Data privacy notice


1. General information about the collection of personal data


(1) In the following data privacy notice, we explain how we handle the personal data that is communicated to us when you use our websites and/or our services. “Personal data” means all information that relates to you as an individual, such as name, address, e-mail addresses, or user behaviour.

(2) Data controller in accordance with Art. 4(7) of the General Data Protection Regulation (GDPR):

Brauns-Heitmann GmbH & Co. KG
Lütkefeld 15
34414 Warburg, Germany
Phone: +49 5641 95-0
Fax: +49 5641 95-141
E-mail: datenschutz@heitmann-hygiene-care.de


2. Rights of the data subject


(1) In your relationship with Brauns-Heitmann, you have the following rights with regard to the personal data relating to you:

  • Right of access (Art. 15 GDPR) to your personal data as processed by us.
  • Right to rectification (Art. 16 GDPR) or to complete personal data relating to you that is processed by us.
  • Right to erasure (Art. 17 GDPR) of personal data relating to you that is processed by us unless such processing is necessary in the exceptional circumstances outlined in Art. 17(3) GDPR.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to notification (Art. 19 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to withdraw consent that has previously been given to us (Art. 7(3) GDPR). The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

(2) Furthermore, you have the right to lodge a complaint with a data protection supervisory authority, if you believe that the processing of your personal data by us is unlawful. These authorities are the data protection commissioners for the respective German federal states. You will find the appropriate contacts listed, for example, on the following website: https://datenschutz.saarland.de/datenschutz/zustaendigkeiten/#c139.

(3) Right to object to the processing of your personal data

If we base the processing of your personal data on a balance of interests, you may object to this processing operation. This is the case when the processing operation is not specifically required to fulfil a contract with you, as outlined by us in the corresponding description of each operation. If you choose to exercise this right to object, we will ask you to give reasons why you do not wish us to process your personal data as we have done previously. If we receive a justified objection from you, we will examine the situation and either stop or adjust the data processing operation or alternatively present you with our compelling legitimate grounds for continuing our processing operation. You can, of course, object to the processing of your personal data for marketing and data analysis purposes at any time. Please use the following contact information to enquire about your right to object to marketing: datenschutz@heitmann-hygiene-care.de


3. Data security


Because the security of your data is important to us, your personal data is transmitted via a secure SSL or TLS encryption system/connection. TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols used to encrypt online data transmissions. We use these to protect your personal data against third-party access. When your browser bar shows “https//:” or the padlock symbol, you can see that the connection is encrypted.

To provide additional security on our website and other systems, we have technical and organisational measures in place to protect your data from being lost, destroyed, accessed, modified, or distributed by unauthorised persons. However, despite regular inspections, it is not possible to guarantee complete protection against all risks.


4. Visiting our website


If you only use our website for information purposes—i.e. you do not register with us or otherwise provide us with information—we collect only the personal data that your browser transmits to our server. As soon as you request a data file from our website, access data is collected and stored by default.

These records consist of:

  • The page from which the data file was requested
  • The name of the data file
  • The date and time of the request
  • The amount of data transmitted in each case
  • The access status/HTTP status code (i.e. whether or not the data file was transmitted or if it was not found, etc.)
  • A description of the type and version of the web browser used
  • The IP address used

We need this information to show you our website and to ensure its stability and security. We also analyse these records for internal statistical purposes and to support the technical administration of the website. Our lawful basis for these processing operations is Art. 6(1) sentence 1(f) GDPR. Our legitimate interest results from the stated purposes of data collection.


5. Subscribing to our newsletter


(1) By subscribing to our newsletter, you agree to our use of your e-mail address for our own marketing purposes (direct marketing).


Consent to receive the newsletter


“I would like to receive regular information by e-mail from Brauns-Heitmann about attractive offers on goods or services. I can withdraw my consent for the use of my e-mail address at any time. The newsletter is distributed in compliance with our data privacy notice.”

(2) We use a double opt-in process for subscriptions to our newsletter. This means that, after signing up, you will first receive an e-mail with an activation link that you must use to confirm your subscription. Subscription is only complete once you have clicked on the activation link. As part of the subscription process, we store your IP address and the times when you signed up and confirmed, as well as your e-mail address. This enables us to detect any misuse of third-party data at a later date and to verify your subscription.

(3) If your initial sign-up is not confirmed via the activation link within 24 hours, we automatically delete the data that was saved as part of your subscription.

(4) Subscription to the newsletter requires only your e-mail address. Any disclosure of additional, separately identified data is voluntary and used to enable us to address you personally. Upon receipt of your confirmation, we store your e-mail address for the purpose of sending you the newsletter in which we will inform you about our products and services. Your consent forms our lawful basis for processing your personal data in accordance with Art. 6(1) sentence1(a) GDPR.

(5) You can withdraw your consent to the storage and use of your e-mail address for the purpose of sending you our newsletter at any time and with effect for the future and unsubscribe from the newsletter by sending an e-mail to: datenschutz@heitmann-hygiene-care.de or by clicking on the link at the bottom of any newsletter.


6. Contacting us by e-mail or using the contact form


(1) When you contact us by e-mail or via the contact form on our website, we collect and store your personal data. The particular personal data collected if you contact us via the contact form is indicated on the form itself. When you contact us by e-mail, we collect and store the following personal data: e-mail address and text in the e-mail body in addition to any further data that is voluntarily provided.

(2) We process the data you provide only in order to deal with your contact enquiry. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and/or our legitimate interest in responding to your request as per Art. 6(1) sentence 1(f) GDPR.

(3) Once its storage is no longer required, we will delete all of the personal data that has been collected in this connection. Should there be a statutory retention requirement, processing will be limited to this purpose. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.


7. Use of the live chat function


(1) When you contact us via the live chat function to obtain answers to live enquiries, we will collect and store additional personal data (as well as the data indicated under point 4), such as the name you give us and the content of your messages.

(2) We process the data you provide only to deal with your live enquiry. Our lawful basis for these processing operations is Art. 6(1) sentence 1(b) GDPR and/or our legitimate interest in responding to your request as per Art. 6(1) sentence 1(f) GDPR.

(3) Once its storage is no longer required, we will delete all of the personal data that has been collected in this connection. Should there be a statutory retention requirement, processing will be limited to this purpose. In this case, our lawful basis for the processing operation is Art. 6(1) sentence 1(c) GDPR.


8. Cookies


(1) This website uses cookies. Cookies are small text files that your web browser stores on your device (PC, laptop, tablet, smartphone, etc.). They serve to provide a more enjoyable and convenient experience when using our services or for analytical purposes. When you open the relevant page again, the cookies help to recognise your device. This means that, for example, data you have previously entered can be retrieved when you fill out the form again or that you can continue to place an order for items already placed in your shopping basket. If the cookies are used for the purpose of concluding or executing a contract, our lawful basis is Art. 6(1) sentence 1(b) GDPR. If the cookies are used to safeguard our legitimate interests in ensuring the enjoyable and convenient functionality of our website and to analyse and improve said website, our lawful basis is Art. 6(1) sentence 1(f) GDPR.

(2) This website uses the following types of cookies:

  • We mainly use cookies that are automatically deleted from your hard disk at the end of your browser session or when you log out (transient cookies, in particular session cookies).
  • Other cookies remain on your computer and ensure that we recognise your device when you next visit (known as persistent or permanent cookies). Your system automatically deletes these cookies after a predetermined period of time, which differs from cookie to cookie.

(3) Content and services from other providers (such as YouTube) are embedded in this website. These providers use their own cookies and active components. In this respect, we refer to the information we provide below.

(4) You can modify the way cookies are stored by changing your browser settings at any time. For example, you can accept all cookies, accept third-party cookies (cookies that are set by a third party, i.e. not by the actual website that you are browsing), refuse to accept individual cookies, or delete cookies. Please note, however, that if you refuse or delete cookies from our website, you may not be able to use all of its functions. To protect your privacy, we recommend that you regularly delete cookies from your device and browser history.


9. Analysis tools


Our website uses the following so-called tracking measures, which enable us to analyse usage of our website and regularly improve it. The statistics we collect allow us to enhance our services and make them more attractive for you as a user. They also help us to measure the success of and optimise our advertising activities. Ultimately, they also allow us to send you personalised marketing information. Our lawful basis for these activities is Art. 6(1) sentence 1(f) GDPR, whereby our legitimate interest results from the previously stated purposes.


Google Analytics


This website uses Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies (see the “Cookies” section of this data privacy notice, above), which are text files that are stored on your computer and used to analyse your use of the website.

The information the cookie generates about your use of this website is usually transferred to and stored on a Google server in the USA. Should IP anonymisation be activated on this website, your IP address will, however, first be truncated by Google within the Member States of the European Union or in other countries party to the European Economic Area Agreement. Please note that this website uses Google Analytics with the extension “_anonymizeIp()”, which means that IP addresses are only used in their shortened form and it is therefore not possible to identify individuals.

On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for the website operator, and providing other services to the website operator relating to website activity and Internet usage. The IP address transmitted by your browser as part of the Google Analytics process will not be merged with any other data held by Google. You can prevent the storage of cookies by changing the browser settings on your computer. However, please note that if you do so, you might not be able to make full use of all the functions on this website.

Furthermore, you can prevent Google from collecting and processing the data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in provided at the following link: https://tools.google.com/dlpage/gaoptout/.

You can also prevent Google Analytics from collecting data by clicking on the following link. This sets an opt-out cookie, which prevents your data from being collected when you visit this website.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

You will find more information about Google’s terms of use and privacy policy at: https://www.google.com/analytics/terms/gb.html and at https://policies.google.com/privacy?hl=en-GB/.


Hotjar


We also use the Hotjar analysis service of Hotjar Ltd, St Julian's Business Centre 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe (hereinafter referred to as "Hotjar"). Hotjar is a tool for analysing user behaviour. Hotjar enables us to measure, evaluate and track the behaviour of visitors to our website, such as mouse movements, clicks and scroll height.

For this purpose, Hotjar uses cookies on the end devices of website visitors, among other things, and can store data from website visitors such as browser information, operating system, time spent on the site, etc. in anonymous form.

We have concluded an data processing agreement with Hotjar. By this agreement, Hotjar assures that they process the data in accordance with the EU General Data Protection Regulation and guarantee the protection of the rights of the person concerned.

You can prevent this data processing by Hotjar by deactivating the use of cookies in the settings of your web browser and deleting cookies that are already active. Another way to prevent data processing by Hotjar is to activate the "Do-Not-Track" function in your browser. You can find out how this can be set here.

For more information about privacy at Hotjar, please see its privacy policy.


10. Incorporation of other tools


Embedded YouTube videos


Our online presence includes embedded YouTube videos that are stored at http://www.YouTube.com and can be played back directly from our website. The provider is YouTube, a service that belongs to Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

All of these videos are embedded in privacy-enhanced mode. This means that no data about you as a user is transmitted to YouTube when you do not play the videos. The data indicated in the following paragraph is transmitted only when you play the videos. We have no control over this data transmission.

YouTube sets cookies to analyse your behaviour as a user. When you visit our website, YouTube is informed that you have opened the relevant subpage of the website. The data we collect as stated above under point 4, “Visiting our website”, is also transmitted. This is independent of whether or not you are logged in to a YouTube user account. If you are logged in to Google, your data will be directly linked to your account. If you don’t want YouTube to link to your profile, you must log out before clicking the button.

YouTube/Google stores your data as a user profile before analysing and using it for marketing, market research, and/or to tailor the design of its online presence. The services even perform analyses of users who are not logged in. The lawful basis for YouTube/Google is Art. 6(1) sentence1(f) GDPR, whereby the legitimate interests of YouTube/Google result from the previously stated purposes. You have the right to object to the creation of these user profiles, in which case you must contact YouTube/Google to exercise this right.

Because YouTube videos are embedded in our site, a connection to Google’s DoubleClick advertising network is established when a page is opened, regardless of whether the video is played.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework.

Further information about the purpose and extent of data collection and data processing by YouTube is available in its privacy policy. You will also find more information here about your rights and settings options to help you protect your privacy: https://policies.google.com/privacy?hl=en-GB/.


Embedded Google Maps


This website uses the Google Maps service. As a result, we are able to show you interactive maps directly in our website and you can easily use the mapping function. The provider is Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit our website, Google is informed that you have opened the relevant subpage of our website. The data we collect as stated above under point 4 of this notice, “Visiting our website”, is also transmitted. This is independent of whether or not you are logged in to a Google user account. If you are logged in to Google, your data will be directly linked to your account. If you don’t want Google to link to your profile, you must log out before clicking the button.

Google stores your data as a user profile before analysing and using it for marketing, market research, and/or to tailor the design of its online presence. The services even perform analyses of users who are not logged in. The lawful basis for Google is Art. 6(1) sentence 1(f) GDPR, whereby the legitimate interests of Google result from the previously stated purposes. You have the right to object to the creation of these user profiles, in which case you must contact Google to exercise this right.

Google also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.

Further information about the purpose and extent of data collection and data processing by the plug-in provider is available in the provider’s privacy policies. You can also find out more here about your applicable rights and settings options to help you protect your privacy: https://policies.google.com/privacy?hl=en-GB/.


11. Marketing tools


Facebook Custom Audiences


This website utilises the remarketing function “Custom Audiences” provided by Facebook Inc. (“Facebook”), 1601 S California Ave, Palo Alto, California 94304, USA. This allows users of the website to see advertisements based on their interests (“Facebook ads”) when visiting the Facebook social networking site or other websites that also make use of the process. In using this service, we are pursuing our interest in showing you advertising that is of interest to you in order to make our website more appealing to you. The lawful basis for processing your data is Art. 6(1) sentence 1(f) GDPR, whereby the legitimate interest results from the previously stated purposes.

Owing to the embedded marketing tool, your browser automatically establishes a direct connection to Facebook’s server. We have no control over the extent and further use of the data that is collected through Facebook’s use of this tool and therefore provide you with the following information on the basis of our understanding. Because we have embedded Facebook Custom Audiences, Facebook is informed that you have accessed the relevant page of our website or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook can link your visit to your account. Even if you are not registered with Facebook or are not logged in to its services, the provider may still ascertain and store your IP address and further identifiers.

Users who are logged in may deactivate the Facebook Custom Audiences function at: https://www.facebook.com/settings/?tab=ads#/.

Further information about data processing by Facebook is available at: https://www.facebook.com/about/privacy/.

Facebook also processes your personal data in the United States and has signed up to the EU–US Privacy Shield, which ensures compliance with the level of data protection that applies in the European Union: https://www.privacyshield.gov/EU-US-Framework/.


12. How long personal data is stored


The duration of storage of personal data is dependent on the respective statutory retention period (e.g. retention periods in accordance with commercial and tax legislation). When the statutory retention periods expire, we delete the respective personal data as long as and insofar as the personal data is not necessary for the performance or initiation of a contract or we no longer have a legitimate interest in storing the data.


13. Other ways in which we share data


(1) In some cases, we use external hosting providers to process your data and make this website available. We have carefully selected and commissioned these providers; they are bound by our instructions and regularly monitored. The lawful basis for this is provided by Art. 28 GDPR.

(2) Over and above this action, we share your personal data with third parties only in the following cases:

  • When you have given us your express consent for this in accordance with Art. 6(1) sentence 1(a) GDPR, or
  • When there is a legal obligation to disclose the information in accordance with Art. 6 (1) sentence 1(c) GDPR, such as in connection with a criminal prosecution, or
  • Where disclosure in accordance with Art. 6(1) sentence 1(f) GDPR is necessary for the purpose of establishing or defending legal claims or exercising such rights, and where it cannot be assumed that disclosure is contrary to an overriding protectable interest on the part of the data subject.


Notes and information

All prices include VAT, plus shipping.

The delivery time applies to deliveries within Germany. For deliveries outside Germany and information on the calculation of the delivery date see „Shipping and payment methods“.