1) Information on the collection of personal data and contact details of the data controller
The controller in charge of data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is
Rudolf Heintel Ges.m.b.H.
Tel.: +43 (1) 403 89 56-0
2) Collection of data in connection with visits to our website
When using our website for information only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the moment of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymised form)
Data processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are any concrete indications of illegal use.
In order to make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
If personal data are also processed by individual cookies set by us, the processing is carried out in accordance with Art. 6(1)(b) GDPR either for the execution of the contract or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
Please note that you can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find these for the respective browsers under the following links:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Please note that the functionality of our website may be limited if cookies are not accepted.
When you contact us (e.g. via contact form or e-mail), personal data are collected. Which data are collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. The legal basis for processing these data is Art. 6(1)(b) GDPR (required for concluding a contract). Your data will be deleted after final processing of your enquiry.
5) Data processing when opening a customer account and for contract processing
Pursuant to Art. 6(1)(b) GDPR, personal data will continue to be collected and processed if you provide the data to us for the execution of a contract. Which data are collected can be seen from the respective input forms (in any case, company name, address, telephone number, email address, name of the contact person, function, department if the customer is in the B2B sector). We store and use the data provided by you for contract processing. After complete processing of the contract, your data will be deleted after 30 years in accordance with documentation obligations under liability law and the Medical Devices Act.
6) Use of your data for direct advertising
6.1 Subscription to our email newsletter
If you subscribe to our email newsletter, we will send you regular information about our offers. The only mandatory information for sending the newsletter is your email address.
When you subscribe to our newsletter, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration so that we can trace any possible misuse of your email address at a later time. The data collected by us when you register for the newsletter will be used exclusively for the purpose of advertising by means of the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the responsible person named above. After your cancellation, your email address will immediately be deleted from our newsletter distribution list.
6.2 Mailing of the email newsletter to existing customers
If you have provided us with your email address during the purchase of goods or services, we reserve the right to regularly send you information by email on similar goods or services such as those already purchased from our range. In accordance with § 107 of the Austrian Telecommunications Act (TKG), we do not need to obtain separate consent from you for this purpose. In this respect, the data processing is carried out solely on the basis of our legitimate interest in personalised direct advertising in accordance with Art. 6(1)(f) GDPR and § 107 TKG. We will not send you any emails if you have initially objected to the use of your email address for this purpose. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying us.
6.3 Newsletter distribution via Emarsys eMarketing Systems AG
Our email newsletter is sent by the technical service provider eyepin GmbH, Billrothstraße 52, 1190 Wien, email: firstname.lastname@example.org (“eyepin”), to whom we pass on the data you provided when registering for the newsletter. The data is transferred in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest of having an effective, secure and user-friendly newsletter system. The data you enter for the purpose of receiving the newsletter (e.g. email address) is stored on eyepin’s servers in the EU. This information is used by eyepin for the purpose of sending the newsletters on our behalf.
7) Processing of data for the purpose of order handling
7.1 In order to process your order, we work together with the service provider(s) listed below, who support us in whole or in part in the execution of concluded contracts. Certain personal data are transmitted to these service providers in accordance with the following information.
The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution within the framework of payment processing if this is necessary for payment handling. If payment service providers are used, we will explicitly inform you of this below. The legal basis for the transfer of data is Art. 6(1)(b) GDPR.
7.2 Use of payment service providers
With payment via PayPal, credit card via PayPal, direct debit via PayPal or, if offered, “purchase on account” or “payment by instalments” via PayPal, we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer of data takes place in accordance with Art. 6(1)(b) GDPR and only insofar as this is necessary for payment processing. PayPal reserves the right to carry out credit checks for the payment methods of credit card via PayPal, direct debit via PayPal or,
- if offered, “purchase on account” or “payment by instalments” via PayPal. For this purpose, your payment data may be passed on to credit agencies on the basis of PayPal’s legitimate interest in determining your solvency pursuant to Art. 6(1)(f) GDPR. PayPal uses the result of the credit assessment in relation to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on recognised scientific, mathematical-statistical methods. The calculation of the score values includes, but is not limited to, address data. For further information on data protection law, including the credit agencies used, please refer to PayPal’s privacy statement at: https://www.paypal.com/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
8) Web analysis services
Hotjar (Hotjar Ltd)
This website uses the web analysis service Hotjar provided by Hotjar Ltd. Hotjar Ltd is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788).
This tool can be used to track movements on websites on which Hotjar is installed (so-called heat maps). In this way, it is possible to see how far a user scrolls and which buttons they click on and how often. The tool can also be used to obtain feedback directly from the website users. This provides us with valuable information to help us make our websites even faster and more customer-friendly. The above analysis is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in optimisation and marketing purposes and the effective design of our website. We attach great importance to the protection of your personal data when using this tool. This means we can only track which buttons you click and how far you scroll. Hotjar automatically hides areas of websites where your personal data or that of third parties is displayed, thus making it impossible to track at any time.
Hotjar offers every user the option of using a “Do Not Track Header” to prevent Hotjar from being used, so that no data about the visit to the respective website is recorded. This setting is supported by all current versions of standard browsers. Your browser sends a request to Hotjar asking to disable tracking for the respective user. If you use our website on different computers/browsers, you will need to set up the “Do Not Track Header” for each of these computers/browsers separately.
Detailed instructions containing information about your browser can be found at: https://www.hotjar.com/opt-out/
More information about Hotjar Ltd and Hotjar as a tool can be found at: https://www.hotjar.com/
Google (Universal) Analytics
This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Analytics uses so-called cookies, which are text files stored on your computer, to help the website analyse how users use the site. The information generated by the cookies about your use of this website (including the shortened IP address) is generally transmitted to a Google server and stored there, which may also result in transmission to the servers of Google LLC in the USA.
This website uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures an anonymisation of the IP address by shortening it and excludes a direct personal relationship. As a result of the extension, your IP address will previously be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of Google LLC in the USA and shortened there. In these exceptional cases, processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
As an alternative to the browser plug-in or for browsers on mobile devices, please click on the following link in order to set an opt-out cookie which disables Google Analytics to collect data on this website in the future (this opt-out cookie only functions for this browser and this domain. If you delete your cookies on this browser, you must click again on this link): Disable Google Analytics
Google LLC, based in the United States, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
More information on Google (Universal) Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376
9) Rights of the Data Subject
The applicable data protection law grants you the following comprehensive rights: right of access, to rectification, to erase, to restriction, to data portability, to withdraw consent and to object. If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been violated in some way, you can lodge a complaint with the respective supervisory authority. In Austria, this is the Austrian Data Protection Authority.