HeiQ Group Privacy Notice
as of Aug 24, 2021
This Privacy Notice gives you an overview of how HeiQ processes your data. It applies to all websites and other services offered by HeiQ.
This Privacy Notice is generally based on the EU General Data Protection Regulation (“GDPR”) and the Swiss Federal Data Protection Act. However, the data protection information and rights stated hereafter are generally relevant also under the data protection laws of other countries.
If you have any questions regarding this Privacy Notice or data protection at HeiQ or if you want to exercise your data protection rights, you can reach out to our Data Protection Officer (DPO) by contacting us through our Service Desk athttps://heiq.atlassian.net/servicedesk. You can also request data access or data deletion, or to exercise other data protection rights.
Which data does HeiQ process?
HeiQ offers you various services, which you can also use in different ways. Depending on whether you contact us online, by phone or otherwise and on which services you use, various data from different sources may come into play. Much of the data we process is provided by yourself when you use our services or contact us. For example, we collect personal data over our Shopify-Webshops, our website, our Service Desk (Jira/Atlassian), our contact forms or our newsletter registration. We do, however, also receive technical device and access data which is automatically collected when you interact with our services. We collect further data using data analyses. We may also receive data relating to you from third parties, for example from payment service providers.
We may process the following personal data:
What does HeiQ use my data for?
HeiQ processes your data in accordance with all applicable data protection laws. We therefore generally only process your data for the purposes explained to you in this Privacy Notice or shared when we collect the data. We also use your data within the framework of applicable data protection law for other purposes such as product development, market research and optimization of business processes. We are generally entitled to use your data based on customer contracts and in some cases based on consent.
We may use your data for the following:
HeiQ currently uses Google Analytics on its websites. This application is a third-party service which allows HeiQ to measure and analyze the use of its website. Google Analytics is operated by Google Inc. in the U.S. (www.google.com). The service provider uses permanent cookies for this application. HeiQ will not disclose any personal data to the service provider (who will also not save any IP addresses). The service provider may, however, monitor the use of the Website by the user and combine this data with data from other websites monitored by the same service provider which the user has visited and the service provider may use these findings for its own benefits (e.g. control of advertisement). The service provider knows the identity of the user who has registered with the service provider. In this case the processing of personal data will be the service provider’s responsibility and data shall be processed pursuant to data protection and privacy laws and according to the data protection policies of the service provider (see policies.google.com/privacy). The service provider will provide data on the use of the website to HeiQ.
Information on websites
We use your data to provide access to the HeiQ websites. Along with the device and access data collected whenever you use these services, the type of data processed as well as the processing purposes depend on how you use the functions and services provided. We also use the data collected when you use our services to find out how our online offering is used.
The following types of data are collected:
(1) Necessary cookies: These cookies are required for optimal navigation and operation of the website;
(2) Statistical cookies: These cookies collect device and access data to analyze the use of our website, such as which areas of the website are used how, how fast content is loaded and whether errors occur. These cookies only contain anonymous or pseudonymous information and are only used to improve our website and to find out what our users are interested in. Statistical cookies can be blocked without adversely affecting the navigation and operation of the website.
(3) Personalization cookies: These cookies allow users to access web services with certain predefined elements, established through a series of criteria on the user’s computer. Based on these cookies we can show you personalized content that fits your preferences. Personalization cookies can be blocked without adversely affecting the navigation and operation of the website.
(4) Marketing cookies (“tracking cookies”): These cookies contain identifiers and collect device and access data in order to adapt personalized advertising on our websites to your individual interests. Marketing cookies can be blocked without adversely affecting the navigation and operation of the website.
We offer a newsletter to our website and webshop users. You must sign up for the newsletter on our websites in order to receive our newsletter services. We use the software MailChimp and Klaviyo for our newsletter. If you no longer wish to receive emails from us, you can unsubscribe at any time and send a notification in text form (e.g. email, fax, letter) to the HeiQ company responsible for the newsletter.
If you subscribe to our newsletter, we temporarily store your IP address and save the time of your subscription and confirmation. This way we can prove that you actually subscribed and identify any unauthorized use of your email address. Your name, address, email address and (in the event of purchase) purchase amount may be provided to MailChimp and Klaviyo.
Who is my data forwarded to?
HeiQ only forwards your data to the extent allowed under applicable data protection law. We work particularly closely with certain service providers, for example with technical service providers (e.g. running computer centers) or with logistics companies (e.g. MS Direct). These service providers will generally only process your data on our behalf under special conditions. If applicable, the service providers only receive access to your data in the scope and for the time period required for the provision of the relevant service.
Your data may be forwarded to the following companies:
Which data protection rights do I have?
You have various legal data protection rights under applicable data protection law. In particular, the GDPR provides for the following rights: Right to information (Article 15 GDPR), right to deletion (Article 17 GDPR), right to correction (Article 16 GDPR), right to restriction of processing (Article 18 GDPR), right to data portability (Article 20 GDPR), right to lodge a complaint with the competent supervisory authority (Article 77 GDPR), right to withdraw consent (Article 7 (3) GDPR) as well as the right to object to particular data processing measures (Article 21 GDPR).
The data protection rights in countries outside the EU/EEA or Switzerland may possibly be less extensive. Reference is made to the data protection law of the relevant country.
When will my data be deleted?
We will store your personal data as long as it is necessary for the purposes stated in this Privacy Notice. We may also store your data for other purposes to the extent permitted under applicable data protection law, for example for our defense against legal claims.
If you close your customer account, we will generally delete all your data we have stored. If it is not possible or necessary to completely delete your data for legal reasons, the relevant data will be appropriately blocked for further processing.
How does HeiQ protect my data?
We use technical and organizational measures to secure our website and other systems against loss, destruction, access, change or dissemination by unauthorized persons. HeiQ transmits your personal data securely using encryption. This applies to your order and your customer login.
Every website (including online-shops) and every presence on social media has a controller within the HeiQ Group with respect to the collecting of personal data according to applicable data protection law. Unless provided otherwise on the website, HeiQ Materials AG, Ruetistrasse 12, 8952 Schlieren (Zurich), Switzerland is the controller for the Shopify-Webshops (https://ch.heiq.com/ andhttps://us.heiq.com/ andhttps://eu.heiq.com/) the WordPress Website (global) (https://heiq.com/), the newsletter and the Service-Desk (https://heiq.atlassian.net/servicedesk/customer/portals).
Should a HeiQ company or affiliate disclose personal data to another HeiQ company or affiliate for specific purposes, the transferring company or affiliate is the controller.
Competent supervisory authority
The data protection supervisory authority in Switzerland is: Office of the Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Berne, Switzerland.
The EU/EEA Member States each have a data protection supervisory authority. The same generally applies to other countries.
Changes to this Privacy Notice
Any further development of our websites and the implementation of new technologies to improve our services may require changes to this Privacy Notice. We therefore recommend that you read this Privacy Notice again from time to time.