.svg)
No enabled locales found.
This is some text inside of a div block.
1. Responsible party within the meaning of Art. 4 (7) GDPR
The responsible party within the meaning of Art. 4 (7) GDPR is:
Heartland Solutions GmbH
Thurn-und-Taxis-Platz 6
60313 Frankfurt
Phone: 069-56005572
Email: kontakt@heartland-data.de
2. Communication by email / telephone / contact form / service portal
Purpose of data processing / legal basis:
We treat personal information that you provide to us by email, telephone, post, contact forms, or the service portal as confidential. We use your data exclusively for the purpose of processing your request. The legal basis for data processing is Art. 6 (1) f) GDPR. Heartland Data's legitimate interest in this regard arises from its interest in responding to inquiries from our customers, business partners, and interested parties, thereby maintaining and promoting customer satisfaction.
The company to which you address your inquiry is responsible for processing your inquiry in accordance with data protection law.
We use telephony functions from Microsoft Teams. The statements on Teams in this privacy policy apply accordingly to the telephony function.
It cannot be ruled out that, for example, email addresses of external parties may be processed in Heartland Data systems for IT security purposes.
Recipients/categories of recipients:
We generally exclude the transfer of data to third parties outside Heartland Solutions. In exceptional cases, data is processed on our behalf by contract processors. These are carefully selected, audited by us, and contractually bound under Art. 28 GDPR.
Furthermore, it may be necessary for us to forward inquiries to other companies within Heartland Data if this is necessary for processing.
Within the service portal, supervisors at Heartland Data customers may be able to view tickets created by other users within the company.
Storage period / Criteria for determining the storage period:
All personal data that you provide to us in inquiries outside of customer service will be deleted or securely anonymized by us no later than 90 days after the final response has been sent to you. The 90-day retention period is due to the fact that, in isolated cases, you may contact us again about the same matter after receiving a response and need to refer to the previous correspondence. Experience has shown that, as a rule, there are no further queries regarding our responses after 90 days.
Voice messages on answering machines remain stored until the person called deletes them.
Service tickets in support, reports, and log files of the service portal are stored for as long as necessary for Heartland Data. Closed tickets are deleted from the service portal after six months.
3. Data processing of contact persons
Purpose of data processing / legal basis:
Heartland Data processes the contact details of contact persons at customers, interested parties, suppliers, and other business partners for communication by email, telephone, fax, and post. The legal basis for data processing is Art. 6 (1) f) GDPR. Heartland Data's legitimate interest in this regard arises from its interest in conducting or initiating business relationships with customers, prospects, suppliers, and other business partners and maintaining personal contact with contact persons in this context.
Where there is a legitimate interest, Heartland Data may compare business partners with so-called sanctions lists on the basis of Art. 6 (1) lit. f) GDPR.
Recipients/categories of recipients:
We generally exclude the transfer of data to third parties outside Heartland Solutions. Within Heartland Data, your data will be passed on for purposes including the execution or initiation of the business relationship. In exceptional cases, data is processed on our behalf by processors. These are carefully selected, audited by us, and contractually bound under Art. 28 GDPR.
Storage period / criteria for determining the storage period:
Personal data is stored for the purpose of conducting business relationships for as long as there is a legitimate interest in doing so.
4. Data processing for marketing purposes
Purpose of data processing / legal basis:
Heartland Solutions uses personal data for marketing purposes, in particular for advertising by email, telephone, and post. The purpose of data processing in the context of marketing measures is to inform data subjects about Heartland Data's products and services.
The legal basis for sending advertising by post is Art. 6 (1) f) GDPR. Heartland Data's legitimate interest in this regard arises from its interest in sending customers and interested parties information about products and services.
The legal basis for marketing measures by email or telephone is usually a declaration of consent submitted by you. Section 7 UWG (German Unfair Competition Act) may also apply to marketing measures directed at existing customers.
You can object to receiving advertising at any time with effect for the future, without incurring any costs other than the transmission costs according to the basic rates, by writing a message to marketing@heartland-data.de.
If you object to advertising, we will store your data in an advertising block file on the basis of Art. 6 (1) f) GDPR. Heartland Data's legitimate interest in this regard arises from its interest in ensuring that the objection is complied with.
Recipients/categories of recipients:
Your data will not be passed on to external parties. If external processors are used to send advertising, they are contractually obliged under Art. 28 GDPR and have been checked accordingly to ensure that they have appropriate organizational and technical security measures in place.
Within Heartland Data, your data may be passed on to other companies for marketing purposes.
Storage period / criteria for determining the storage period:
If you object to receiving advertising, your data will be blocked immediately and then deleted, unless it is also stored for other purposes.
5. Receipt of applications
For information on data processing in application procedures and when using our career portal, please refer to the data protection information on the career portal.
6. Cookies
Some of the web pages use cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close your browser. If you deactivate cookies, the functionality of this website may be limited.
You can change your cookie settings here: Enable/disable cookies
Legal basis:
The legal basis for data processing by so-called “necessary cookies” is Art. 6 (1) lit. f GDPR. Necessary cookies enable basic functions and are required for the proper functioning of the website. We have a legitimate interest in making the website as user-friendly as possible.
The following cookies set by this website are necessary for the operation of the website:
• Cookie name: cookieconsent_status
• Storage period: 354 days
7. Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
• Browser type/browser version
• Operating system used
• Referrer URL
• The name and URL of the file accessed
• Date, time, and time zone of the server request
• The IP address of the requesting Internet-enabled device
This data cannot be easily assigned to specific individuals. This data is not merged with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use.
Legal basis:
The legal basis for the processing of this data is Art. 6 (1) f) GDPR. Our legitimate interest lies in the purposes of data processing listed above. This data is not transferred to external parties.
Storage period:
The data is stored for a period of 14 days.
8. Analytics
Purpose of processing / legal basis:
This website uses functions of the web analysis service Google Analytics. Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and enable an analysis of your use of the website.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics is linked to other data about you, such as your search history, personal accounts, usage data from other devices, and all other data that Google has about you. Data processing is mainly carried out by Google.
The information generated by cookies about your use of this website is usually transferred to a Google server in the USA and stored there. Both Google and potentially the US government authorities have access to this data.
However, the settings of Google Analytics on this website shorten or mask your IP address as soon as the data is received by Google Analytics and before it is stored or processed.
Legal basis:
The use of Google Analytics is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) (1) TDDDG. You can revoke this consent at any time with effect for the future.
Cookies in connection with Google Analytics:
• _ga – storage period 2 years
• _ga_F56S6H339D – storage period 2 years
Recipients / categories of recipients:
Within the scope of the Google Analytics service, Google Ireland Limited supports us as a processor in accordance with Art. 28 GDPR. Data processing may also be carried out by Google outside the EU or the EEA (in particular in the USA).
Storage period:
We store user and event data for a period of 2 months.
9. Google reCaptcha
To protect internet forms, we also use the reCAPTCHA service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). This service involves the transmission of your IP address and, if necessary, other data to Google that is required for the reCAPTCHA service.
Legal basis: Art. 6 (1) f) GDPR – our legitimate interest lies in protecting our internet forms and in protecting against spam and abuse.
10. Microsoft Teams
If you participate in an online meeting as an external participant, you will receive an access link from the meeting host by email. When registering for the online meeting, you must then provide your name and, if applicable, your email address.
We use Microsoft Teams for online meetings, video conferences, and/or webinars. Further information: Microsoft Privacy Statement.
Legal basis:
• Art. 6 (1) (f) GDPR – for communication with contact persons
• Art. 6 (1) (b) GDPR – for direct contractual partners (natural persons)
• Art. 9 (2) (a) GDPR – when processing special categories of personal data via camera, microphone, or profile picture (consent required)
Storage period:
We generally delete personal data when there is no longer any need for further storage.
11. Your rights as a data subject
You have various rights under the GDPR, including:
• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to object (Art. 21 GDPR)
• Right to data portability (Art. 20 GDPR)
• Withdrawal of consent (Art. 6(1)(a) / Art. 9(2)(a) GDPR)
You also have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).
12. No obligation to provide personal data
The provision of personal data is generally not required by law or contract, nor is it necessary for the conclusion of a contract. However, failure to provide such data may mean that certain services (e.g., responding to contact requests, application procedures) are not possible.
13. Data protection officer
Our company data protection officer is available to provide you with information or suggestions on the subject of data protection:
Bastian Schätzle
Thurn-und-Taxis-Platz 6
60313 Frankfurt
Email: datenschutz@heartland-data.de
14. Privacy policy for social media sites
In addition to us, there is also the operator of the social media platform (e.g., LinkedIn), who is also responsible.
We process the data you enter there (comments, likes, messages, etc.) exclusively for communication within the scope of our public relations work.
Legal basis: Art. 6 (1) lit. f GDPR – Public relations and communication.
Further information:
• LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
• Joint responsibility LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum