You are currently on the International (English) version.

Looks like you are in United States.

Switch to local content?

Privacy Policy

Data Controller and Data Protection Officer 

The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) is: 

Heidelberg Engineering GmbH 
Max-Jarecki-Straße 8 
69115 Heidelberg 
Germany 

Email: Info@Heidelbergengineering.com 

Further contact details can be found in the Legal Notice of this website. 

Heidelberg Engineering GmbH has appointed an external Data Protection Officer, who can be contacted at: 

CL Compliance und Datenschutz GmbH & Co. KG 
Douglasstraße 11–15 
76133 Karlsruhe 
Germany 

Phone: +49 721 91250880 
Email: Heidelbergengineering@compliance-datenschutz.de 

For general privacy-related inquiries, you may also contact our internal Data Protection Team at: 

Datenschutz@heidelbergengineering.com 

Your Rights

Whenever we process your personal data, you are entitled to certain rights under the GDPR. These rights are intended to ensure transparency and give you control over how your personal data is used. 

Right of Access

You have the right to obtain confirmation as to whether we process personal data concerning you and, if so, to receive information about the personal data processed, the purposes of the processing, and the recipients of your data. 

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to request that it be corrected or completed. 

Right to Erasure (“Right to be Forgotten”)

Under certain circumstances, you may request the deletion of your personal data, provided that we are not required to retain it to comply with legal obligations or to protect legitimate interests. 

Right to Restriction of Processing

In certain cases, you may request that we restrict the processing of your personal data, for example while the accuracy of the data is being verified. 

Right to Data Portability

You have the right to receive personal data that you have provided us in a structured, commonly used and machine-readable format, or to have that data transmitted to another controller where technically feasible. 

Right to Object

You have the right to object to the processing of your personal data where such processing is based on legitimate interests or carried out for direct marketing purposes. 

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. 

Exercising Your Rights

To exercise any of your rights, you may contact us or our Data Protection Officer using the contact details provided above. 

We will respond to your request without undue delay and within the time limits required by applicable law. 

Right to Lodge a Complaint

You have the right to lodge a complaint with a competent data protection supervisory authority if you believe that the processing of your personal data violates applicable data protection laws. 

An overview of the German data protection supervisory authorities can be found here

Categories of Data and Recipients

What Types of Personal Data Do We Process? 

Depending on the purpose of processing, we may process the following categories of personal data: 

  • Identification and contact information (e.g. name, contact details, organisation) 
  • Communication data (e.g. correspondence, inquiries and related communications) 
  • Contractual and business relationship data (e.g. contract information, billing details, points of contact) 
  • Technical and usage-related data (e.g. IP address, log files, device and browser information) 
  • Special categories of personal data 

In certain situations, we may also process personal data that is considered particularly sensitive under applicable data protection laws. Such processing is carried out only where permitted by law and is described in the relevant sections of this Privacy Notice. 

Who Receives Your Data? 

We disclose personal data only where there is a valid legal basis for doing so and where such disclosure is necessary for the relevant purpose. 

  • Recipients of your personal data may include: 
  • Service providers acting on our behalf (e.g. IT, hosting, support or communication service providers) 
  • Subsidiaries and affiliated companies where necessary for the performance of an existing business relationship or for the protection of legitimate interests 

Public authorities where we are legally required to disclose information 

Our service providers process personal data solely on our instructions. Through contractual arrangements and appropriate oversight measures, we ensure that an adequate level of protection is maintained. 

Your personal data will not be disclosed beyond these cases unless: 

  • you have expressly consented to the disclosure, or 
  • we are legally required to do so. 

Retention Periods 

We retain your personal data only for as long as necessary for the duration of our business relationship and for the fulfilment of contractual purposes, including the initiation, performance and administration of contractual relationships. 

Where processing is based on your consent, we retain the relevant data for the period specified in the consent declaration or until you withdraw your consent. 

In addition, we are subject to statutory retention and documentation obligations, under German commercial and tax law. These retention periods may extend up to ten years. 

Personal data may also be retained for the duration of applicable statutory limitation periods where necessary to establish, exercise or defend legal claims. Such periods are generally three years but may extend to up to thirty years in certain circumstances. 

International Data Transfers 

Personal data is transferred to countries outside the European Union or the European Economic Area (third countries) only where the applicable legal requirements are met. 

Where personal data is transferred to subsidiaries or affiliated companies located in a third country, we ensure by means of appropriate safeguards that an adequate level of data protection is maintained. 

Where service providers process personal data on servers located in third countries as part of processing activities carried out on our behalf, we also ensure in such cases by means of appropriate safeguards that an adequate level of data protection is maintained. Information about the services used and the safeguards provided for this purpose can be found in the Providers and Technologies List of this Privacy Notice. 

Profiling and Automated Decision-Making 

We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you within the meaning of Art. 22 GDPR. 

Processing Activities

The following sections describe common situations in which we process personal data. Rather than presenting abstract legal concepts, we explain the specific contexts in which personal data may be processed — for example, when you use our website, contact us, participate in events, or engage with us in a business relationship.

For each processing activity, we explain why personal data is processed and how we handle it. Our aim is to provide a clear and transparent overview of when personal data is processed and what this means for you.

If you have any questions about the processing activities described below, or if anything remains unclear, please do not hesitate to contact us.

Provision and Use of our Website

The legal basis for processing activities that are technically necessary for the operation of our website is Art. 6(1)(f) GDPR. Where we use optional technologies, for analytics, statistics, or marketing purposes, processing is based on your consent pursuant to Art. 6(1)(a) GDPR and, where applicable, Section 25(1) of the German Telecommunications Digital Services Data Protection Act (TDDDG).

Contact and Communication

If you contact us or schedule an appointment with us, we process your personal data to handle your request and to organise and conduct related communication. Depending on the nature of your request, processing is carried out based on Art. 6(1)(b) or Art. 6(1)(f) GDPR.

Newsletter

If you subscribe to our newsletter, we process your personal data to send you information about our products, services, events, and other company-related topics. Your consent pursuant to Art. 6(1)(a) GDPR is required for the distribution of the newsletter and the associated processing of your personal data. You may withdraw your consent at any time with effect for the future.

Customers, Business Partners and Prospects

We process personal data of customers, prospective customers, and contacts at business partners to establish and manage business relationships, perform contracts, provide services, and support the related administrative and organisational processes. Depending on the circumstances, processing is carried out based on Art. 6(1)(b), (c), and (f) GDPR and, where required, based on your consent pursuant to Art. 6(1)(a) GDPR.

Use of Web Portals and User Accounts

If you use our web portals or create a user account, we process personal data to provide portal functionalities, manage your access, and ensure the secure use of our systems. Depending on the context, processing is carried out based on Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

Webinars, Training Courses and Academy Programs

If you participate in webinars, training courses or Academy programs, we process your personal data for the organisation, delivery and follow-up of the respective activity. Depending on the nature of the offering, processing is carried out for the performance of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR and, where necessary, for the purposes of our legitimate interests pursuant to Art. 6(1)(f) GDPR.

Applications

We process your personal data as part of the recruitment process for the purpose of assessing your application and deciding whether to establish an employment relationship. The processing is based on Section 26 (1) sentence 1 of the German Federal Data Protection Act (BDSG) in conjunction with Art. 6(1)(b) GDPR. Where special categories of personal data within the meaning of Art. 9(1) GDPR are involved, such data will be processed – where legally permitted – in particular based on Art. 9(2)(b) GDPR in conjunction with Section 26 (3) BDSG. Where processing is based on your consent, the legal basis is Art. 6(1)(a) GDPR and, in the case of special categories of personal data, Art. 9(2)(a) GDPR.

Speakers

If you act as an external speaker for us, we process your personal data for the preparation, organisation and administration of our collaboration. Processing is carried out primarily based on Art. 6(1)(b) GDPR and, where necessary, Art. 6(1)(f) GDPR, as well as Art. 6(1)(a) GDPR where you have provided your consent.

Marketing Communications and Lead Management

We process personal data to provide prospective and existing customers with information about our products, services and offerings, and to manage and optimise our marketing and sales activities. Processing is carried out based on our legitimate interests pursuant to Art. 6(1)(f) GDPR and, where required, based on your consent pursuant to Art. 6(1)(a) GDPR.

Events (Trade Fairs, Conferences, Webinars and Similar Events)

When organizing and hosting our events, we process personal data to prepare, manage, deliver and document the respective event. Depending on the nature of the event, processing is necessary for the performance of a contract, for our legitimate interests or, where required, based on your consent.

Social Media Presence

We maintain corporate profiles on various social media platforms. Simply visiting our website does not result in the transmission of personal data to these platforms. Personal data is only transmitted if you actively click on a link to one of our social media profiles. We process personal data in connection with our social media presence where necessary to pursue our legitimate interests in accordance with Art. 6(1)(f) GDPR.

Whistleblowing System

We operate a whistleblowing system that enables the confidential reporting of suspected legal or regulatory violations. Personal data is processed to comply with our legal obligations under Art. 6(1)(c) GDPR in conjunction with the German Whistleblower Protection Act (Hinweisgeberschutzgesetz) and, where necessary, to pursue our legitimate interests in accordance with Art. 6(1)(f) GDPR.