All locations
|
English
Please check your details in the fields marked in red.

Data Privacy Statement

Contents

  1. General Information
    1. Objective and Responsibility
    2. Legal Bases
    3. Data Subject Rights
    4. Data Erasure and Duration of Storage
    5. Security of Processing
    6. Transfer of Data to Third Parties, Subcontractors and Third Party Providers
  2. Concrete Data Processing
    1. Registration in the webshop (Webshop & HME-App)
    2. Registration for Heinemann & Me (Webshop & HME-App)
    3. Data processing within the scope of orders (Webshop & HME-App)
    4. Collection of Information on the Use of the Online Service (Webshop & HME-App)
    5. Contact Form and Contacting via E-Mail (Webshop & HME-App)
    6. Newsletter (Webshop & HME-App)
    7. Google Tag Manager (Webshop & HME-App)
    8. Facebook Connect (Webshop)
    9. Google Analytics (Webshop & HME-App)
    10. Google remarketing or ‘similar target groups” (Webshop & HME-App)
    11. Google AdWords Conversion-Tracking (Webshop & HME-App)
    12. Youtube (Webshop)
    13. DoubleClick (Webshop & HME-App)
    14. DoubleClick Floodlight (Webshop & HME-App)
    15. Facebook Custom Audience (Webshop & HME-App)
    16. DoubleClick Ad Exchange (Webshop & HME-App)
    17. Spotify (Webshop)
    18. Localization function (Webshop & HME-App)
    19. Push News (Webshop & HME-App)
    20. Firebase Tracking (HME-App)
    21. External links (HME-App)
    22. New Relic (Webshop & HME-App)
    23. HockeyApp (HME-App)
  3. Cookies (Webshop & HME-App)
    1. General Information
    2. Objection Options
    3. Cookie Policy
  4. Changes to the Data Privacy Statement
  1. General Information
    1. Objective and Responsibility
      1. This Data Privacy Statement is to inform you about the nature, scope and purpose of the processing of personal data related to our online service and the related websites, features and contents (hereinafter collectively referred to as ‘online service’ or ‘website’).
        Our online service consists of the web shop (https://www.heinemann-shop.com - hereinafter ‘Webshop’) and the Heinemann & Me-App (hereinafter ‘‘HME-App’).
      2. The online service is provided by Gebr. Heinemann SE & Co. KG (Koreastraße 3 – 5, 20457 Hamburg, Germany) – hereinafter referred to as ‘Heinemann”, ‘provider’, ‘we’ or ‘us’ - who is also legally responsible under the data protection law.
      3. You can reach out to our Data Protection Officer under the E-Mail address dataprotection@gebr-heinemann.de
      4. The term ‘user’ encompasses all customers, interested people, employees and visitors of our online service.
    2. Legal Bases

      We collect and process personal data based on the following legal grounds:

      1. Consent in accordance with article 6 paragraph 1 lit. a General Data Protection Regulation (GDPR). Consent meaning any freely given, specific, informed and unambiguous indication of agreement, which could be in the form of a statement or any other unambiguous confirmatory act, given by the data’s subject consenting to the processing of personal data relating to him or her.
      2. Necessity for the performance of a contract or in order to take steps prior to entering into a contract according to article 6 paragraph 1 lit. b GDPR, meaning the data is required in order for us to fulfil our contractual obligations towards you or to prepare the conclusion of a contract with you.
      3. Processing to fulfil a legal obligation in accordance with article 6 paragraph 1 lit. c GDPR, meaning that e.g. the processing of data is required by law or other provisions.
      4. Processing in order to protect legitimate interests in accordance with article 6 paragraph 1 lit. f GDPR, meaning that the processing is necessary to protect legitimate interests pursued by us or by a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.
    3. Data Subject Rights

      You have the following rights with regards to the processing of your data through us:

      1. The right to lodge a complaint with a supervisory authority in accordance with article 13 paragraph 2 lit. d GDPR and article 14 paragraph 2 lit. e GDPR.
      2. Right of access in accordance with article 15 GDPR
      3. Right to rectification in accordance with article 16 GDPR
      4. Right to erasure (‘right to be forgotten’) in accordance with article 17 GDPR
      5. Right to restriction of processing in accordance with article 18 GDPR
      6. Right to data portability in accordance with article 20 GDPR
      7. Right to objection in accordance with article 21 GDPR

      Notice: Users may object to the processing of their personal data in accordance with legal allowances at any time with effect for the future. The objection may in particular be made against processing for the purposes of direct marketing.

      Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

    4. Data Erasure and Duration of Storage

      The personal data of the data subject will be erased or blocked as soon as the purpose of the storage is inapplicable. Storage of data beyond that may occur if such storage is required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of data also takes place when a retention period mandated by the standards mentioned expires, unless the continued storage of data is required for the conclusion of a contract or the fulfilment of contractual obligations.

    5. Security of Processing
      1. We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). Thus, the data that is processed by us is protected against accidental or intentional manipulation, loss, destruction and unauthorized access.
      2. These security measures include in particular the encrypted transfer of data between your browser and our server.
    6. Transfer of Data to Third Parties, Subcontractors and Third Party Providers
      1. A transfer of personal data to third parties only occurs within the framework of legal requirements. We only disclose personal data of users to third parties, if this is required e.g. for billing purposes or other purposes, if the disclosure is necessary to ensure the fulfilment of contractual obligations towards the users.
      2. If we engage subcontractors for our online service, we have made appropriate contractual arrangements as well as adequate technical and organizational measures with these companies.
      3. 3. If we use content, tools or other means from other companies (hereinafter collectively referred to as 'third party providers’) whose registered offices are located in a third country, it is assumed that a transfer of data to the home countries of these third party providers occurs. The transfer of personal data to third countries takes place exclusively only, if an adequate level of data protection, the user’s consent or another legal permission is present.
  2. Concrete Data Processing
    1. Registration in the webshop (Webshop & HME-App)

      In the context of an order or a pre-order, our General Terms and Conditions (GTC) apply in addition to this data protection declaration; these can be found at https://www.heinemann-shop.com/en/global/terms-and-conditions

    2. Registration for Heinemann & Me (Webshop & HME-App)

      As a member of our customer loyalty programme, the General Conditions of Participation for the Heinemann & Me programme apply in addition to this data protection declaration.

    3. Data processing within the scope of orders (Webshop & HME-App)
      1. If you use our online service, we only use your personal data at Heinemann and affiliated companies. We will not pass them on to third parties without your express consent. Only insofar as we are legally or by court order obliged to do so, we will transfer your data to bodies entitled to receive information.
      2. Your data will be passed on to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods.
      3. For the processing of payments we pass on your payment data to the credit institution entrusted with the payment. Credit card data are not stored, but are collected and processed directly by our payment service provider ConCardis GmbH (Helfmann-Park 7, 65760 Eschborn, Germany).
      4. For address validation purposes, we transmit data to AZ Direct GmbH (Carl-Bertelsmann-Straße 161 S, 33311 Gütersloh, Germany).
      5. In the direct debit procedure, we reduce our default risk by means of the 4safe® account check (plausibility check of the bank details as well as checking various blocking lists, movement profiles and turnover limits). For this purpose, data is transmitted to creditPass GmbH (Mehlbeerenstrasse 2, 82024 Taufkirchen / Munich, Germany).
      6. Flight data verification: You must be in possession of a valid flight ticket in order to purchase from us. During the purchase process, we will check your flight number and flight date in our online service to verify your eligibility to purchase. We use the services of FlightStats Inc. (522 SW 5th Ave., Portland, OR 97204, USA).
    4. Collection of Information on the Use of the Online Service (Webshop & HME-App)
      1. When using our online service, information may be transferred automatically from the device of the user to us; this information includes the name of the accessed website, file, date and time of the access, amount of data transferred, notification about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
      2. The processing of this information takes place based on legitimate interests in accordance with article 6 paragraph 1 lit. f GDPR (e.g. to optimize the online service) as well as to ensure the security of processing in accordance with article 5 paragraph 1 lit. f GDPR (e.g. for the defence and clarification purposes of cyberattacks)
      3. This information will be automatically deleted 30 days after the termination of the connection, unless any other retention periods require otherwise.
      4. The collection of the data and the storage of the data in log files is essential for the provision of the online service. Therefore users are not entitled to the options of erasure, objection or correction.
    5. Contact Form and Contacting via E-Mail (Webshop & HME-App)
      1. When contacting us (via online form or e-mail), the data provided by the user will be processed exclusively for processing the inquiry and its handling.
      2. Any other use of the data will only take place based on the given consent from the user.
      3. The users' data will be stored in our Customer Relationship Management System (‘CRM System’) or a comparable software/database. The legal retention periods for business letters apply.
    6. Newsletter (Webshop & HME-App)
      1. With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter you agree to the receipt and the described procedures.
      2. double opt-in and logging

        As part of the registration for our newsletter, the so-called double opt-in procedure is carried out; i.e. after registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that no one can log in with other e-mail addresses. The registrations for the newsletter are recorded for the fulfilment of legal obligations of proof. This includes the storage of the time of registration and confirmation as well as the IP address.

      3. shipping service provider

        The newsletter is sent using the ‘Evalanche’ tool provided by SC-Networks GmbH (Enzianstrasse 2, 82319 Starnberg, Germany) - hereinafter referred to as the ‘shipping service provider’. The data protection regulations of the shipping service provider can be viewed here: https://www.sc-networks.com/company/data-protection/

      4. statistical survey and analyses

        The newsletters contain a so-called ‘web-beacon’, i.e. a pixel-sized file which is retrieved from the server of the shipping service when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times.

        The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention, nor that of the shipping service provider, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.

      5. legal bases

        The use of the shipping service provider, the performance of statistical surveys and analyses as well as the logging of the registration process shall be based on our legitimate interests in accordance with article 6 paragraph (1) lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users.

      6. Termination/Revocation

        You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If the users have cancelled the newsletter reception, the personal data of the users processed for its dispatch will be deleted.

    7. Tag Manager (Webshop & HME-App)
      1. Our online service uses the Google Tag Manager. This tool allows website tags / app tags to be managed through an interface. The Google Tool Manager only implements tags, does not set cookies and does not collect any personal data. The Google Tag Manager triggers other tags that may collect personal information. However, the Google Tag Manager does not access this data.
      2. If deactivated at domain or cookie level, it will remain valid for all tracking tags implemented with Google Tag Manager.
    8. Facebook Connect (Webshop)
      1. If a so-called ‘Facebook Connect Button‘ is placed on our online service, you have the possibility to log in to our online service with your Facebook user data. In addition, Facebook Connect can automatically include information about your activities on our online service in your Facebook profile. In this respect, when you activate the button, you will be given both the opportunity to expressly consent to access your Facebook user data and to publish information and activities in your Facebook profile. The use of further data (e.g. contact via your email address) only takes place with prior express consent.
      2. Please note that Facebook receives information about the online service via Facebook Connect, including what you are doing. To personalize the connection process, Facebook may in some cases receive a limited amount of information prior to authorizing the online service.
      3. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for the protection of your privacy can be found in the data protection declaration at: https://www.facebook.com/privacy/explanation 
    9. Google Analytics (Webshop & HME-App)
      1. Our online service uses Google Analytics, a web analysis service of Google Inc. (‘Google’).
      2. Google Analytics uses ‘cookies’, which are text files placed on your device, to help the website analyze how users use the online service. The information generated by the cookie about your use of our online service is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this online service, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this online service, Google will use this information to evaluate your use of the online service, to compile reports on activity and to provide the operator with other services relating to the use of this online service. The IP address transmitted by your device in the context of Google Analytics is not merged with other Google data.
      3. Webshop: You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this online service. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online service (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en.
        Furthermore, you have the possibility to prevent future collection of your data when visiting this online service by clicking this Link.
      4. HME-App: You can deactivate Google Analytics by selecting the ‘Settings’ submenu under the ‘More’ menu item and then deselecting the ‘Tracking’ option.
    10. Google remarketing or ‘similar target groups” (Webshop & HME-App)
      1. This online service uses the remarketing or ‘similar target group’ function of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (‘Google’).
      2. You can be targeted with advertising by placing personalised and interest-based ads when you visit other websites in the so-called ‘Google Display Network’. ‘Google Remarketing’ or the function ‘Similar target groups’ uses so-called ‘cookies’, text files which are stored on your device and which enable an analysis of your use of the online service. These text files are used to record your visits and anonymous data about the use of the online service. Personal data will not be stored. If you visit another website in the so-called ‘Google Display Network’, you may see advertisements that most likely take into account product and information areas previously accessed on our online Service.
      3. Webshop: You can prevent the ‘Google Remarketing’ or the ‘Similar target group’ function by preventing the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this online service to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online service and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://www.google.com/settings/ads/plugin?hl=en. You may also disable the use of cookies by third parties by visiting the Network Advertising Initiative deactivation page at http://www.networkadvertising.org/choices/ and implementing the additional opt-out information described therein.
      4. HME-App: You cannot prevent cookies from being saved while using the HME-App, but you can disable ‘Google Remarketing’ or the ‘Similar Target Groups’ function by clicking the following link and deselecting personalized advertising: https://www.google.com/settings/ads
      5. Google's privacy policy for remarketing with further information can be found here: http://www.google.com/privacy/ads/.
    11. Google AdWords Conversion-Tracking (Webshop & HME-App)
      1. This online service uses the ‘Google AdWords Conversion Tracking’ function of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (‘Google’).
      2. Google AdWords Conversion Tracking uses ‘cookies’, which are text files placed on your device, to help the website analyze how users use the online service when they click on a Google ad. The cookies are valid for a maximum of 90 days. Personal data will not be stored. As long as the cookie is valid, Google and we as operator of this online service can recognize that you clicked on an ad and reached a specific target page (e.g. order confirmation page, newsletter registration). These cookies cannot be tracked across multiple websites by different AdWords participants. The cookie creates conversion statistics in ‘Google AdWords’. These statistics record the number of users who clicked on one of our ads. It also counts how many users have reached a target page that has been provided with a ‘conversion tag’. However, the statistics do not contain any data with which you can be identified.
      3. Webshop: You can prevent cookies from being stored on your device by selecting ‘do not accept cookies’ in your browser settings (in MS Internet Explorer under ‘Tools > Internet Options > Privacy > Settings’; in Firefox under ‘Tools > Settings > Privacy > Cookies’); however, we would like to point out that in this case you may not be able to use all functions of this online service to their full extent.
      4. HME-App: You can deactivate Conversion Tracking by selecting the ‘Settings’ submenu under the ‘More’ menu item and then deselecting the ‘Tracking’ option.
      5. By using this online service, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
      6. For more information on how Google uses conversion data and Google's privacy policy, please visit: https://support.google.com/adwords/answer/93148?ctx=tltp or http://www.google.de/policies/privacy/.
    12. YouTube (Webshop)
      1. We use YouTube for the integration of videos. The videos were embedded in the extended data protection mode.
      2. YouTube's website uses cookies to collect information about the users of its website. YouTube uses them, among other things, to collect video statistics, to prevent fraud and to improve user-friendliness.
      3. By using YouTube, a connection is established with the Google DoubleClick network. Starting the video could trigger further data processing. We have no influence on that.
      4. For more information about privacy at YouTube, please see their privacy policy at: http://www.youtube.com/t/privacy_at_youtube
    13. DoubleClick (Webshop & HME-App)
      1. DoubleClick by Google is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
      2. DoubleClick by Google uses cookies to serve ads relevant to you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been called. The cookies do not contain any personal information. The use of DoubleClick cookies only allows Google and its partner websites to serve ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. Under no circumstances will Google match your data with other data collected by Google.
      3. By using our online service, you consent to the processing of data about you by Google and the manner of data processing described above as well as the named purpose.
      4. Webshop: You may refuse the use of cookies by selecting the appropriate settings on your browser. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available under the following link under ‘Extension for DoubleClick deactivation’.
      5. HME-App: You cannot prevent cookies from being stored while using the HME-App, but you can disable personalized advertising via "DoubleClick" by clicking the following link and deselecting personalized advertising: https://www.google.com/settings/ads
      6. For more information about DoubleClick by Google and privacy, please visit: https://policies.google.com/technologies/ads?hl=en
    14. DoubleClick Floodlight (Webshop & HME-App)
      1. Our online service uses the DoubleClick Floodlight service, an online advertising program from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
      2. Google Floodlight allows us to track and document the actions of users who visit our online service after you have seen or clicked on one of our ads. For this purpose, so-called floodlight tags or visitor pixels and cookies are set on our online service (so-called DoubleClick cookie). We use Google Floodlight to determine the efficiency of our online campaigns in terms of sales and user activity on our online service. These cookies and tags do not contain any personal data and are therefore not used for personal identification. For example, we can determine the number of users who have purchased a product or completed an online form and evaluate it for statistical purposes, but we cannot identify you personally.
      3. For more information about Google Floodlight and Google's privacy policy, please visit: http://www.google.com/privacy/ads/.
      4. Webshop: You can install the plug-in offered at https://www.google.com/settings/u/0/ads/plugin?hl=en
      5. to object to the analysis of the data described above with effect for the future.
      6. HME-App: You cannot prevent cookies from being stored while using the HME-App, but you can disable personalized advertising via "DoubleClick" by clicking the following link and deselecting personalized advertising: https://www.google.com/settings/ads
    15. Facebook Custom Audience (Webshop & HME-App)
      1. Our online service uses Facebook Website Custom Audiences and we have integrated the so-called Facebook pixel.
      2. This pixel is used to collect pseudonymous information about the use of this online service (e.g. information about viewed content). The transmitted data of the pixel can be used to target you on Facebook with individualized advertising, provided you have a Facebook account.
      3. For more information about the scope and purpose of data collection, please see Facebook's privacy policy at https://de-de.facebook.com/privacy/explanation. You can deactivate the data collection at any time under the following link: https://de-de.facebook.com/help/769828729705201/.
    16. DoubleClick Ad Exchange (Webshop & HME-App)
      1. DoubleClick Ad Exchange is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
      2. DoubleClick Ad Exchange uses cookies to display advertisements on our online service. The information stored in this way can be collected, stored and processed by Google or its partners. In addition, so-called ‘web beacons’ (small graphics) are used to collect information about visitors to our online service (e.g. browser, operating system, previously visited site, IP address, date/time). The collected data is transferred to a Google server in the USA and stored there. This data is used by Google for statistical analysis of user behavior in connection with advertisements placed with DoubleClick Ad Exchange. If necessary, the data will be passed on to third parties if this is required by law or if third parties process the data on behalf of Google.
      3. Webshop: You can block the saving of cookies by making the appropriate settings in your browser. Web beacons can be made visible and blocked by browser extensions such as ghostery. Further information can be found here: https://www.google.com/intl/de/policies/privacy/.
        You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available at https://support.google.com/ads/answer/7395996?hl=en Alternatively, you can disable the Doubleclick cookies on the Digital Advertising Alliance site by clicking on the following link: http://www.aboutads.info/choices/
      4. HME-App: You cannot prevent cookies from being stored while using the HME-App, but you can disable personalized advertising via "DoubleClick" by clicking the following link and deselecting personalized advertising: https://www.google.com/settings/ads
    17. Spotify (Webshop)
      1. We use plugins of the music streaming service Spotify (Spotify GmbH, Münzstraße 15, 10178 Berlin, Germany). These plugins establish a direct connection between your browser and Spotify as soon as you move through our pages. This way Spotify recognizes that you have visited our online service with your IP address. If you are logged into your Spotify account and click the green Spotify button on our pages, you can link the content on your Spotify profile - so your visit to our online service can be assigned to your Spotify user account.
      2. Detailed information can be found in Spotify's privacy policy at https://www.spotify.com/uk/legal/privacy-policy/
      3. If you do not wish Spotify to associate your visit to our pages with your Spotify account, please log out for the duration of your visit to our pages.
    18. Localization function (Webshop & HME-App)
      1. When using our online service, we offer a localization function, the use of which requires your consent.
      2. If you agree to the localization function, the required location data will be determined and you will receive location-related offers from us. Depending on availability, your IP address, GPS data or data from wireless networks (WLAN) can be used to determine the location data.
      3. The location data will neither be stored nor transmitted to third parties.
    19. Push-Nachrichten (Webshop & HME-App)
      1. When using our online service, we offer a push message function, the use of which requires your consent.
      2. If you agree to the push message function, we can send you information about promotions, special offers and news on your device (e.g. PC, laptop or smartphone).
      3. Webshop: The push messages are displayed in the lower right corner of your Internet browser. You do not need to visit our websites to receive push messages. You can withdraw your consent at any time via the settings in your customer account. You will not receive any more push messages.
      4. HME-App: On a mobile device you receive push messages via the notification function of your device. You can withdraw your consent at any time via the menu item ‘Settings’ in the HME-App. You will not receive push messages any more.
    20. Firebase Tracking (HME-App)
      1. Our online service uses technology of Google Firebase (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA / hereinafter ‘Google’) with different functionalities.
      2. Firebase Analytics enables the analysis of the use of our online service. This means that completely anonymous information about the use of our online service is collected and transmitted to Google and stored there. Google uses the advertising ID of your device. Google will use the information mentioned in order to evaluate the use of our online servie and to provide us with further services associated with the use of apps.
      3. You can disable Firebase Tracking by selecting the ‚Settings‘ submenu under the ‚More‘ menu item and deselecting the ‚Tracking‘ option there.
      4. In the device settings, you can restrict the use of the advertising ID (iOS:Privacy/ Advertising/ No ad tracking; Android: Account/ Google/ Ads).
      5. Google Inc. is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (GDPR) (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Subcontractors that Google can involve can be found at: https://firebase.google.com/terms/subprocessors.
      6. The legal basis for the use of the data evaluation and use of Firebase is a legitimate interest (i.e. interest in the analysis, optimization and economic operation of our apps) within the meaning of article 6 paragraph (1) lit. f GDPR.
      7. You can object to the use of Firebase at any time by setting the slider for anonymous statistics in the app under ‚Settings‘.
    21. External links (HME-App)
      1. When selecting the Sydney region in the HME-App, the use of some functions results in the ‚Webshop Australia‘ being opened in an external web browser.
      2. The ‚Webshop Australia‘ is operated by Heinemann Australia Pty Ltd (Level 5, Customs House Building, Sydney International Airport, 10 Cooks River Avenue, Mascot NSW 2020).
      3. Please note that different data protection regulations apply when using the ‚Webshop Australia‘. You can find these regulations in the ‚Webshop Australia‘.
    22. New Relic (Webshop & HME-App)
      1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online service within the meaning of article 6 paragraph 1 lit. f GDPR) we use New Relic, a web analysis service of New Relic Inc. (‘New Relic’). New Relic uses cookies. The information generated by the cookie about the use of the online service by users is usually transferred to a New Relic server in the USA and stored there. New Relic is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (GDPR) (https://newRelic.com/privacy-shield).
      2. New Relic will use this information on our behalf to evaluate the use of our online service by users, to compile reports on the activities within this online service and to provide us with further services connected with the use of this online service and the use of the Internet. Pseudonymous user profiles can be created from the processed data.
      3. We use New Relic only with IP anonymization enabled. This means that the IP address of users will be reduced by New Relic within Member States of the European Union or in other States party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a New Relic server in the USA and shortened there.
      4. The IP address transmitted by the user's device will not be merged with other New Relic data. Users' personal data will be deleted or made anonymous after 14 months.
      5. Webshop: Users can prevent the storage of cookies by setting their browser software accordingly.
      6. HME-App: You cannot prevent cookies from being saved while using the HME-App.
      7. Further information on the use of data by New Relic, setting and objection options, can be found in the data protection declaration of New Relic (https://newrelic.com/termsandconditions/privacy) and at (https://newrelic.com/termsandconditions/cookie-policy).
    23. HockeyApp (HME-App)
      1. If you - after a crash of the app - voluntarily and expressly agree, an anonymous crash report will be transmitted to our service provider HockeyApp (a company of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) and stored on their servers for evaluation by us. Crash reports do not contain any personal information.
      2. They consist of a stack trace, some device information (no serial number or similar), the app version, the time stamp of the crash, and the list of software libraries loaded into memory. There are no processor register contents or log files contained.
  3. Cookies (Webshop & HME-App)
    1. General Information
      1. Cookies are information transmitted by our web server or third-party web servers to the users' devices where they are stored for later retrieval. Cookies can be in the form of small files or any other types of information storage.
      2. Webshop: In the case that users do not want that cookies are stored on their device, they will be asked to disable the corresponding option in their browser's system settings. Saved cookies may be deleted in the system settings of the browser. The exclusion of cookies can lead to functional impairments of this online service.
      3. HME-App: You cannot deactivate cookies.
    2. Objection Options

      You may object to the use of cookies that are used for measuring the range of coverage and promotional purposes via

      1. deactivation page of the Network Advertising Initiative: http://optout.networkadvertising.org/
      2. the US-American website: http://www.aboutads.info/choices
      3. the European website http://www.youronlinechoices.com/uk/your-ad-choices/
    3. Cookie Policy

      For more information, please see our cookie policy.

  4. Changes to the Data Privacy Statement
    1. We reserve the right to change this Data Privacy Statement with regards to the data processing, in order to adapt it to changed legal situations, to changes of the online service or of the data processing.
    2. If users' consents are required or if elements of the Data Privacy Policy contain provisions in regards to the contractual relationship with the users, the changes will only be made with the consent of the users.
    3. Users are requested to keep themselves informed about the content of this Data Privacy Statement on a regular basis.
  5. Status: 01.09.2018