The following privacy policy is divided into:

1. General information
2. Information on the processing of personal data
3. Disclosure to third parties
4. Hosting
5. Cookies
6. Use of Google Analytics
7. E-mail contact and use of the contact form
8. Integration of Google Maps
9. SSL or TLS encryption
10. Deletion of data
11. Rights regarding the processing of personal data
12. Right of objection
13. Changes to this privacy policy

1. general

Heacon Service GmbH appreciates your visit to our website www.heacon.de and your interest in our company.
We take the security and protection of your personal data entrusted to us very seriously and want you to feel safe and comfortable when visiting our website and using our services.

It is important to us that you know what personal data is collected when you make use of our offers and services and how we use it afterwards.
Insofar as our company processes personal data, this is done for the purposes stated in this privacy policy.
In addition, numerous technical and organizational measures have been implemented to ensure that the personal data processed via this website is protected as completely as possible.
Nevertheless, there is always a residual risk (e.g. security gaps in data transmissions), so that absolute protection cannot be guaranteed.
For this reason, you are free to transmit personal data to us by other means.

The controller within the meaning of the General Data Protection Regulation (Regulation (EU) 2016/679) is Heacon Service GmbH, Friedrichstraße 148, 10117 Berlin.

You can contact our data protection officer at the above postal address with the addition – Data Protection Officer – or at the e-mail address datenschutz@heacon.de.
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions.

The legal basis for the processing of personal data is Art. 6 para.
1 sentence 1 lit.
f GDPR is our legitimate interest.
Our legitimate interest lies in answering and further communication of your inquiries.
We delete the data arising in this context after storage is no longer necessary, or restrict processing if there are statutory retention obligations.

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes.
In doing so, we will also state the specified criteria for the storage period.

We would like to point out that data transmission via the Internet is currently largely unsecured.
It cannot be ruled out that transmitted data may be accessed by unauthorized persons.

2. information on the processing of personal data

Accessing our website: The website of our company collects a series of general data and information each time the website is accessed by a data subject or an automated system.
This general data and information is stored in the server log files.
The following are recorded:

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software

If this aforementioned data is used by our company, no conclusions can be drawn about the data subject.
Rather, this information is required in order to:

1. to deliver the content of our website correctly,
2. to optimize the content of our website and the advertising for it,
3. to ensure the long-term functionality of our information technology systems and the technology of our website, and
4. to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.

“The legal basis for the processing of personal data using cookies is Art. 6 para. 1 sentence 1 lit. f) GDPR.”
This anonymously collected data and information is therefore evaluated by our company both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us.
The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The controller will provide you with information about which personal data about you is stored at any time upon request.
Furthermore, the controller will correct or delete personal data at your request or indication, provided that this does not conflict with any statutory retention obligations.
A data protection officer named in this privacy policy is available to the data subject as a contact person in this context.

Other purposes: Personal data is also processed if you provide it to us voluntarily, for example as part of an inquiry or when ordering information material or a newsletter.
The legal basis is Art. 6 para.
1 lit.
b GDPR.
The data processed by us includes membership data, employee data and data from suppliers, insofar as this is necessary for the purposes stated in this privacy policy.

If you have consented to the processing of personal data, see Art. 6 para.
1 lit.
a GDPR, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You can find the text of Art. 6 GDPR here: eur-lex.europa.eu/legal-content/EN/TXT/PDF

“Revocation of consent: If you have consented to the processing of personal data, see Art. 6 para.
1 lit.
a GDPR, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.”

Right of access (Art. 15 GDPR): Right to rectification or erasure (Art. 16, 17 GDPR): Right to restriction of processing (Art. 18 GDPR): Right to object to processing (Art. 21 GDPR): Right to data portability (Art. 20 GDPR)

3. disclosure to third parties

The personal data you enter is collected and stored exclusively for internal use by the controller and for its own purposes.

The controller may arrange for the transfer to one or more processors who will also use the personal data exclusively for internal use attributable to the controller.
The transfer of data to processors takes place on the basis of Art. 28 para.
1 GDPR.

The sale of your data to third parties and/or the forwarding of data for marketing purposes is hereby excluded.

Your personal data may be forwarded to law enforcement authorities and, if necessary, to injured third parties without your express consent if this is necessary to investigate unlawful use of our services or for legal prosecution.
However, this only happens if there are concrete indications of unlawful or abusive behavior.
Data may also be passed on if this serves to enforce terms of use or other agreements.

We are also legally obliged to provide information to certain public authorities on request.
These are law enforcement authorities, authorities that prosecute administrative offenses subject to fines and the tax authorities.

This data is passed on on the basis of our legitimate interest in combating misuse, prosecuting criminal offenses and securing, asserting and enforcing claims, provided that your rights and interests in the protection of your personal data do not outweigh this, Art. 6 para.
1 lit.
f GDPR.
Data will not be transferred to third countries.

4. hosting

External hosting: This website is hosted by an external service provider (hoster).
The personal data collected on this website is stored on the hoster’s servers.
This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.

We use the following hoster: dogado GmbH, Antonio-Segni-Straße 11, D-44263 Dortmund

5. cookies

We use cookies in some areas to make our website more user-friendly for you and to tailor it optimally to your needs.
A cookie is a small file that is stored locally on your computer as soon as you visit a website.
If you visit the website again with the same end device, the cookie indicates, for example, that it is a repeat visit.

Cookies also enable us to analyze the use of our website.
The cookie does not contain any personal data and cannot be used to identify you on third-party websites, including the websites of analytics providers.

We use the following types of cookies:

• Essential/necessary cookies: These cookies are essential for the functioning of our website.
  This is, for example, the assignment of anonymous session IDs for bundling several queries to a web server or the error-free functioning of logins.
• Functionality cookies: These cookies help us to save settings you have selected or support other functions when you navigate our website.
  For example, we can remember your preferred settings for your next visit or save your login details for certain areas of our website.
• Performance/statistics cookies: These cookies collect information about how you use our website (e.g. internet browser used, number of visits, pages viewed or time spent on the website).
  These cookies do not store any information that allows the visitor to be personally identified.
  The information collected with the help of these cookies is aggregated and therefore anonymous.
• Persistent cookies: These cookies are automatically deleted after a specified period, which may vary depending on the cookie.
  You can delete the cookies in the security settings of your browser at any time.

You can consent to or reject cookies – including for web tracking – via the settings of your web browser.
You can configure your browser so that the acceptance of cookies is refused in principle or you are informed in advance when a cookie is stored.
In this case, however, the functionality of the website may be impaired (e.g. when placing orders).
Your browser also offers a function for deleting cookies (e.g. via Delete browser data).
Further information on this can be found in the operating instructions or, as a rule, in the settings of your Internet browser.

6. use of Google Analytics

(1) We use Google Analytics on our website. Google Analytics is a tracking tool and is provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Further information can be found here: Terms of use: http://www.google.com/analytics/terms/de.html Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy.

(2) Google Analytics stores cookies on your computer, which can be used to analyze the use of our website.
Data such as the user’s IP address, the website accessed, the website from which the user accessed our website, the subpages accessed from the accessed page, the time spent on the website and the frequency with which our website is accessed are stored.
The information generated by the cookie is usually transferred to a Google server in the USA and stored there.

However, if IP anonymization is activated on our website, your IP address will first be truncated by Google within the member states of the European Union or in another state party to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
This data is used to compile information about the use of the website and reports, as well as to improve our offer and make the website more interesting.

(3) We use Google Analytics on our website with the extension “_anonymizeIp()”.
This shortens your IP address so that it can no longer be traced back to you personally.

(4) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

(5) For exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield.
https://www.privacyshield.gov/EU-US-Framework.

(6) The legal basis for the processing of data using Google Analytics is your consent pursuant to Art. 6 para.
1 sentence 1 lit.
a GDPR to analyze and improve the design of our website.
This consent is voluntary.
Consent can be refused without giving reasons, without you having to fear any disadvantages as a result.
Consent can be revoked at any time in text form (e.g. letter, email).
The revocation must be sent to the contact addresses listed under no. 1.

You can change your cookie settings at any time using the following link: Cookie settings

(7) If you wish to prevent the setting and storage of cookies, you can do so by selecting the appropriate settings in your browser.
In this case, however, we would like to point out that you may not be able to use all the functions of our website to their full extent.

(8) In addition, you can prevent Google Analytics from setting a cookie to process your data by downloading and installing the browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=de.

7. e-mail contact and use of the contact form

(1) To contact us, you can use the contact form or the e-mail address provided.
Personal data such as name, e-mail address or telephone number will be processed.
We process the data provided here by the user exclusively for the purpose of contacting you and processing your associated request.

(2) The legal basis for the processing of this data is Art. 6 para.
1 sentence 1 lit.
f GDPR is our legitimate interest in contacting you and processing your request.

(3) If the request via the contact form or e-mail leads to the conclusion of a contract, the processing of the data provided is necessary for the performance of a contract.
The legal basis for this is Art. 6 para.
1 sentence 1 lit.
b GDPR.

(4) The data provided will be processed until it is no longer required to achieve the purpose.
The purpose is no longer achieved when the user’s request has been conclusively clarified and the contact has ended.

(5) The user has the option to object to data processing at any time.
In this case, the data provided for making contact will be deleted and no longer used.
The objection must be sent to the contact addresses listed under no. 1.

8. integration of Google Maps

(1) We use Google Maps on our website. Google Maps is a service provided by Google Inc, 1600 Amphiteater Parkway, Mountainview, California 94043, USA. This service allows us to show interactive maps and enables the user to use the map function conveniently.

(2) When you visit our website, Google receives information that you have accessed the corresponding subpage as well as the data mentioned under no. 3.
This takes place regardless of whether you have a Google user account or not.
If you have a Google user account and are logged in at the time you visit our website, this data will be assigned directly to your Google user account.

If you do not wish the data to be merged with your user account, you must log out before activating the button.
Google uses this data to create user profiles, but also for advertising purposes, market research or to tailor its website to your needs.
You have the option to object to the creation of such user profiles.
However, you must address this objection directly to Google.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website.
This constitutes a legitimate interest within the meaning of Art. 6 para.
1 lit.
f GDPR.

(3) You can find further information on the type and scope of data processing in Google’s privacy policy.
Further rights, setting options and other information on the protection of your data can be found at: http://www.google.de/intl/de/policies/privacy.

(4) Google also stores and processes your personal data in the USA, which is why it has submitted to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

9. SSL or TLS encryption

(1) For security reasons and to protect the transmission of confidential content, we use SSL or TLS encryption on our website.
This means that inquiries via the contact form or orders via the site can be transmitted securely.
You can recognize SSL or TLS encryption by the addition “https://” in the address line of the Internet browser and by the closed lock symbol next to it.

(2) If SSL or TLS encryption is activated, data can be transmitted to us via the website without being read by third parties.

10. deletion of data

The legislator has issued various retention periods and obligations, particularly for service providers in the healthcare sector.
Once these periods have expired, the corresponding data is routinely deleted.

If data is not affected by this, it will be deleted or anonymized if the purposes stated in this privacy policy no longer apply.
Unless this privacy policy contains other, deviating provisions regarding the storage of data, the data collected by us will be stored by us for as long as it is required for the aforementioned purposes for which it was collected.

Other data uses and data erasure: Further processing or use of your personal data will generally only take place if this is permitted by law or if you have consented to the data processing or use.
In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with further relevant information.

Abuse detection and tracking: We retain information for misuse detection and tracking, in particular your IP address, for a maximum of 7 days.
The legal basis in this respect is Art. 6 para.
1 lit.
f GDPR, the text of Art. 6 GDPR can be found here: http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&- qid=1474615617790

Our legitimate interest in the retention of data for 7 days is to ensure the proper functioning of our website and the transactions carried out via it, as well as to be able to ward off cyber attacks and the like. We may use anonymous usage information to tailor the design of our website to your needs.

11. rights concerning the processing of personal data

Right to information: You have the right to receive information from us at any time upon request about the personal data processed by us concerning you within the scope of Art. 15 GDPR.
You can submit a request by post or email to the addresses below.
You can find the text of Art. 15 GDPR here: http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&- qid=1474615617790

Right to rectification of inaccurate data: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you, Art. 16 GDPR.
To do so, please contact us at the addresses given below.
You can find the text of Art. 16 GDPR here: http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&- qid=1474615617790

Right to erasure: You have the right to the immediate erasure (“right to be forgotten”) of personal data concerning you if the legal grounds under Art. 17 GDPR apply.
You can find the text of Art. 17 GDPR here: http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&-qid=1474615617790

Legal grounds exist, for example, if the personal data are no longer necessary for the purposes for which they were originally processed or if you have withdrawn your consent and there is no other legal basis for the processing; the data subject objects to the processing (and there are no overriding grounds for processing – this does not apply to objections to direct marketing).

To assert your aforementioned right, please contact us at the addresses given below.

Right to restriction of processing: You have a right to restriction of processing if the conditions are met and in accordance with Art. 18 GDPR.
You can find the text of Art. 18 GDPR here: http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&- qid=1474615617790

Accordingly, the restriction of processing may be necessary in particular if the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of the use of the personal data instead or the data subject has objected to processing pursuant to Art. 21 para.
1 GDPR, as long as it is not yet clear whether our legitimate reasons outweigh theirs.

To assert your aforementioned right, please contact us at the addresses given below.

Right to data portability: You have a right to data portability in accordance with Art. 20 GDPR.
You can find the text of Art. 20 GDPR here: http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&- qid=1474615617790

You have the right to receive the data concerning you, which you have provided to us, in a commonly used, structured and machine-readable format and to transmit those data to another controller, such as another service provider.
The prerequisite for this is that the processing is based on consent or on a contract and is carried out using automated procedures.

To assert your aforementioned right, please contact us at the addresses given below.

12. right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based, inter alia, on Art. 6 para.
1 lit.
e or f GDPR, in accordance with Art. 21 GDPR.

We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
To assert your aforementioned right, please contact us at the addresses given below.

You can find the text of Art. 21 GDPR here: http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&- qid=1474615617790

Right to lodge a complaint with a supervisory authority: If you are of the opinion that the processing of personal data concerning you by us is unlawful, you have the right to lodge a complaint with the supervisory authority responsible for us.
You can find the contact details of the state data protection authority responsible for you at: https://www.datenschutz-wiki.de/Aufsichtsbehörden_und_Landesdatenschutzbeauftragte

13. changes to this privacy policy

The current version of this privacy policy is always available at www.bpi-service.de/datenschutz.

Status: August 2024