Privacy Policy

heristo aktiengesellschaft data protection notice

Thank you for visiting our web pages and for your interest in our company, our products and our web pages. Protecting your privacy when using our web pages is important to us. We therefore act in compliance with applicable legislation on the protection of personal data and data security.

Below you will learn which web pages this data protection notice applies to, which data we collect, process and use, which rights of access to information you have, and much more. In order to answer your questions quickly and in an easy-to-understand way, we laid out our data protection notice in a questions-and-answers format.

Who is responsible for this web page?

The company/person stated in the Legal Notice is responsible for collecting and processing the data as described below.

Which web pages does this data protection notice apply to?

This data protection notice applies to the use of web pages (hereinafter "heristo web pages") offered by heristo aktiengesellschaft and/or its subsidiaries (hereinafter "heristo"). This data protection notice does not apply to web pages by other providers which are simply linked to from the heristo web pages.

What is personal data?

Personal data is individual information about the personal or factual circumstances of an identified or identifiable natural person. For instance, personal data includes your name, address, account details, your ID or telephone number, your car's number plate, your email address and IP number. Data which cannot be used to establish your true identity is non-personal data. This includes information on your sex, which browser you use and which brand of car you prefer.

Will I remain anonymous when using heristo web pages?

Yes. You will remain anonymous when using heristo web pages, as long as you do not voluntarily provide us with your personal data. The only exception to this principle is the temporary automatic establishment and storage of your IP number. You can learn more about that below.

Are personal data collected and processed automatically?

Yes. During each of your visits on our web pages we automatically collect information on which IP number is assigned to your computer, which browser and operating system you use and which web pages you viewed. These data are stored in so-called log files on the Web server. Only the IP number is classed as personal data. To protect against misuse of our computer systems, it is necessary to store the IP address of each visitor for a period of seven days. The legal basis for this is Art. 6 (1) f GDPR. If we further use the log files to create user profiles, either for the purposes of advertising, market research or to design our website to meet the needs of users, the IP numbers will be anonymised in advance. Otherwise, the IP numbers will be deleted from the log files. As a result, you will in any event remain anonymous even if we automatically collect and temporarily store your IP number.

Under which conditions are personal data otherwise collected, processed or used?

We only collect, process or use personal data, if you have provided us with these on a voluntary basis and furthermore, if it is permitted by law or you have given us your consent to do so. This is usually the case if you enter into an agreement with us online, or if you send us an enquiry.

For which purposes are personal data collected, processed or used?

We only use the personal data you have provided us with for purposes previously announced or agreed, usually according to Art. 6 (1) b GDPR for the preparation or performance of the agreement concluded, or according to Art. 6 (1) f GDPR to reply to your enquiry.

Are personal data used for the purposes of advertising or market research?

This is not the case without your consent. In some cases we may be interested in using your personal data for advertising, market research or other purposes in order to manage and improve customer relations. In such cases, we will, of course, inform you in advance and ask for your express consent in accordance with Art. 6 (1) a GDPR.

Are personal data transferred, sold or otherwise passed on to third parties?

Your personal data are not transferred, sold or otherwise passed on to third parties, unless this is necessary to perform an agreement according to Art. 6 (1) b GDPR or you have expressly given your consent according to Art. 6 (1) a GDPR. For example, when you order products it may be necessary for us to pass on your address and order details to our suppliers.

Will I be able to withdraw my consent?

Yes. You have the option at all times to withdraw your consent for the agreed use of your personal data for the future. To do so, please get in touch with the contact mentioned below.

Do heristo web pages offer an email newsletter?

Yes, you can subscribe to an email newsletter on the following web page: The sending of the email newsletter and the associated processing of your email address is based on your consent according to Art. 6 (1) a GDPR.

You can withdraw your consent at all times, without this affecting the legality of previously performed data processing. The data will no longer be processed once you withdraw your consent.

If, in the future, you no longer wish to receive the newsletter, you can unsubscribe at any time, e.g. by sending an email to or by clicking the link to unsubscribe which you will find in every newsletter email.

Newsletters are sent via MailChimp, an email marketing platform run by US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

Your email address will be stored on the provider's servers in the USA. MailChimp will use your email address for sending newsletters on behalf of the newsletter provider. We have concluded an agreement for order processing according to Art. 28 GDPR with the service provider. According to information issued by MailChimp, the company may further use your email address to optimise or improve their own service, e.g. for the technical optimisation of sending or designing the newsletters, or for economic purposes, to determine which country the email recipient comes from. MailChimp will not use your email address to send you emails on its own behalf or pass on the email address to third parties.

MailChimp adheres to the EU-US Privacy Shield and therefore has agreed to be bound by European data protection standards.

Do heristo web pages use tracking features?

Yes, the web pages and use technologies provided by etracker GmbH ( to collect and store data for marketing and optimisation purposes. Based on these data, the website operator can create user profiles using pseudonyms. This may require the use of cookies. Cookies are small text files which are stored locally in the cache of the user's web browser. Cookies allow the web browser to be recognised on the next visit. The data collected using the etracker technologies will not be used to personally identify the user of the website, nor will they be combined with personal data from the anonymous profile without the separately given express consent of the person concerned. Data processing is based on Art. 6 (1) f GDPR and on our legitimate interest in learning how often our web pages are visited by various users.

You may at all times object to the collection and storage of data with effect for the future. Do heristo web pages use cookies?

As a rule, heristo web pages use so-called session cookies, which place data for technical session control in the memory of your browser. These data are not personal and are deleted at the latest when your browser is closed. If exceptionally we wish to store personal data in a cookie, we will seek your express consent in advance in accordance with Art. 6 (1) a GDPR.

Processing is based on Art. 6 (1) f GDPR and on our legitimate interest in enabling or optimising the ease of navigation for users and adapting the website layout accordingly.

How can I generally prevent cookies from being placed on my computer?

Even though cookies are only relevant for data protection purposes if they store personal data, many web users are fundamentally sceptical about these small data packages. Hence we would like to inform you that you can protect yourself from cookies being placed on your computer and that you can view their content. Modern browsers offer various functions to do so. You can find out more in the help section of your browser. You can, for instance, set your web browser to automatically block all cookies or to warn you before a cookie is being stored. Please note, however, that this may lead to reduced functionality in the use of the heristo web pages and web pages from other service providers.

What do I need to know about heristo company Facebook pages?

Some heristo companies operate an official Facebook page on the basis of Art. 6 (1) f GDPR. We do not collect, store or process any personal user data at any time on this page. Moreover, we do not carry out or initiate any further data processing. The data you enter on our Facebook pages, such as comments, videos or pictures, will not be used or processed for other purposes at any time.

Facebook uses so-called webtracking features on these pages. Please be aware that it cannot be ruled out that Facebook uses your profile data to analyse your habits, personal relationships, preferences, and so on. We have no influence on the processing of your data by Facebook.

How does heristo protect the security of my personal data?

heristo shall take all technical and organisational security measures to protect your personal data from loss and misuse. Your data are stored in a secure operating environment which cannot be accessed by the public. If you wish to contact heristo by email, please note that the confidentiality of the information sent cannot be guaranteed. Email content may be read by third parties, similar to postcards. We therefore recommend you only send us confidential information by post.

Which rights do I, as the user of these web pages, have?

The GDPR grants you, as the user of these web pages, certain rights as regards the processing of your personal data:

1. Right of access by the data subject (Art. 15 GDPR):
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information detailed in Art. 15 GDPR.

2. Right to rectification and erasure (Art. 16 and 17 GDPR):
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, as the case may be, to have incomplete personal data completed. You have the right to obtain the erasure of personal data concerning you without undue delay, if one of the points listed in Art. 17 GDPR applies, e.g. if the personal data are no longer necessary in relation to the purposes for which they were collected.

3. Right to restriction of processing (Art. 18 GDPR):
You have the right to obtain restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to processing, pending possible verification.

4. Right to data portability (Art. 20 GDPR):
In certain cases listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, and to transmit those data to a third party.

5. Right to object (Art. 21 GDPR):
If data are processed on the basis of Art. 6 (1) f GDPR (data processing for the purposes of the legitimate interests of the controller), you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. We shall then no longer process the personal data unless compelling legitimate grounds for the processing have been demonstrated which override the interests, rights and freedoms of the data subject or if the processing is necessary for the establishment, exercise or defence of legal claims.

6. Right to lodge a complaint with a supervisory authority:
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the data protection regulation. The right to lodge a complaint with a supervisory authority may be asserted in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

Will this data protection notice change from time to time?

The fast technological development of the Internet and the changes to the law in the area of data protection make it necessary for us to adapt our data protection notice to new requirements from time to time. Please therefore take note of the latest version of the data protection notice. This data protection notice is dated 25 May 2018.

Has a data protection officer been appointed?

You can reach our data protection officer at:

ds² Unternehmensberatung GmbH & Co.KG
Falkenstraße 10
33775 Versmold

Who can I contact?

If you wish to make use of your right of access, or if you have questions about this data protection notice or our data protection practices on the web, please contact: