Privacy Statement

DR. JOHANNES HEIDENHAIN GmbH is pleased about your interest in our company and products. The protection of your personal data is important to us, and we want you to feel secure when visiting our website.

§ 1 Controller, data protection officer and the collection of personal data

(1) The following provides information about the collection of personal data during the use of our website. Personal data are all data that are related to you personally, such as your name, mailing address, e-mail addresses, and user behavior.

(2) The controller pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) is:

DR. JOHANNES HEIDENHAIN GmbH
Dr.-Johannes-Heidenhain-Straße 5
83301 Traunreut, Germany
Tel.: +49 8669 31-0
E-mail: info@heidenhain.de 
(see our legal notice at: https://www.heidenhain.com/legal-notice).

You can contact our data protection officer at:

DR. JOHANNES HEIDENHAIN GmbH
Data Protection Officer
Dr.-Johannes-Heidenhain-Straße 5
83301 Traunreut, Germany
E-mail: datenschutz@heidenhain.de 

The rights of data subjects are set forth in “§ 2 Your rights.”

§ 2 Your rights

(1) You have the following rights vis-à-vis ourselves with regard to the personal data concerning you:

  • right of access pursuant to Article 15 of the GDPR,
  • right to rectification pursuant to Article 16 of the GDPR,
  • right to erasure pursuant to Article 17 of the GDPR,
  • right to restriction of processing pursuant to Article 18 of the GDPR,
  • right to portability pursuant to Article 20 of the GDPR, and
  • right to object to data processing pursuant to Article 21 of the GDPR
  • right to withdraw consent pursuant to Article 7(3) of the GDPR

(2) Please submit any queries regarding your rights as a data subject using the contact information provided in § 1. You may also submit your queries by mail, e-mail or phone.

(3) You also have the right to submit a complaint to a data protection supervisory authority regarding our processing of your personal data. The data protection supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht
(Bavarian State Office for Data Protection Oversight)
Promenade 27
91522 Ansbach, Germany

§ 3 Collection of personal data when you visit our website

(1) If you use the website for informational purposes only, meaning that you are not registering or otherwise transferring information to us, then we collect only the personal data that your browser transfers to our server. If you wish to view our website, then we collect the following data, which we require for technical reasons in order to display our website to you and ensure stability and security (the legal basis is point f of Article 6(1) of the GDPR):

  • IP address,
  • Date and time of the query,
  • Time zone difference relative to Greenwich Mean Time (GMT),
  • Content of the query (specific site),
  • Access status/HTTP status code,
  • Data volume transmitted in each case,
  • Website from which the request originates,
  • Browser,
  • Operating system and its user interface, and
  • Language and version of the browser software.

(2) In addition to the abovementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using. Through cookies, certain types of information flow to the entity that sets them (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. Their purpose is to make our internet offerings more overall user-friendly and more effective.

(3) Use of cookies:

a) This website uses the following types of cookies, whose scope and principle of operation are explained below:

  • Transient cookies (see (b)),
  • Persistent cookies (see (c)).

b) Transient cookies are automatically deleted when you close the browser. Among them, in particular, are the session cookies. Session cookies store what is known as a session ID, with which different queries from your browser can be assigned to the joint session, thereby enabling your computer to be recognized when you return to our website, in order, for example, to prevent you from needing to register every time you change pages. Session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified duration, which may vary depending on the cookie. How long a cookie remains on your device depends on the duration or expiration date of the respective cookie, and on your browser’s settings. You can delete the cookies in your browser’s security settings at any time.

By means of these cookies, the website recalls your information and settings the next time you visit it. This makes it faster and easier for you to access the website because you do not need to reset the desired language, for example.

d) You can configure your browser settings as you wish and, for example, refuse to accept third-party cookies or any cookies at all. In this case, you might not be able to use all of this website’s functions.

For more information, see our Cookie settings.

When you visit our website, we will inform you about the types of cookies used by us and will give you the opportunity to agree to or decline individual types of cookies. We load unnecessary cookies only after you have agreed to using the respective types of cookies.

§ 4 Additional functions and offerings of our website

(1) Along with the purely informational use of our website, we offer various services that you can use if interested. To do this, you will usually need to provide other personal data, which we will use in order to provide the respective service and to which the abovementioned data processing principles will apply. Details regarding the type and extent of the data for the respective processing activities, processing purpose, legal basis and storage duration are set forth in the following privacy statement.

(2) Furthermore, we may disclose your personal data to third parties if we offer sales campaigns, prize drawings, contracts, or similar services in cooperation with partners. Details regarding the type and extent of the data for the respective processing activities, processing purpose, legal basis and storage duration are set forth in the following privacy statement.

§ 5 Recipients or categories of recipients

(1) As a part of our activities and services, we may need to share the personal data we have stored about you with natural persons, legal persons, or other entities. If relevant, we conclude order processing contracts with our service providers such that they are permitted to process your personal data solely in a manner that accords with our explicit instructions. Furthermore, we ensure that they have taken the necessary technical and organizational measures for the secure processing of your data, and we will keep your personal data only as long as actually needed. External service providers that may receive personal data generally fall within the following categories of recipients:

  • Financial institutions and providers of payment services for invoicing and payment processing (online payment service providers)
  • Package shippers
  • IT service providers for maintaining our IT infrastructure

and managing files

  • Service providers for optimizing our online offerings
  • Organizers of sales promotions, such as special offers or prize drawings of selected partners
  • Debt collection service providers and lawyers for the collection of debts and the legal enforcement of claims. If, in the event of debt collection, your personal data (customer data, contact data, payment data, consumption point data, and data concerning the debt) are transferred to a debt collection service provider, then we will notify you about the intended data transfer in advance. 

For the purposes and to the extent required for conducting our business activities, we transfer personal data to our HEIDENHAIN Corporate Group companies.

(2) If data are processed in countries outside of the EU, then we will ensure that your personal data are processed in compliance with the data protection level of the European Union. In the absence of a decision by the EU Commission on this matter, we will transfer data solely to service providers from third countries that provide appropriate safeguards pursuant to Article 46 of the GDPR (generally, EU standard contractual clauses). In cases in which this cannot be ensured, not even through this contractual extension, we strive for further-reaching arrangements and assurances on the part of the recipient in the respective country.

§ 6 Job applications

(1) In our "Careers" area, you can apply for posted positions directly online or submit an unsolicited application. As part of the online application, we collect the information necessary for the application process at DR. JOHANNES HEIDENHAIN GmbH.

(2) If you apply for a position, you will be asked to submit certain types of personal data (including your name, address, and e-mail address). We will also ask questions related to the position. It is also required that you list your previous employment experience when applying to our company.

(3) We will treat the information that you provide to us confidentially and relay it only to those persons directly involved with the specific job application. No information will be relayed to any third parties without your express consent. If you do not wish to maintain your online application, you can withdraw it in writing at any time. Your data will automatically be deleted after six months at the latest unless you have been hired by that time or an agreement to store your data beyond that time has been reached. The legal basis for this is Article 88 of the GDPR in conjunction with Section 26 of the German Federal Data Protection Act (German abbreviation: BDSG) as well as point (b) of Article 6(1) of the GDPR (data processing for the initiation or performance of contractual relationships).

(4) If we are unable to offer you a suitable position at this time, but we believe it is possible that your application might be of interest to us or one of our companies at a later time, then we will gladly offer to save your application for a longer period if you consent. The legal basis for this is your consent in accordance with point (a) of Article 6(1) of the GDPR. For this purpose, we will request your consent in a separate e-mail or by mail. You may object to this future storage at any time, resulting in your data being immediately and irrevocably deleted.

§ 7 Objecting to or withdrawing consent for the processing of your data

(1) If you have given consent to the processing of your personal data, then you may withdraw this consent at any time with future effect. Please submit any queries regarding your rights as a data subject using the contact information provided in § 1. You may withdraw consent by mail, e-mail or phone.

(2) To the extent that we are permitted to process your data without your consent or without an existing contractual relationship, thus processing your personal data for the purpose of a legitimate interest pursuant to point (f) of Article 6(1) of the GDPR, you are permitted to object to such processing. If you file such an objection, we ask you to tell us the reason(s) why we should no longer process your personal data in the manner performed by us. In the event of a reasonable objection, we will examine the situation and either stop or adapt the data processing, or we will notify you of our compelling legitimate grounds for continuing with the data processing.

(3) You can, of course, object to the processing of your personal data for the purpose of direct marketing and data analysis at any time without providing reasons.

§ 8 Newsletters

(1) Our newsletters “Klartext News,” “TNC Club,” “TNC Update,” and “Service News” inform you about interesting news regarding TNC controls, as well as about other products and services. Depending on the newsletter, up-to-date information about training offerings and events at the HEIDENHAIN Technical Academy may be a regular part of the content. Registration is performed by means of the respective registration form, at the end of which you must confirm your consent to the use of the entered data.

(2) To send the newsletters, we use the provider Inxmail GmbH (Wentzingerstr. 17, 79106 Freiburg, Germany). The data that you enter for the purpose of receiving the newsletter (e.g., your e-mail address and name) are stored on the servers of Inxmail in Germany. To protect your data, we have concluded a data processing agreement with Inxmail pursuant to Article 28 of the GDPR.

(3) Depending on the specific newsletter, we use the “double opt-in” procedure for registration. This means that after you have registered, we will send you an e-mail to the address you have provided. In this e-mail, we will ask you to confirm that you wish to receive the newsletter. In addition, we will store the IP addresses that you use and the times of registration and confirmation. The purpose of this procedure is to prove your registration and, if necessary, to notify you regarding possible misuse of your personal data.

(4) After your confirmation, we will save your provided data for the purpose of sending the newsletter. The legal basis for this is point (a) of Article 6(1) of the GDPR. In addition, data from current customers is processed pursuant to point (f) of Article 6(1) of the GDPR.

(5) You can withdraw your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking the link provided in each newsletter e-mail or by using the e-mail address stated in the newsletter.

(6) Your data will be stored for the period during which you receive the newsletter. After you unsubscribe from the newsletter, your data will be erased unless legally required retention obligations apply.

§ 9 The “Klartext Magazine”

(1) The (biannual) “Klartext Magazine” provides you with product information and other technical information, along with technical content and service offerings from HEIDENHAIN. It will be sent to you by mail once you have been added to the distribution list.

(2) Registration is performed through a registration form, at the end of which you must confirm your consent to the use of the entered data. We will store and process your provided data for the purpose of sending you the magazine. The legal basis for this is point (a) of Article 6(1) of the GDPR.

(3) You can withdraw your consent to receiving the magazine at any time and thereby unsubscribe from it. You can withdraw your consent by sending an e-mail to klartext@heidenhain.de or by calling +49 8669 31-3132.

§ 10 Use of our “HESIS” portal

(1) The application for gaining access must be submitted in writing (by mail). Your username and password will also be sent by mail. If you want to use our portal, then you must log in by entering your username and password.

(2) If you use our portal, then, pursuant to point (b) of Article 6(1) of the GDPR, we will process your data that is required for the fulfillment of the contract until you fully delete your account. For the period in which you use the portal, we will continue to store the data that you voluntarily provide unless you delete these data beforehand. The legal basis is point (f) of Article 6(1) of the GDPR. Other portal participants have no access to your data.

(3) For more information, please see the “Terms of use” when you register: https://www.heidenhain.com/terms-of-use.

§ 11 Membership in the “TNC Club”

(1) In order to become a member of the TNC Club, you must register at https://www.tnc-club.com/membership/become-a-member as a representative of your company. For more information, please refer to the Participation Conditions of the TNC Club of DR. JOHANNES HEIDENHAIN GmbH. All fields marked with an asterisk (*) in the registration form are mandatory; all other information is voluntary.

(2) We process the data you provide as part of the registration process for the purpose of performing the contract, pursuant to point (b) of Article 6(1) of the GDPR. For Premium memberships, we also process information about payment methods based on point (b) of Article 6(1) of the GDPR. In addition to the data processing activities required for performing the contract, we use your voluntarily provided data for the duration of your membership based on your granted consent, pursuant to point (a) of Article 6(1) of the GDPR for the following purposes:

  • Provision of the TNC Club newsletter
  • Invitation to workshops, training courses, and trade shows (if there is a regional connection with the member)

(3) Your data are deleted when your membership ends. If legally required storage periods prohibit deletion, then we will limit data processing and set the data in our CRM to inactive.

§ 12 Flowplayer

(1) Flowplayer is the provider of a streaming service for playing videos in Flash Video (FLV) format, allowing video clips to be integrated into HTML websites and played. We use this service from Flowplayer AB (Regeringsgatan 29, 5th FI, Stockholm, 111 53, Sweden).

(2) During use of the website, only the IP address is logged for the purpose of validation and for identifying the country of origin in order to prevent any misuse. The legal basis for this data processing is point (a) of Article 6(1) of the GDPR. You can withdraw your consent at any time with future effect. A data processing agreement has been concluded with Flowplayer.

(3) You can prevent the setting of cookies at any time using the appropriate settings in your internet browser. Cookies that have already been set can also be deleted in the internet browser settings. If you prevent the setting of cookies, then it may occur that not all functions are fully available.

(4) The data will be erased if the purpose of data processing is fulfilled and no legal, contractual, or regulatory retention periods oppose their erasure.

(5) For more information, visit: https://flowplayer.com/privacy-policy.

§ 13 Contact form, establishing contact and other interactions

(1) As an interested party, you can contact us using various forms. These forms cover the following topics: customer service, product query, advisory services query, trade press and general query. When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, as well as your name and phone number if applicable) will be stored by us in order to answer your questions. If you have given your consent using the contact form, then your data may also be shared with sales partners (subsidiaries, distributors) of DR. JOHANNES HEIDENHAIN GmbH. These sales partners will then contact you in order to handle your request.

The contact form is an extra service that we provide in order for you to contact us quickly and easily. We collect the following data for the purpose of processing your query: name, address, country, company information, phone number, e-mail address, and other data that may be relevant for processing your query on an individual basis.

(2) If the data you have entered in the contact form is used by us for the purpose of fulfilling our contractual obligations or in order to take steps prior to entering into a contract, such as answering the query for which contact was established, then this data processing is pursuant to point (b) of Article 6(1) of the GDPR. In all other cases, our data processing is based on your consent pursuant to point (a) of Article 6(1) of the GDPR. Furthermore, our data processing with regard to contact requests is based on point (f) of Article 6(1) of the GDPR due to our legitimate interest in optimal contact management.

(3) The personal data stored within the scope of establishing contact are erased when the matter for which contact was established has been fully resolved and it is not to be expected that this specific establishment of contact will be relevant again in the future. In addition, we store data only if this is necessary for fulfilling legal retention periods.

(4) If we rely on contracted service providers for individual functions of our offerings, or if we wish to use your data for marketing purposes, then we will inform you about these activities below. We will also set forth the defined storage duration criteria.

§ 14 Use of Google Analytics 4

(1) If you have given your consent, then Google Analytics 4, a web analysis service from Google LLC, will be used on the website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google”). The legal basis for this data processing is your consent pursuant to point (a) of Article 6(1) of the GDPR and sentence 1 of § 25(1) of the German Federal Telecommunications Digital Services Data Protection Act (German abbreviation: TDDDG).

(2) Google Analytics uses cookies that enable the analysis of your use of our websites. The information about your use of this website, collected by means of these cookies, is usually sent to a Google server in the U.S. and stored there.

In Google Analytics 4, the anonymization of IP addresses is enabled by default. Due to IP anonymization, your IP address will be truncated by Google within the member states of the European Union or in other member states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the U.S. and truncated there. According to Google, the IP address transferred by your browser within the scope of Google Analytics will not be combined with other data from Google. During your visit to the website, your user behavior will be tracked in the form of "events." Events may include the following:

  • The opening of pages
  • The first visit to a website
  • The beginning of the session
  • Your click path and interaction with the website
  • Scrolling (whenever a user scrolls to the end of the page (90%))
  • The clicking of external links
  • Internal searches
  • Interaction with videos
  • File downloads
  • Seeing/clicking on adds
  • Language setting

Other collected information:

  • Your approximate location (region)
  • Date and time of the visit
  • Your IP address (in truncated form)
  • Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
  • Your internet provider
  • The referrer URL (via which website/means of advertising you arrived at this website)

(3) On behalf of the operator of this website, Google will use this information to evaluate your usage of the website and to prepare reports on website activities. The purpose of the reports prepared by Google Analytics is to analyze the performance of our website.

(4) The recipients of the data may be the following:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a data processor pursuant to Article 28 of the GDPR)
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

It cannot be ruled out that United States officials have access to the data stored at Google.

(5) The European Commission adopted its adequacy decision for the United States on July 10, 2023. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework. Because Google servers are spread out around the world and the transfer of data to third countries cannot be fully ruled out, we have also concluded the EU standard contractual clauses and a data processing agreement with the provider.

(6) The data sent by us and tied to cookies will be automatically deleted after 14 months. The maximum duration of Google Analytics cookies is two years. The deletion of data whose storage duration has been reached is performed automatically once per month.

(7) You are entitled to revoke your consent with future effect at any time by opening the cookie settings and changing your selection. The legal basis for the consensual processing of data until revocation remains unaffected by this.

You can also prevent the storage of cookies from the outset via the relevant setting in your browser software. If you configure your browser such that all cookies are rejected, then the functionality of this and other websites may be limited. You can also prevent the collection of data that are generated by the cookie and related to your usage of the website (including your IP address) by Google and the processing of these data by Google as follows:

a.) By not granting your consent for the setting of the cookie, or

b.) By downloading and installing from here the browser add-on for deactivating Google Analytics.

For more information, please refer to the Terms of Service and the Privacy Policy of Google Analytics.

§ 15 Google Tag Manager

(1) We use the Google Tag Manager (GTM) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). We use this tool to organize the scripts used on our page and to check when they are executed. The purpose of GTM is the centralized configuration and management of the data collection. This service also allows website tags to be managed. GTM does not set any cookies itself but rather only tags; nor does it collect personal data. Under certain circumstances, however, GTM may cause the triggering of other tags that record personal data. In this case, the data are passed on but are not collected or stored. For more information about data privacy with Tag Manager, please visit this site.

Any possible data processing via GTM takes place on servers in data centers within the European Union. Unfortunately, when Google products are used, it cannot be ruled out that at least metadata and diagnostic data are sent to the United States.

We have concluded a data processing agreement, including the EU standard data protection clauses, with Google pursuant to Article 28 of the GDPR. In addition, Google is already certified under the new EU-U.S. Data Privacy Framework, which legally protects the transfer of data to the United States. For more information, please visit this site.

(2) We use GTM on the basis of our legitimate interest pursuant to point (f) of Article 6(1) of the GDPR. If other services used through GTM require consent pursuant to sentence 1 of § 25(1) of the TDDDG, then we will use them only if you have granted consent via the cookie banner. For more information about the legal basis and the storage duration, visit our Cookie settings.

(3) Google processes a large number of other personal data items for its own purposes. We have no influence on this data processing by Google. To the extent that Google processes personal data in connection with legitimate business purposes, Google is an independent controller for such data processing activities and, as such, is responsible for complying with all applicable data protection regulations. If you require information about the data processing performed by Google, please view the relevant statement from Google: https://policies.google.com/privacy?hl=en

§ 16 Google Looker Studio

(1) Google Looker Studio is a free tool for creating reports using various sources of data. Google Looker Studio can draw on data collected by Google products such as Google Analytics and Google Ads (referred to as Google Connectors). For more information about Google Connectors, please refer to the Google Privacy Policy.

(2) The purpose of the tool for online marketing is a clear presentation in the form of report creation. For complete information about the extent of data processing, the legal basis and the storage duration when cookies are used, please refer to our Cookie settings.

(3) Use of third-party providers: Along with Google Connectors, Google Looker Studio can pass on data for processing in Google Looker Studio, including data of third-party providers, via an API programmed with Google Apps Script.

(4) Google Looker Studio belongs to Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 1 686 5660. For more information, please see the Google Privacy Policy.

§ 17 Cookiebot

(1) We have embedded the cookie consent tool “Cookiebot” to allow you to decide about the cookies used. Cookiebot is a product of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark; it shows you a list of cookies grouped according to function, and it explains the purposes of these groups as well as of the individual cookies and their storage time.

(2) With Cookiebot, we inform our users about the cookies used on the website, thus enabling users to decide which cookies should be used. If a user gives his consent for cookies to be used, then the following data are logged: anonymized IP number of the user; date and time of consent; user agent of the end user's browser; URL of the provider; an anonymous, random, and encrypted key, and the permitted cookies of the user (cookie status). The cookie status serves as a proof of consent. The encrypted key and the cookie status are stored on the user's device by means of a cookie in order to restore the corresponding cookie status when the pages are opened in the future. The user can prevent or stop the installation of the cookie along with its storage and thus the user's cookie consent at any time in his browser's settings. This cookie is automatically deleted after twelve months.

(3) The legal basis for this is points (f) and (c) of Article 6(1) of the GDPR. Our legitimate interest is the user friendliness of our website and the fulfillment of the legal requirements of the GDPR. Usercentrics offers more information about data protection at https://www.cookiebot.com/en/privacy-policy/.

§ 18 Google Analytics Remarketing

(1) Our website uses the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For complete information about the extent of data processing, the legal basis and the storage duration when cookies are used, please refer to our Cookie settings.

(2) This functionality makes it possible to link marketing target audiences created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. Personalized, interest-based marketing messages that have been tailored to you based on your prior surfing and usage behavior on one of your end devices (e.g., a cell phone) can thereby be displayed on another one of your end devices (e.g., a tablet or PC). To support this feature, Google Analytics collects Google-authenticated IDs of users who are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising.

(3) The legal basis for this data processing is your consent provided via the cookie banner, pursuant to point (a) of Article 6(1) of the GDPR. You are entitled to revoke your consent with future effect at any time by opening the cookie settings and changing your selection. You can also prevent the storage of cookies by configuring the proper setting in your browser software, but you may then not be able to fully use all the functions of this website. You can also prevent Google’s collection of the cookie-generated data related to your use of the website (including your IP address), as well as the processing of these data by Google, by either withholding your consent to having the cookie set or by permanently opting out of cross-device remarketing/targeting by deactivating personalized ads in your Google account; to do so, follow this link: https://www.google.com/settings/ads/onweb/.

(4) The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as the data processor. For this reason, we have concluded an order processing agreement and the EU standard data protection clauses with Google. Google LLC, domiciled in California, United States, and, if applicable, U.S. authorities can access the data stored at Google. 

(5) For more information, please refer to the Google Privacy Policy.

§ 19 Google Ads

(1) Google Ads is an advertising system of the Google LLC: Advertisers can use it to place ads primarily based on search results during usage of Google's services. For complete information about the extent of data processing, the legal basis and the storage duration when cookies are used, please refer to our Cookie settings.

(2) Google Ads uses personal data for the personalization of advertisements and cookies, as well as for personalized and non-personalized advertising. In addition, locally stored tags are collected.

(3) The purpose of data collection and processing is advertising that is personalized and tailored to the customer. The legal basis for this is your consent pursuant to point (a) of Article 6(1) of the GDPR.

(4) Google Ads belongs to Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 1 686 5660. For more information, please see the Google Privacy Policy.

§ 20 Google reCAPTCHA

(1) We use Google reCAPTCHA (hereinafter: “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For complete information about the extent of data processing, the legal basis and the storage duration when cookies are used, please refer to our Cookie settings.

(2) The purpose of reCAPTCHA is to determine whether the data entered on our websites (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of website visitors based on various parameters. This analysis starts automatically as soon as a website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of information (e.g., IP address, the user’s session duration, or cursor movements performed by the user). The data tracked during such analyses are forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.

(3) This data processing is performed on the basis of your consent that you grant when opening the contact form through the cookie banner, pursuant to point (a) of Article 6(1) of the GDPR.

(4) Within the scope of use of reCAPTCHA, data may be sent to Google. For this case, we have concluded a data processing agreement and the EU standard data protection clauses with Google. Google LLC, domiciled in California, United States, and, if applicable, U.S. authorities can access the data stored at Google. For more information, please refer to the Google Privacy Policy.
 

§ 21 Matomo

(1) We use Matomo web analysis software to analyze the usage of our website and to understand what interests the users on our websites (i.e., reach analysis). Based on the statistics gathered, we can improve our offerings and make them more interesting to you as the user.

(2) Cookies are stored on your computer for the purpose of this analysis. You can end this evaluation by deleting existing cookies or by preventing the storage of new cookies. The legal basis for this data processing is your consent provided via the cookie banner, pursuant to point (a) of Article 6(1) of the GDPR. You may withdraw your consent with future effect at any time by opening and changing your selected cookie settings. For complete information about the extent of data processing, the legal basis and the storage duration when cookies are used, please refer to our Cookie settings.

(3) This website uses Matomo with the extension “AnonymizeIP”. As a result, IP addresses are processed in truncated form, making it impossible to associate them directly to any individual. The IP address transmitted by your browser by means of Matomo is not combined with other data that we collect.

(4) The Matomo program is an open-source project. Go to http://piwik.org/privacy/policy for the third-party provider’s information about data protection.

§ 22 Online presence on social media sites and portals

(1) We maintain an online presence on the social networks and platforms stated below (e.g., employer evaluation portals). From a data protection perspective, we and the platform operators are therefore joint controllers (Article 26 of the GDPR). Wherever possible, we have concluded a contract regarding joint responsibility (see below). Our corporate presences on social media portals are a means of communicating with customers, users, and interested parties, and they serve marketing and market research purposes. If you contact us through our social media channels, then we will process the data that you provide to us, along with the data that are required for processing the query (point (b) of Article 6(1) of the GDPR). The processing of other data is performed pursuant to point (f) of Article 6(1) of the GDPR based on a legitimate interest in direct communication with users and in optimizing the design of our online presence. If you grant your consent to the operators of the respective social media platforms (e.g., via an opt-in checkbox), then processing will be performed pursuant to point (a) of Article 6(1) of the GDPR. You can withdraw your consent from the provider of the respective platform at any time with future effect.

On the IndustryArena social media platform, corporate profiles can be created, and blog articles can be written and uploaded. IndustryArena also includes a forum for interacting with users.

(2) When you open our social media pages, your user data will be recorded and provided to us by the provider. The exact types of data differ from provider to provider but usually encompass the following information:

  • Followers: Number of followers and stored profiles; information about increases and the trend over a defined period.
  • Reach: Number of persons who see a specific post; number of interactions for a post. Based on this information, it can be determined which content is more popular in the community than other content, for example.
  • Ad performance: How many people were reached by a post or a paid ad, and how many have interacted with it?
  • Demographics: Average age of the visitor, as well as gender, place of residence, language.

(2) If you register on the platforms, then server log data are also collected and stored for technical reasons. The legal basis for this is point (f) of Article 6(1) of the GDPR.

(3) Because our social media channels are operated by the providers of the respective social networks, these providers may also use your personal data. We have no influence over this usage. This often involves the recording of your IP address, the creation of statistical evaluations, and the processing of further information that is stored in the form of cookies. These data are also often used to show interest-related advertisements to you both on and outside of the platform. As a profile operator, we have no influence on advertisement generation or appearance and can neither deactivate this function nor prevent this processing of data. To the extent possible, we have linked all other data privacy information of the platform operators below.

(4) The assertion of rights of data subjects and requests for information can most effectively be made directly with the providers of the platforms because they alone have access to your data and can take immediate action. If our cooperation is required for this, then we will support you as needed in enforcing your rights as a data subject.

(5) The providers of the networks we use are listed below. For more information about the terms of use and data protection of the respective platforms, as well as detailed information regarding further data processing and the respective possibilities for objection, refer to the pages of the providers at:

LinkedIn (LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland). Privacy policy: https://www.linkedin.com/legal/privacy-policy; opt-out link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 
agreement on joint responsibility pursuant to Article 26 of the GDPR:
https://legal.linkedin.com/pages-joint-controller-addendum

Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany): https://privacy.xing.com/en/privacy-policy; agreement on joint responsibility pursuant to Article 26 of the GDPR: Unfortunately, not offered by Xing to date.

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) https://policies.google.com/privacy?hl=en&gl=de; agreement on joint responsibility pursuant to Article 26 of the GDPR: https://support.google.com/analytics/answer/9012600?hl=en

Instagram (Meta Platforms, Inc., represented by Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland):
http://instagram.com/legal/privacy/
https://www.facebook.com/business/gdpr
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

Agreement on joint responsibility pursuant to Article 26 of the GDPR:
https://www.facebook.com/legal/controller_addendum

IndustryArena (IndustryArena LLC, represented by IndustryArena GmbH, Katzbergstraße 3, 40764 Langenfeld, Germany): https://en.industryarena.com/privacy; agreement on joint responsibility pursuant to Article 26 of the GDPR: Not offered.

§ 23 Webinars about Microsoft Teams

(1) As part of our training offerings, we offer a variety of webinars. The personal data that you share with us when registering for a webinar (surname, first name, and e-mail address) are processed by us for the purpose of holding the respective webinar. The legal basis for this is point (b) of Article 6(1) of the GDPR. If you do not want your e-mail address to be processed, then it is possible to participate in the events anonymously.

(2) To hold our webinars, we use the Microsoft Teams service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (Microsoft). Microsoft Teams is part of the Mircosoft 365 cloud application. Data processing with Microsoft 365 is carried out on servers in data centers within the European Union. Unfortunately, when Microsoft products are used, it cannot be ruled out that at least metadata and diagnostic data are sent to the United States.

We have concluded a data processing agreement, including the EU standard data protection clauses, with Microsoft pursuant to Article 28 of the GDPR. In addition, Microsoft is already certified under the new EU-U.S. Data Privacy Framework, which legally protects the transfer of data to the United States. For more information, please visit this site. Accordingly, for Microsoft 365, we have agreed to extensive technical and organizational measures with Microsoft that meet the currently applicable state of the art for IT security.

During the use of Microsoft Teams, we process the following personal data:

  • Communication data (i.e., data that you share with us when registering for a webinar: surname, first name and e-mail address)
  • Log files, log data
  • Metadata (e.g., IP address, time of participation)
  • Profile data (e.g., user name, if you volunteer it)

(3) The video conference function of Microsoft Teams allows us to offer you participation in our webinars via video and audio. During these webinars, the event may be recorded under certain circumstances. In this case, we and/or the event leader will gather the relevant consent for data processing from all participants. This recording is performed based on point (a) of Article 6(1) of the GDPR. Please note that withdrawing your consent during the event will result in participation in the webinar no longer being possible. The recordings will be stored in Teams for a maximum of 60 days. This does not apply to recordings that were downloaded by the user and stored locally.

(4) By signing up for our webinars, you are entering into a contractual relationship with us. All software products required for holding the events, and the relevant processing of your personal data, are therefore pursuant to point (b) of Article 6(1) of the GPDR.

(5) We store your personal data for as long as a contractual relationship with you exists, for as long as we have a legitimate interest in continued storage and usage, or for as long as we are legally required to do so. We normally erase the collected data from our databases after the webinar has been held unless legal retention obligations apply.

(6) If you use Teams, then data are also passed on to Microsoft, the provider. Microsoft itself processes a large number of other personal data items for its own purposes. We have no influence on this data processing by Microsoft. To the extent that Microsoft Teams processes personal data in connection with legitimate business purposes, Microsoft is an independent controller for such data processing activities and, as such, is responsible for complying with all applicable data protection regulations. If you need information about data processing by Microsoft, then please view the relevant declaration by Microsoft:

https://learn.microsoft.com/en-us/microsoftteams/Teams-overview

https://www.microsoft.com/en-us/privacy/privacystatement

§ 25 Data privacy notice for prize drawings and promotions

DR. JOHANNES HEIDENHAIN GmbH occasionally hosts prize drawings and promotions in which customers and potential customers can participate. In the following, we would like to notify you about the processing of your personal data in conjunction with these prize drawings and promotions pursuant to Article 13 of the GDPR.

(1) If you participate in a prize drawing or a promotion, then we will process the data and information that you provide in the registration form. These data include those that are required for participation, such as:

  • First name and surname
  • E-mail address

As well as data and other information voluntarily provided by you within the scope of participating

(2) Your personal data are processed for the purpose of conducting the prize drawing or the promotion, especially for determining and notifying the winners. Additional data, such as your mailing address, may be collected and processed for the purpose of shipping and delivering the prizes.

(3) The legal basis for this processing is the fulfillment of a contractual relationship existing due to participation in the prize drawing (point (b) of Article 6(1) of the GDPR).

(4) You may object to the processing of your data at any time. To do so, send an
e-mail to datenschutz@heidenhain.de. In the case of an objection, we would like to emphasize that continued participation in the prize drawing or the promotion will be excluded.

(5) The processed data will be deleted after the completion or expiration of the prize drawing or the promotion and the handing over of the prize. If, during registration, the participant consented to receiving information about products and services of DR. JOHANNES HEIDENHAIN GmbH, then the data encompassed by this consent and other information will be processed in accordance with statutory regulations.

If personal data from you is processed, then you are a data subject as defined by the GDPR, and you are entitled to the listed rights of data subjects vis-à-vis ourselves as the controller.