logging out of the app.
You can revoke your consent to receive push notifications via the operating system as follows:
When you use our app, the data that is sent by your browser during usage and that is required to use our services is automatically recorded. This data includes the IP address, installation ID, operating system, platform (iOS, Android, Windows), and the date and time of use of our services. Every time our app is used or a file stored in the app is retrieved, this action is logged.
The following is logged: name of the retrieved file, date and time of retrieval, amount of data transferred, notification of successful retrieval, app ID and requesting domain. The IP addresses of the requesting devices are also logged. Access is registered for reasons of data security, to ensure the stability and operational reliability of our system and to protect against possible external attacks. In addition, the data is statistically evaluated to optimize the services we offer. It is not possible to trace which contents you have accessed or which files you have retrieved on the basis of the logged data. The temporary collection of the data is necessary in order to enable the delivery of the content to the terminal devices and to guarantee its reproduction. This data is not merged with other data sources.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For the storage of data in log files, this is the case after seven days at the latest. It is possible that the data may additionally be stored with our technical service providers for statistical purposes, inter alia. In this case, the IP address will be deleted or masked so that the calling device can no longer be assigned.
The collection of data for the provision of the app and its storage is absolutely necessary for the operation of the service, so that there is no option for the user to object. The legal basis for the processing of user account/master data and the assignment of performance data and communication data is the fulfillment of our contract with you for the provision of the Heidelberg Assistant and your content in accordance with Art. 6 para. 1 lit. b GDPR.
The legal basis for the processing of push notifications, and for information and marketing purposes, is our legitimate interest in providing users with relevant information about the Heidelberg Group in accordance with Art. 6 para. 1 lit. f GDPR.
In addition, we use the Google Firebase service for our app to analyze and categorize user groups, and to send push notifications. You can find more information here, at Google, or directly in our app.
The web server for the operation of our online survey is Microsoft Forms and is operated by Microsoft.
Microsoft Ireland Operations Limited
One Microsoft Place
South County Industrial Park, Leopardstown
Dublin 18
D18 P521
The data is processed on servers located in the European Union. In exceptional cases, access by Microsoft from third countries is possible. Microsoft is certified under the EU-US Privacy Shield, and furthermore guarantees an adequate level of data protection through the use of the EU standard clauses:
https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active
https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31
Storage duration and storage periods:
The storage period of the personal data transmitted via the forms is determined by the respective processing purpose. If you do not receive additional information regarding the storage period, the retention periods stated in our general privacy information apply.
Usage data:
When you access our web pages, you transmit (for technical reasons) data via your Internet browser to our web server. The following data is recorded for communication purposes between your Internet browser and our web server while a connection is established:
For technical security reasons, in particular as a defense against attempted attacks on our web server, this data is temporarily stored by us. It is not possible for us to trace the data back to a specific person. The data will be anonymized after a maximum of seven days by truncating the IP address at domain level, which makes it no longer possible to establish a link to the individual user. The data is also processed in anonymized form for statistical purposes; it is neither in part nor in full matched against other databases or disclosed to third parties. Only the number of page views is shown in our server statistics, which we publish every two years in our activity report.
Recipients or recipient categories
As a rule, the personal data you provide will only be processed by employees of Heidelberg companies and their commissioned processors. For the fulfillment of our tasks and obligations, it may, however, become necessary for us to disclose your personal data stored to individual and legal entities, authorities, institutions, or other bodies. In particular, the following recipient categories are eligible:
The web server for the operation of our online survey Forms is technically operated by Microsoft.
Microsoft Ireland Operations Limited
One Microsoft Place
South County Industrial Park, Leopardstown
Dublin 18
D18 P521
The data is processed on servers located in the European Union. In exceptional cases, access by Microsoft from third countries is possible.
https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31
Purpose of processing
We use the Microsoft Teams tool to conduct telephone conferences, online meetings, video conferences and/or web conferences (in the following: “online meetings”). Microsoft Teams is a service from the Microsoft Corporation.
Controller
Heidelberger Druckmaschinen AG is the controller for data processing directly related to the holding of online meetings.
Note: If you access the Microsoft Teams website, the provider of Microsoft Teams is the data processing controller. However, to use Microsoft Teams, it is only necessary to access the website to download the software for using Microsoft Teams.
If you do not wish to or cannot use the Microsoft Teams app, you can also use Microsoft Teams from your browser. The service is then also provided via the Microsoft Teams website.
Which data is processed?
When you use Microsoft Teams, different types of data are processed. The scope of the data also depends on what information you provide before or during participation in an online meeting.
The following personal data is subject to processing:
Scope of processing
We use Microsoft Teams in order to hold online meetings. If we want to record online meetings, we will inform you transparently in advance and – if necessary – ask for your consent.
Chat content is logged when you use Microsoft Teams. Files shared by users in chats are stored in the OneDrive for Business account of the user who shared the file. Files shared by team members in a channel are stored on the team's SharePoint site.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
Legal bases for processing the data
If personal data is processed by employees of Heidelberger Druckmaschinen AG, the legal basis for the data processing is Section 26 of the German Federal Data Protection Act (BDSG). If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, implementation or termination of the employment relationship but is nevertheless an elementary component during the use of Microsoft Teams, Art. 6 para. 1 lit. f GDPR is the legal basis for the data processing. In these cases our interest lies in the effective holding of online meetings.
In all other respects, the legal basis for data processing when holding online meetings is Art. 6 para. 1 lit. b GDPR, insofar as the meetings are held within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6 para. 1 lit. f GDPR. In this case too our interest lies in the effective holding of online meetings.
Recipients/Transfer of data
Personal data that is processed in connection with participation in online meetings will not be transferred to third parties, unless the data is intended for transfer. Please note that content from online meetings and face-to-face meetings is often used to communicate information to customers, interested parties or third parties and is therefore intended for transfer.
Additional recipients: The provider of Microsoft Teams necessarily obtains knowledge of the above-mentioned data to the extent that this is provided for in our commissioned processing contract with Microsoft Teams.
If you contact us via a contact form, Heidelberger Druckmaschinen AG will process your first name, last name, job title, company and number of employees, and your contact details (telephone number and e-mail address), the content of the message and, on a voluntary basis, the customer number provided. The processing of the data is carried out to deal with your request and is necessary in order to handle the request. Contact details are processed in order to respond to queries and communicate on the matter. If you are assigned to an advisor, the data will be passed on to the advisor (acting as a self-employed commercial agent) and the advisor’s employees for processing.
Processing for the purpose of initiating and implementing contracts is based on Art. 6 para. 1 lit. b GDPR. The legal basis for the processing otherwise depends on your specific request.
You will find more detailed information on data protection in the context of the respective communication objectives and partners.
If you submit an application via the job search function on this website, your personal data will be processed by German service provider rexx systems GmbH (processor) on behalf of Heidelberger Druckmaschinen AG (controller). The commission is contractually regulated in accordance with the legal data protection requirements for order processing (Art. 28 GDPR). Click here to read the privacy policy of the data processor.
Further information on data protection is provided in the context of the application procedure or in the following document:
Privacy policy for applications to Heidelberger Druckmaschinen AG (pdf)
This website also integrates functions of the social media service Twitter. These functions are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). If you use Twitter and the retweet function, the websites visited by you are linked to your Twitter account and disclosed to other users. Data is also transferred to Twitter in the process. To do this, your Internet browser establishes a direct connection to the Twitter servers and transmits data to Twitter. Please note that we have no knowledge of the content of the data transmitted or of its use by Twitter. Further information on this is available in Twitter’s privacy policy. You can amend your data protection settings with Twitter in the account settings.
This website also includes plug-ins from the social network Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram”). You can recognize the Instagram plug-in by the Instagram button on our site.
If you click the Instagram button while logged into your Instagram account, you can link the contents of our pages to your Instagram profile. This allows Instagram to associate your visit to our pages with your user account. Please note that we have no knowledge of the content of the data transmitted or of its use by Instagram. Please see Instagram’s privacy policy for more information.
Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Every time you access one of our pages containing LinkedIn features, a connection to LinkedIn's servers is established. LinkedIn is informed that you have visited our web pages with your IP address. When you click on the LinkedIn button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our site with you and your account. Please note that, as provider of the web pages, we have no knowledge of the content of the data transmitted or of its use by LinkedIn.
The LinkedIn plug-in is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in achieving the widest possible degree of visibility on social media.
Further information on this is available in LinkedIn’s privacy policy.
Our website uses features of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.
Every time you access one of our pages containing XING features, a connection to XING’s servers is established. No personal data is stored in the process, to our knowledge. In particular, no IP addresses are stored or usage behavior evaluated.
The XING plug-in is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in achieving the widest possible degree of visibility on social media.
Further information on data protection and the XING share button can be found in XING’s privacy policy.
We use a consent management platform. The service lets you decide which of the various services available on our web pages (associated with personal data processing) you wish to use only on the basis of consent. It also allows us to document your consent to the data processing and to provide the legally required proof of this. Your declaration applies to all our web pages and apps.
The following data is processed:
The legal basis of the processing is Art. 6 para. 1 lit. f GDPR in conjunction with Art. 7 para. 1 GDPR.
Regarding data retention: All information is stored for three years from the end of processing. The legal basis for this is our obligation to document the fulfillment of the data protection requirements according to Art. 6 para. 1 lit. c GDPR in conjunction with Art. 5 para. 2 and Art. 24 GDPR, combined with our legitimate interest in proving compliance under Art. 6 para. 1 lit. f GDPR in conjunction with Section 41 of the German Federal Data Protection Act (BDSG), and with Section 41 para. 2 no. 1 of the German Administrative Offenses Act (OWiG). The platform is operated by our commissioned processor, Usercentrics GmbH, Sonnenstrasse 23, 80331 Munich, Germany.
You can find more information about data protection at Usercentrics here.
Name: ssm_au_c
Provider: Usercentrics
Description: This cookie is used to manage the cookie consent on our page and to store your preference.
Expiration: Persistent until you delete cookies from your browser or changes inside the cookie consent tool are undertaken
If you download images or click on a link in a Heidelberger Druckmaschinen AG newsletter or in one of our other marketing e-mails, this is automatically logged by ClickDimensions via an e-mail tracking service. The usage information generated will be stored on our server in Germany and used for statistical usage analysis. We also use the opportunity to check whether you have opened the e-mail and which links you have clicked. Forwarded messages are tracked in the same way on the basis of Art. 6 para. 1 lit. f GDPR. The results help us to measure the success and reach of our newsletters and e-mails, as well as to continuously improve the content of our newsletters and make the information offered on our web pages more interesting for you.
ClickDimensions never stores information in the LSO section of your computer, i.e. we never use ‘flash cookies’ (local shared objects, LSO for short). ClickDimensions does not use any visitor identification technology that involves sharing information that you provide with other websites.
Data processed:
The legal basis for the processing of the personal data of users is your consent in accordance with Art. 6 para. 1 lit. a GDPR. In the course of this, your data may also be processed in third countries. To ensure an adequate level of data protection, we have concluded a contract with the service provider containing EU standard clauses for contract processors.
If you have given your consent, we use a scoring procedure to calculate probability values according to a scientifically recognized mathematical-statistical method that is intended to help justify a possible contractual relationship with a company. This data helps with decision-making in the context of product deals, for example, and is incorporated into our risk management. In accordance with Art. 9 GDPR, information on nationality and special categories of personal data are not processed.
We may also store your data for a longer period of time if necessary, for example to assert or defend legal claims, solve technical problems, or analyze security incidents.
If you do not agree with the storage and analysis of this data, you can unsubscribe from the respective newsletter or by clicking on the following link, from the marketing e-mails: click here.
You can find an overview of the cookies set by ClickDimensions, including the storage period, below:
Name: cuvid
Provider: ClickDimension
Description: This cookie is typically written to the browser upon the first visit to the site from that web browser. If the cookie is deleted by the browser operator and the browser then visits the page, a new __cuid cookie is written. This cookie is used to identify unique visitors to the site and is updated with each page view. Additionally, this cookie is provided with a unique ID that the application uses to ensure both the validity and accessibility of the cookie as an extra security measure.
Expiration: 2 years after setting/updating
Name: cusid
Provider: ClickDimension
Description: This cookie is used to establish and continue a user session with the site. When a user views a page on the site, the script code attempts to update this cookie. If the cookie is not found, a new one is written and a new session established. Each time a user visits another page of the site, this cookie is updated to expire in 30 minutes. This way, a single session will continue as long as the user activity is continued within 30 minutes. This cookie expires when a user pauses on a page of the website for more than 30 minutes.
Expiration: 30 mins after setting/updating
Name: cuvon
Provider: ClickDimension
Description: Is used to indicate when a visitor has last viewed a page.
Expiration: 30 mins after setting/updating
Name: cs_optout_accountkey
Provider: ClickDimension
Description: “accountkey” in the cookie name is a placeholder. This text would correspond to your specific account key. This cookie is generated when a visitor disables tracking. As long as it is in place, no web tracking data is generated for this visitor.
Expiration: 6 months after setting/updating
We use Google Tag Manager. The provider of the Google Tag Manager component is Alphabet Inc. This service enables website tags to be managed via an API. Google Tag Manager only implements tags. This means that cookies are not used and no personal data is collected. Google Tag Manager triggers other tags that can be used to collect data, however, Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.
This is a conversation search platform and a configurator. We use Zoovu for our PANTONE® Manager, where customers can search for a color that meets their requirements.
The following data is processed by Zoovu:
To opt out of the data processing, click here. We would like to point out that the functions of our eShop may be limited as a result.
Some of our web pages use plug-ins from Youtube.de/youtube.com. These are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit Heidelberger Druckmaschinen AG web pages that are equipped with a plug-in of this type, a connection to YouTube servers is established and the plug-in is displayed on the page via a message to your browser. This causes cookies (VISITOR_INFO1_LIVE, PREF, YSC) to be stored on your computer. The YouTube server will then receive information as to which of our web pages you have visited. If you are registered as a YouTube member, YouTube will assign this information to your personal user accounts on these platforms. If you use these plug-ins, for example by clicking the start button to play a video or audio file or by sending a comment, this information will be associated with your YouTube user account. You can prevent this by logging out of YouTube before accessing the file or sending a comment.
The information required for the selected action is transmitted on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR for the purpose of advertising products and offers from Heidelberger Druckmaschinen AG.
The purpose and scope of the data collection and use by Google, and your rights and setting options for protecting your privacy as a YouTube user can be found in YouTube’s privacy policy.
To provide you with podcasts, we use the podcast hosting service of our commissioned processor Podigee UG, Am Walde 2, 56249 Herschbach, Germany. The podcasts are loaded by Podigee or transmitted via Podigee, so when you access a podcast integrated in our web pages, data is transmitted to our service provider.
The use is based on our legitimate interests, i.e. our interest in the secure and efficient provision, analysis and optimization of our range of podcasts in accordance with Art. 6 para. 1 lit. f GDPR.
Podigee processes IP addresses and device information to enable podcasts to be downloaded/played and to determine statistical data, such as download numbers. This data is anonymized or pseudonymized before being stored in Podigee’s database unless it is required for the provision of the podcasts. Data that is required for provision of the podcasts will be deleted no later than seven days after this provision if it is not required for billing purposes (see above under “How long will your data be stored?”).
Click here to see Podigee’s privacy policy.
This service (e.g. for contact forms, and newsletter registrations) is used for purposes of identification and to prevent the services provided from being misused by machines. “Captchas” are generated and verified on application servers from Heidelberger Druckmaschinen AG. No data is transmitted to third parties in the process.
Data processed:
The privacy policy of the data processor can be found here.
Click here to opt out on all the processing company's domains.
To optimize the loading times of our website and our online eShop application, we use a so-called content delivery network (CDN) offered by Akamai Technologies, Inc., 150 Broadway, Cambridge, MA 02142, USA.
Akamai is a content delivery and cloud infrastructure service provider that coordinates and optimizes the load balancing of web content for online applications. We use Akamai services to speed up our websites so that they can provide an acceptable response time worldwide.
The legal basis for the processing of users' personal data is our legitimate interest in providing an online presence that can be used worldwide without restriction in accordance with Art. 6 para. 1 lit. f GDPR.
Data processed:
Transfer to third countries: With every processing, Akamai transfers personal data (from the log files, e.g. IP addresses) to the USA, as certain servers for processing the log files are only located in the USA. In order to ensure that this transfer of personal information from the EU to the USA complies with the data protection regulations, Akamai has been certified under the Privacy Shield program (see: https://www.privacyshield.gov/EU-US-Framework). Through this program, Akamai Technologies, Inc. guarantees that it complies with European data protection law. Akamai Technologies, Inc.’s privacy policy additionally applies.
Information on the privacy policy of Akamai Technologies. Inc. can be found here. The company’s data protection officer can be contacted directly at the following e-mail address: privacypolicy@akamai.com
We use a plug-in from the New Relic web analysis service on this website. It enables us to record statistical evaluations of the speed of the website, to determine whether the website can be accessed, and how quickly the respective page is displayed when accessed. This service is operated by New Relic Inc. (188 Spear Street, Suite 1200, San Francisco, CA 94105, USA; “New Relic”).
New Relic uses cookies. When you visit one of our web pages, your browser establishes a direct connection with the servers of New Relic.
Through the integration of the plug-in, New Relic is informed that a user has accessed the corresponding page of our website. If the user is logged in at New Relic, New Relic can assign the visit to the user’s New Relic account. If a user is not a member of New Relic, New Relic nevertheless saves the user’s IP address.
The legal basis for the processing of personal data is our legitimate interest in the evaluation of the availability and speed of our website in accordance with Art. 6 para. 1 lit. f GDPR. Heidelberg does not receive any personal data from New Relic, but only anonymous, statistical evaluations.
Information on data protection at New Relic can also be found in New Relic’s privacy policy or you can contact the data protection officer at New Relic at the following e-mail address: mail@legislator.de.
If you are a member of New Relic and do not want New Relic to collect data about you through this website and link it with your membership data stored at New Relic, you should log out of New Relic before visiting the website.
We use Google Analytics, a web analysis service provided by Google Ireland Ltd. (“Google”) for the purpose of designing our pages to meet your needs and continuously optimizing them. This use is on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Google Analytics uses cookies, which enable an analysis to be performed of your use of our websites and online services. In this connection, our commissioned processor Google creates pseudonymized user profiles and uses cookies.
Data processed:
Google Analytics is only used by us in conjunction with activated IP anonymization (IP masking). This means that users’ IP addresses are truncated by Google for users within member states of the European Union or other states party to the agreement on the European Economic Area. Only in exceptional cases (e.g. in the event of a technical defect in the European Union) is the IP address sent to a US server and truncated there.
The IP address anonymization method used by Google does not write IP addresses to a disk, as anonymization takes place in the main memory immediately after the request is received. We do not receive any personal data from Google, only anonymized statistics.
On behalf of the operator of this website, Google will use this information to analyze your use of the website, compile reports on website activities, and provide further services to the website operator in relation to the website use and Internet use. The IP address transmitted by your browser through Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website.
Transfer to third countries (outside the EU and the EEA): Google receives personal data in the course of analyzing user behavior on the basis of your consent and processes this data worldwide if necessary for the provision of the services:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland
Tel: +353 1 543 1000
Fax: +353 1 686 5660
E-mail: support-deutschland@google.com
We store the data on pseudonymized profiles that cannot be associated with any individual person for a period of 26 months to prevent cases of abuse and to optimize our web pages. This data is automatically deleted after 26 months. Move your mouse over here to opt out on all domains of the processing company or to download the browser add-on to deactivate Google Analytics.
Name: _ga, _gat
Provider: Google Universal Analytics
Description: Both analyse browsing pattern and allow creation of flow statistics; _ga is used to distinguish individual users by means of designation of a randomly generated number as client identifier (based on browser and device), which allows calculation of visits and sessions; _gat is used to distinguish between the different monitoring objects created in the session.
Expiration: _ga | Two years from settings, update or until you delete cookies from your browser; _gat | 20 minutes from settings or update
Name: Source
Provider: Google Universal Analytics
Description: Captures the origin from where a user came on our pages.
Expiration: 1 year from settings or update
With your consent under Art. 6 para. 1 lit. a GDPR, we use Google Analytics advertising features on our web pages. This enables us to display personal offers to you, including outside the websites hosted by Heidelberger Druckmaschinen AG.
Data processed:
By linking your anonymous usage data collected through Google's DoubleClick Advertising Network, we can analyze the demographic composition of our website visitors and impact on our users' interests. This helps us to present you with better and above all more relevant advertising.
You can revoke your consent at any time with future effect: More information and opt-out.
This website uses the functions of Google Analytics Remarketing. The provider of these solutions is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user patterns on our website (e.g., clicks on specific products), to allocate a certain advertising target groups to you and to subsequently display matching online offers to you when you visit other online offers (remarketing or retargeting).
Moreover, it is possible to link the advertising target groups generated with Google Remarketing to device encompassing functions of Google. This makes it possible to display interest-based customized advertising messages, depending on your prior usage and browsing patterns on a device (e.g., cell phone) in a manner tailored to you as well as on any of your devices (e.g., tablet or PC).
If you have a Google account, you have the option to object to personalized advertising under the following link:
https://www.google.com/settings/ads/onweb/.
The use of Google Remarketing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the marketing of the operator’s products that is as effective as possible. If a respective declaration of consent was requested, processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time. For further information and the pertinent data protection regulations, please consult the Data Privacy Policies of Google at:
This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze the how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes. We use Google Conversion Tracking on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the analysis of the user patterns with the aim of optimizing both, the operator’s web presentation and advertising. If a respective declaration of consent was requested (e.g., concerning the storage of cookies), processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time. For more information about Google Conversion Tracking, please review Google’s data protection policy at: https://policies.google.com/privacy?hl=en
To measure conversion rates, this website uses the visitor activity pixel of Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too. This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns. For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy. This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data. The use of Facebook Pixel is based on Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in effective advertising campaigns, which also include social media. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook. In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at:
https://www.facebook.com/about/privacy/.
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook. If you do not have a Facebook account, you can deactivate any user-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
This website uses the Insight tag from LinkedIn. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data processing by LinkedIn Insight tag
We use the LinkedIn Insight tag to obtain information about visitors to our website. Once a website visitor is registered with LinkedIn, we can analyze the key occupational data (e.g., career level, company size, country, location, industry, job title) of our website visitors to help us better target our site to the relevant audience. We can also use LinkedIn Insight tags to measure whether visitors to our websites make a purchase or perform other actions (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also features a retargeting function that allows us to display targeted advertising to visitors to our website outside of the website. According to LinkedIn, no identification of the advertising addressee takes place. LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser characteristics and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data will then be deleted within 180 days. The data collected by LinkedIn cannot be assigned by us as a website operator to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own promotional activities. For details, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal basis
The use of LinkedIn Insight is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.
Objection to the use of LinkedIn Insight Tag
You can object to LinkedIn’s analysis of user behavior and targeted advertising at the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
In addition, LinkedIn members can control the use of their personal information for promotional purposes in the account settings. To prevent LinkedIn from linking information collected on our site to your LinkedIn account, you must log out of your LinkedIn account before you visit our site.
Revised and posted as of 01/13/2022.
Social Media and Facebook
This website uses social plug-ins from Facebook, LinkedIn, Xing, Google and YouTube. These are offerings from the US companies Facebook and Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)).
We are responsible for the transmitted data together with Facebook under data protection law, but this is limited to the transmission of your communication data from our web pages to Facebook.
When you visit a page containing a plug-in of this type, your browser will connect to Facebook or Google and the content will be loaded from these pages. Your visit to this website may be tracked by Facebook and Google, even if you do not actively use the social plug-in function. If you have an account with Facebook or Google, you can use a social plug-in of this type and share information with your friends. Heidelberger Druckmaschinen AG has no influence on the content of the plug-ins and the transmission of information.
Facebook and Google provide detailed information on the scope, type, purpose and further processing of your data on their websites, where you will also find further information on your rights and setting options to protect your privacy.
Our website contains links to our Facebook fan page. If you follow these links, you will leave the website or app of the Heidelberg Group, where the Heidelberg Group is the sole data controller, and switch to a Facebook fan page where the Heidelberg Group shares the role of data controller with Facebook.
The legal basis for this processing by Heidelberg is our legitimate interest in advertising our company and its services in accordance with Art. 6 para. 1 lit. f GDPR.
For more information about Facebook’s data protection provisions, please see its privacy policy. Further information on our shared responsibility with Facebook can be found here.
Facebook privacy policy
Google privacy policy