Skip to main content Skip to search Skip to navigation

    • Privacy Policy

    1. Introduction

    The protection of your personal data has the highest priority. This privacy policy explains the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) in connection with the online offering. This includes the associated website, functions and content, as well as external online presences, such as social media profiles (hereinafter collectively referred to as “online offering”). Your personal data will be treated confidentially and in strict compliance with legal data protection regulations and the provisions of this privacy policy.


    General Information
    This privacy policy provides you with a comprehensive overview of what happens to your personal data when you visit this website. Personal data includes all information that can be used to personally identify you. Detailed information on data protection can be found in this full privacy policy.


    Responsible Entity
    The data processing on this website is carried out by the website operator. The contact details of the responsible party can be found in the “Responsible Party” section of this privacy policy.


    Collection of Your Data
    Personal data is collected, on the one hand, when you actively provide it, for example by filling out a contact form. Other data is automatically collected or collected with your consent by the responsible party’s IT systems when you visit the website. This mainly includes technical data (e.g., internet browser, operating system, or time of the page visit). This data is collected automatically as soon as you enter the website.


    Use of Your Data
    Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior in order to optimize the offering and tailor it to your needs.


    Data Transmission to External Parties
    As part of the responsible party’s business activities, it may be necessary to transmit personal data to external parties. This transmission only takes place under specific conditions: when the transfer is necessary to fulfill a contract, when there is a legal obligation to do so (e.g., to tax authorities), when there is a legitimate interest according to Art. 6 (1)(f) GDPR, or when another legal basis permits the data transmission. When external service providers are used for data processing, the transfer of personal data takes place exclusively on the basis of a valid data processing agreement in accordance with Art. 28 GDPR. If data is processed jointly with other parties, a joint processing agreement in accordance with Art. 26 GDPR is concluded.


    Revocation of Consent to Data Processing
    Certain data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of data processing carried out before the revocation remains unaffected by the revocation.


    Right to Object to Specific Data Processing and Direct Marketing (Art. 21 GDPR)
    If your personal data is processed on the basis of Art. 6 (1)(e) or (f) GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation. This also applies to profiling based on these provisions. The specific legal basis for the data processing can be found in this privacy policy. If you object, the responsible party will no longer process your personal data unless compelling legitimate grounds for the processing can be demonstrated that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).

    If your personal data is processed for direct marketing purposes, you have the right to object to this processing at any time. This also applies to profiling insofar as it is connected with direct marketing. After you object, the responsible party will no longer use your personal data for these marketing purposes (objection pursuant to Art. 21 (2) GDPR).


    Rights under the General Data Protection Regulation
    You have the right to lodge a complaint with a competent supervisory authority in the event of violations of the GDPR. This right may be exercised in the Member State of your habitual residence, place of work, or the place of the alleged infringement. Other administrative or judicial remedies remain unaffected.

    Personal data that is processed automatically on the basis of your consent or in fulfillment of a contract can be requested in a structured, commonly used, and machine-readable format. Upon request, these data can also be transmitted directly to another controller, where technically feasible.

    Every data subject has the right to receive, free of charge, information about their stored personal data, its origin, recipients, and the purpose of the data processing. In addition, there is a right to rectification or deletion of this data, as permitted by legal provisions. For further questions or concerns regarding personal data, you can contact the responsible party at any time.

    You have the right to request the restriction of the processing of your personal data if the accuracy of the data is contested and the verification is pending. Restriction can also be requested instead of deletion in the case of unlawful processing. Furthermore, restriction may be requested if the data is no longer needed but is required for the establishment, exercise, or defense of legal claims. In the event of an objection to processing pursuant to Art. 21 (1) GDPR, you also have the right to restriction pending the determination of whose interests prevail.

    If the processing of personal data is restricted, this data – apart from being stored – may only be processed with the consent of the data subject, or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the EU or a Member State.


    2. Controller
    The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

    Company: HEIKU Martin Kubiniok e.K.
    Represented by: Mr.
    Address: Lohrheidestr. 58, 44866 Bochum
    Website: www.heiku.de
    Email: info@heiku.de
    Phone: 02327 3741


    3. Processors
    Collaboration takes place with various processors who process data on behalf of the controller. These service providers are contractually obligated to handle the data confidentially and to use it exclusively within the scope of the respective service. In addition, there are cases in which responsibility for data processing is shared with other entities. In such cases, responsibilities are transparently defined and documented to ensure compliance with data protection requirements.


    4. Definitions
    To ensure the transparency of this privacy policy and make it understandable to everyone, this document primarily uses terms that are also defined in the General Data Protection Regulation (GDPR). The complete legal definitions can be found in Article 4 of the GDPR. The most important terms used in connection with this privacy policy are explained below:

    Personal Data: This includes all information relating to an identified or identifiable natural person (hereinafter “data subject”). A person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

    Processing: This term covers any operation or set of operations performed on personal data, whether or not by automated means. This may include the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of data.

    Controller: A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

    Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

    Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

    Website: The website refers to the entire online offering provided by the controller under a specific URL. This includes all content, information, functions, and services published by the controller and made accessible to users via this URL. The website serves as a digital platform for providing information, services, and for interaction between the controller and users.

    Terminal Device: A terminal device is an electronic device capable of accessing the internet and loading web pages. This includes, among others, computers, laptops, tablets, and smartphones.

    These definitions help to better understand this privacy policy and the meaning of the terms used.


    5. Hosting
    This website is hosted on the servers of an external service provider to ensure reliable and secure use of this online offering.

    The data processing by the hosting provider is carried out in accordance with Art. 6 (1)(f) GDPR, as the controller has a legitimate interest in providing a stable and secure website. If it is necessary to obtain the user’s consent (for example, for the use of certain cookies or tracking technologies), the data processing is based on the user’s consent pursuant to Art. 6 (1)(a) GDPR and § 25 (1) TTDSG. You may withdraw your consent at any time with effect for the future.

    The hosting provider is:

    Timme Hosting GmbH & Co. KG
    Ovelgönner Weg 43
    21335 Lüneburg
    Germany

    Details on data processing and data protection can be found in the hosting provider’s privacy policy.

    To ensure that your data is processed in compliance with applicable data protection regulations, a data processing agreement (DPA) has been concluded with the hosting provider. This agreement obliges the hosting provider to process the personal data of website visitors exclusively in accordance with the controller’s instructions and in compliance with the GDPR. The hosting provider guarantees comprehensive protection of your data through technical and organizational measures.


    6. Legal Bases for Data Processing
    The processing of your personal data is carried out on the basis of the General Data Protection Regulation (GDPR) and other relevant legal provisions. Depending on the purpose of the data processing, different legal bases apply.

    If you have consented to the processing of your personal data, this is based on your consent in accordance with Art. 6 (1)(a) GDPR. This applies in particular to the processing of special categories of personal data pursuant to Art. 9 (2)(a) GDPR as well as to the transfer of personal data to third countries under Art. 49 (1)(a) GDPR. You may withdraw your consent at any time.

    The processing of your data may be necessary for the performance of a contract or for pre-contractual measures and, in this case, is based on Art. 6 (1)(b) GDPR. In addition, processing may be required to comply with legal obligations, which is carried out in accordance with Art. 6 (1)(c) GDPR.

    In certain cases, processing takes place to safeguard the legitimate interests of the controller or a third party, provided that your interests or fundamental rights and freedoms do not override these interests. This processing is based on Art. 6 (1)(f) GDPR.

    For certain processing activities, national regulations such as § 25 TTDSG may also apply, for example, when storing cookies or accessing information on your device. The applicable legal bases are explained in detail in the relevant sections of this privacy policy.

    If your data is required for the performance of a contract or for pre-contractual measures, processing is based on Art. 6 (1)(b) GDPR. To comply with legal obligations, data processing is based on Art. 6 (1)(c) GDPR. Furthermore, data processing may be based on legitimate interests pursuant to Art. 6 (1)(f) GDPR. The specific legal bases in individual cases are explained in the following sections of this privacy policy.


    7. Data Transfers to Non-Secure Third Countries and Non-DPF Certified U.S. Companies
    If this website uses tools from companies located in third countries that are not considered secure under data protection law, or U.S. tools from providers that are not certified under the EU-U.S. Data Privacy Framework (DPF), your personal data may be transferred to and processed in these countries. Please note that in such third countries, no data protection level comparable to that of the EU can be guaranteed. For the U.S. as an insecure third country, an EU-equivalent level of data protection is generally not guaranteed. Data transfers to the U.S. are therefore only permissible if the recipient either has certification under the “EU-U.S. Data Privacy Framework” (DPF) or provides appropriate additional safeguards. Detailed information on possible transfers to third countries, including data recipients, can be found in this privacy policy.


    8. Storage Period
    Unless a more specific storage period is stated within this privacy policy, personal data will remain with the controller until the purpose for which the data was collected no longer applies. If a legitimate deletion request is made or consent to data processing is withdrawn, the relevant data will be deleted, provided there are no other legally permissible reasons for retaining the personal data (e.g., tax or commercial retention periods). In such cases, deletion takes place once these reasons no longer apply.

    The controller stores personal data only for as long as is necessary to fulfill the respective purposes for which the data was collected. This includes, in particular, the fulfillment of contractual obligations, compliance with statutory retention periods, and the safeguarding of the controller’s legitimate interests, such as IT security and protection against misuse. If the processing of personal data is based on consent, the data will be stored until that consent is withdrawn by the data subject. Such a withdrawal is possible at any time with effect for the future. After withdrawal, the data will be deleted without delay unless statutory retention obligations or other overriding legal reasons require further storage.

    In summary, personal data will be deleted once the purpose has been fulfilled or the legal basis for storage no longer exists, unless there are legal obligations or legitimate interests that justify further storage.


    9. Security Measures and Data Minimization
    Comprehensive technical and organizational measures are taken to effectively protect your personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. Particular care is taken to collect and process only the data that is absolutely necessary for the respective purpose. This data minimization strategy helps significantly reduce the risk of misuse and unauthorized access. Security measures are continuously adapted to the state of the art to ensure the ongoing high level of protection of your data.


    10. SSL/TLS Encryption
    To protect the security of your data during transmission, state-of-the-art encryption procedures (e.g., SSL or TLS) are used via HTTPS. SSL (Secure Socket Layer) and TLS (Transport Layer Security) are protocols for encrypting data transmissions on the internet. This ensures that the data exchanged between your browser and the server is protected from unauthorized access. You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the lock symbol in your browser bar.


    11. Encrypted Payment Transactions via the Website
    If, after concluding a contract involving payment, there is an obligation to transmit your payment data (e.g., account number for direct debit authorization) to the controller, the transmission of this data is carried out in encrypted form. This encryption technology provides a high level of protection for payment data and prevents access by third parties. You can recognize the encrypted transmission path by the change in the browser’s address line from “http://” to “https://” and the appearance of the lock symbol in the browser bar. The use of SSL or TLS ensures that payment data is handled securely and confidentially.


    12. Storage of User Information in Log Files
    Each time the website is accessed, general information transmitted by your browser to the server is automatically collected. This information is stored in so-called log files and generally includes:

    a) IP address of the requesting computer
    b) Date and time of access
    c) Name and URL of the retrieved file
    d) Website from which the access originated (referrer URL)
    e) Browser used and user agent string
    f) Operating system
    g) Name of your access provider
    h) HTTP status code

    This data is stored for security reasons, to ensure the smooth establishment of a connection to the website, to facilitate comfortable use of the website, to evaluate system security and stability, and for other administrative purposes.

    The legal basis for data processing is Art. 6 (1)(f) GDPR. The legitimate interest arises from the purposes listed above for data collection. Under no circumstances will the collected data be used to draw conclusions about your identity. The stored data will be anonymized or deleted, provided there are no legal retention obligations.


    13. Cookies
    This website uses cookies. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit the site. Cookies do not cause any damage to your device, nor do they contain viruses, trojans, or other malware.

    Information stored in a cookie is always related to the specific device being used. However, this does not mean that the controller gains direct knowledge of your identity.

    The use of cookies serves, on the one hand, to make the use of our offering more pleasant for you. For example, the controller uses so-called session cookies to recognize that you have already visited individual pages of the website. These are automatically deleted when you leave the site.

    In addition, the controller also uses temporary cookies to optimize user-friendliness. These cookies are stored on your device for a specified period. If you return to the site to use our services, it will automatically recognize that you have been there before and which inputs and settings you made, so you do not have to enter them again.

    Furthermore, the controller uses cookies to statistically record the use of the website and to evaluate it for the purpose of optimizing the offering for you. These cookies allow the controller to automatically recognize that you have already visited the site before. These cookies are automatically deleted after a defined period.

    The data processed by cookies is necessary for the purposes mentioned to safeguard the legitimate interests of the controller and third parties pursuant to Art. 6 (1)(f) GDPR.

    Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a warning always appears before a new cookie is created. Completely disabling cookies may, however, result in you not being able to use all functions of the website.


    14. Cookie Consent Banner
    This website uses a cookie consent banner to manage your consent to the use of cookies. The provider of this service is:

    _________

    Function and Purpose
    The cookie consent banner sets a technically necessary cookie to store your cookie consents. This cookie does not process any personal data. It only stores the settings you selected when entering the website, including:

    a) Consent to or rejection of certain cookies
    b) Time of consent
    c) Duration of storage of the settings
    d) Legal basis of data processing

    The data processing by the cookie consent banner is based on Art. 6 (1)(f) GDPR. The legitimate interest of the controller lies in ensuring legally compliant consent to the use of cookies. If consent is requested, processing is based on Art. 6 (1)(a) GDPR.

    Storage Duration and Deletion
    The stored data remains stored until you delete the cookies in your browser yourself or revoke your consent. You can change your settings at any time in the cookie settings of this website.


    15. Use of the Contact Form
    If you have any questions, you have the option of contacting the controller via a form provided on this website. To know who the inquiry is from and to be able to respond, the following information is required: email, telephone.

    The processing of data for the purpose of contacting the controller is based on Art. 6 (1)(a) GDPR and your voluntary consent.

    The personal data collected for the use of the contact form will be regularly deleted once the inquiry has been dealt with.


    16. Inquiries by Email or Telephone
    You can contact the controller by email or telephone. The personal data transmitted in this context (e.g., name, email address, telephone number, and the inquiry itself) will be processed and stored by the controller solely for the purpose of processing the inquiry and any follow-up questions.

    The legal basis for this data processing is Art. 6 (1)(b) GDPR, as the processing is necessary for the performance of a contract or for pre-contractual measures. If the processing is not related to a contract, it is carried out on the basis of Art. 6 (1)(f) GDPR, as the controller has a legitimate interest in processing and responding to inquiries.


    17. Inquiries via WhatsApp
    You can contact the controller via WhatsApp. Please note that WhatsApp stores the transmitted data on servers in the USA. Therefore, no sensitive information should be transmitted via this channel. The personal data you transmit (e.g., name, phone number, and the inquiry itself) will be processed and stored by the controller solely for the purpose of handling your inquiry and any follow-up questions.

    The legal basis for this data processing is Art. 6 (1)(b) GDPR, as the processing is necessary for the performance of a contract or for pre-contractual measures. If the processing is not related to a contract, it is carried out on the basis of Art. 6 (1)(f) GDPR, as the controller has a legitimate interest in processing and responding to inquiries.

    Additional information on the processing of your personal data by WhatsApp can be found in their privacy policy at: https://www.whatsapp.com/legal/.


    18. Prohibition of Unsolicited Advertising Emails
    The use of the contact details published in the legal notice for the purpose of sending unsolicited advertising and information materials is hereby prohibited. Any unauthorized use of the contact details for advertising purposes constitutes a violation of the rights of the operator of this website and will not be tolerated. The operator expressly reserves the right to take legal action in the event of violations, in particular in the case of unsolicited advertising information such as spam emails.


    19. Registration on the Website
    You have the option to register on the website. The data entered for this purpose will be used by the controller only for the purpose of using the respective offer or service for which the registration is carried out. The mandatory information requested during registration must be provided in full; otherwise, the registration will be rejected.

    For important changes—such as to the scope of the offer or in the case of technically necessary changes—the controller will use the email address provided during registration to inform you in this way.

    The processing of the data entered during registration is based on the users’ consent (Art. 6 (1)(a) GDPR). You may withdraw consent at any time. A simple message by email to the controller is sufficient for this purpose. The lawfulness of the data processing already carried out remains unaffected by the withdrawal.


    20. Newsletter
    If you would like to receive the newsletter offered on the website, the controller requires a valid email address from you as well as information that allows verification that you are the owner of the specified email address and agree to receive the newsletter (double opt-in procedure). No further data is collected. This data is used exclusively for sending the requested information and is not passed on to third parties.

    The processing of the data entered into the newsletter registration form is based solely on your consent pursuant to Art. 6 (1)(a) GDPR. You may withdraw the consent given for the storage of the data, the email address, and their use for sending the newsletter at any time—for example via the “unsubscribe” link in the newsletter or by sending a corresponding message to the controller. The lawfulness of the data processing already carried out remains unaffected by the withdrawal.

    The data you provide for the purpose of receiving the newsletter will be stored until you unsubscribe from the newsletter and deleted after you have unsubscribed. Data stored by the controller for other purposes (e.g., email addresses for the members’ area) remains unaffected by this.


    Brevo
    The newsletter is sent via the provider Brevo. Brevo is a service of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. The email addresses of newsletter recipients and other data described in these notes are stored on Brevo’s servers in Germany. Brevo uses this information to send and evaluate the newsletter on behalf of the controller. In addition, according to its own information, Brevo may use this data to optimize or improve its own services—for example, for the technical optimization of dispatch and the presentation of the newsletter or for economic purposes to determine from which countries recipients come. However, Brevo does not use the data of newsletter recipients to write to them itself or to pass it on to third parties.

    Further information on data protection at Brevo can be found at: https://www.brevo.com/de/features/data-security/

    In addition, technical and organizational security measures are used to protect your personal data against manipulation, loss, destruction, or access by unauthorized persons. These security measures are continuously improved in line with technological developments.


    21. Use of Analytics and Tracking Tools
    Analytics and tracking tools are used to ensure a needs-based design and the continuous optimization of this website. These measures help to statistically record the use of this website and thus optimize the offering for you. The storage and analysis of the data is based on Art. 6 (1) sentence 1 (f) GDPR, as the provider has a legitimate interest in offering an appealing and functional website.

    If corresponding consent has been obtained, processing is additionally based on Art. 6 (1) sentence 1 (a) GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting). This consent can be withdrawn at any time.


    Google Ads Tracking
    Google Ads Tracking is used, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ads Tracking uses cookies to measure the effectiveness of advertising campaigns and to analyze your use of this website. The information generated by the cookie about your use of this website is usually transmitted to Google servers in the USA and stored there.

    Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of protection for the transfer of personal data from the EU to the USA. Every company certified under the DPF undertakes to comply with these strict data protection standards. Further information on the EU-U.S. DPF can be found at: https://www.dataprivacyframework.gov/.

    Further information on data protection with Google Ads Tracking can be found at: https://policies.google.com/privacy.


    Google Ads Remarketing
    Google Ads Remarketing is used, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ads Remarketing uses cookies to serve targeted advertising to users who have previously visited this website. This enables relevant ads to be presented to visitors to this website on other sites within the Google Display Network. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

    Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of protection for the transfer of personal data from the EU to the USA. Every company certified under the DPF undertakes to comply with these strict data protection standards. Further information on the EU-U.S. DPF can be found at: https://www.dataprivacyframework.gov/.

    Further information on data protection with Google Ads Remarketing can be found at: https://policies.google.com/privacy.


    Google Analytics
    Google Analytics is used, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies to enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to Google servers in the USA and stored there. By enabling IP anonymization on this website, however, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission.

    Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of protection for the transfer of personal data from the EU to the USA. Every company certified under the DPF undertakes to comply with these strict data protection standards. Further information on the EU-U.S. DPF can be found at: https://www.dataprivacyframework.gov.

    Further information on data protection with Google Analytics can be found at: https://policies.google.com/privacy.


    Google Conversion Tracking
    Google Conversion Tracking is used, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Conversion Tracking uses cookies to measure the effectiveness of ads and to analyze your use of this website. The information generated by the cookie about your use of this website is usually transmitted to Google servers in the USA and stored there.

    Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of protection for the transfer of personal data from the EU to the USA. Every company certified under the DPF undertakes to comply with these strict data protection standards. Further information on the EU-U.S. DPF can be found at: https://www.dataprivacyframework.gov.

    Further information on data protection with Google Conversion Tracking can be found at: https://policies.google.com/privacy.


    Google Tag Manager
    Google Tag Manager is used, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Tag Manager itself does not use cookies and does not collect personal data. The tool triggers other tags that may collect data in turn. Google Tag Manager does not access this data.

    Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of protection for the transfer of personal data from the EU to the USA. Further information on the EU-U.S. DPF can be found at: https://www.dataprivacyframework.gov.

    Further information on data protection with Google Tag Manager can be found at: https://policies.google.com/privacy.




    22. Processing of Customer and Contract Data
    Personal customer and contract data are collected, processed, and used for the establishment, substantive design, and modification of contractual relationships. This may include name, address, email address, and telephone number. This information is necessary to provide services and to communicate. Depending on the selected payment method, payment information such as credit card details, bank account data, or information on other payment services is also collected and used exclusively for the payment process.

    In addition, usage and order data are processed, including information about orders, services used, prices, and delivery details. Personal data regarding the use of this website (usage data) are collected, processed, and used only to the extent necessary to enable the user to make use of the service or to bill for it.

    The processing of personal data is based on various legal grounds. Pursuant to Art. 6 (1)(b) GDPR, data processing is carried out for the performance of a contract or pre-contractual measures, for example to process orders and provide services. Furthermore, processing is carried out under Art. 6 (1)(c) GDPR to fulfill legal obligations, including statutory retention periods. In addition, processing is carried out pursuant to Art. 6 (1)(f) GDPR to safeguard legitimate interests, such as improving services and ensuring IT security.

    The customer data collected will be deleted after completion of the order or termination of the business relationship and after the expiry of any applicable statutory retention periods. Statutory retention periods remain unaffected.


    23. Shipping and Delivery of Goods
    If goods are shipped to customers, the controller collects and processes additional personal data necessary for processing the shipment. This includes, in particular, the name, delivery address, and any special delivery instructions. This data is used exclusively for carrying out the shipping process and delivering the ordered goods.

    The processing of this data is based on Art. 6 (1)(b) GDPR, as it is necessary for the performance of the contract, namely the delivery of the ordered goods.

    As part of shipping processing, your data will be passed on to commissioned shipping service providers insofar as this is necessary for delivery. These service providers are contractually obliged to treat your data confidentially and to use it only in the context of providing their services.

    After completion of shipping and fulfillment of the contractual relationship, your shipping data will be stored in accordance with statutory retention periods and subsequently deleted, provided there are no further legal obligations to retain it.


    24. Credit Check Prior to Contract Conclusion
    To ensure customers’ ability to pay, credit checks may be carried out under certain circumstances before a contract is concluded. These checks serve to minimize the risk of payment defaults and to ensure a secure business relationship.

    In the course of the credit check, personal data such as name, address, date of birth, and contact details may be transmitted to specialized credit agencies. These agencies use the data to determine creditworthiness and provide the relevant information. The credit check is carried out solely for the purpose of assessing credit risk and deciding on the establishment, execution, or termination of a contractual relationship.

    The processing of personal data for the credit check is based on Art. 6 (1)(b) GDPR, as it is necessary for pre-contractual measures taken at your request. Processing is also carried out on the basis of Art. 6 (1)(f) GDPR to safeguard legitimate interests, namely protection against payment defaults and ensuring contract fulfillment.

    If the credit check yields a negative result, the controller reserves the right to refuse to conclude the contract or to offer alternative payment methods. All data collected and processed in connection with the credit check are, of course, treated confidentially in accordance with applicable data protection regulations and stored only as long as necessary for the purpose of the credit check. No further transfer of data to third parties will take place unless you have expressly consented to the transfer.


    25. Third-Party Payment Services
    This website uses third-party payment services to provide you with a secure and convenient payment option. When you make a purchase via the website, your payment data (e.g., name, amount, account details, credit card number) are processed directly by the respective payment service provider for the purpose of payment processing. The contractual and data protection provisions of the respective provider apply.

    Your data are processed on the basis of Art. 6 (1)(b) GDPR for the performance of the contract as well as in the interest of a smooth, convenient, and secure payment process pursuant to Art. 6 (1)(f) GDPR. Where your consent is required for certain actions, processing is carried out on the basis of Art. 6 (1)(a) GDPR. Consent may be withdrawn at any time with effect for the future.


    Apple Pay
    You have the option to pay for your purchases via Apple Pay. Apple Pay is a payment service of Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, T23 YK84, Ireland. If you use Apple Pay, you will be redirected to Apple’s website for payment processing. Your payment information is collected and processed directly by Apple.

    Additional information on the processing of your personal data by Apple Pay can be found in the Apple Pay privacy policy at: https://www.apple.com/legal/privacy/de-ww/.


    Klarna
    You have the option to pay for your purchases via Klarna. Klarna is a payment service of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden. If you use Klarna, your payment information is collected and processed directly by Klarna.

    Additional information on the processing of your personal data by Klarna can be found in Klarna’s privacy policy at: https://www.klarna.com/de/datenschutz/.


    PayPal
    You have the option to pay for your purchases via PayPal. PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg. If you use PayPal, your payment information is collected and processed directly by PayPal.

    PayPal is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of protection for the transfer of personal data from the EU to the USA. Every company certified under the DPF undertakes to comply with these strict data protection standards. Further information on the EU-U.S. DPF can be found at: www.dataprivacyframework.gov.

    Additional information on the processing of your personal data by PayPal can be found in the PayPal privacy policy at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.


    Payment Service
    You have the option to pay for your purchases using the following payment service: Mollie BV.
    Kaizersgracht 126
    1015CW Amsterdam
    Netherlands



    26. Google Fonts
    This website uses Google Fonts. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This service enables the use of fonts provided by Google to improve the visual design of this website.

    To protect your data, Google Fonts are hosted locally on the website’s own server. As a result, no connection is established to Google’s servers, and your IP address is not transmitted to Google. Your data remains entirely on the controller’s server and is not shared with third parties.


    27. Font Awesome
    This website uses Font Awesome. Font Awesome is a service of Fonticons, Inc., 307 S. Main St., Suite 202, Bentonville, AR 72712, USA. Font Awesome provides a variety of icons and symbols used to enhance the usability and design of this website.

    The Font Awesome files are hosted locally on the website’s own server. As a result, no connection is established to the servers of Fonticons, Inc., and no transmission of your IP address to Fonticons, Inc. takes place.


    28. External Videos
    This website embeds external videos to provide you with multimedia content and an interactive user experience. These embeddings are provided by third-party providers that may process personal data when you use their services.

    Your data is processed on the basis of Art. 6 (1)(b) GDPR for the performance of the contract, in particular for providing the videos and related services, and in the legitimate interest of providing a smooth, convenient, and secure user experience pursuant to Art. 6 (1)(f) GDPR. Where your consent is required for certain actions, data processing is carried out on the basis of Art. 6 (1)(a) GDPR. Consent may be withdrawn at any time with effect for the future.


    YouTube
    YouTube is used to embed videos on this website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page containing YouTube videos, a connection to YouTube’s servers is established. Information about your use of this website, including your IP address, is transmitted to YouTube and stored there.

    Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of protection for the transfer of personal data from the EU to the USA. Further information on the EU-U.S. DPF can be found at: https://www.dataprivacyframework.gov.

    Further information on the processing of your personal data by YouTube can be found in YouTube’s privacy policy: https://policies.google.com/privacy.


    29. Captcha Service
    This website uses a captcha service to ensure the security of online forms and to verify that they are only filled out by real users and not by bots. This service is provided by a third-party provider that may process personal data when you use their service.

    Your data is processed on the basis of Art. 6 (1)(b) GDPR for the performance of the contract, in particular to ensure the security of online forms, and in the legitimate interest of providing a secure user experience pursuant to Art. 6 (1)(f) GDPR. Where your consent is required for certain actions, data processing is carried out on the basis of Art. 6 (1)(a) GDPR. Consent may be withdrawn at any time with effect for the future.

    Below you will find detailed information on the captcha service:


    Google reCAPTCHA
    Google reCAPTCHA is used to ensure that form entries come from real users. Google reCAPTCHA is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page with embedded Google reCAPTCHA, a connection to Google’s servers is established. Personal data such as your IP address and your interactions with the captcha may be transmitted to Google.

    Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of protection for the transfer of personal data from the EU to the USA. Further information on the EU-U.S. DPF can be found at: https://www.dataprivacyframework.gov.

    Further information on the processing of your personal data by Google reCAPTCHA can be found in Google’s privacy policy: https://policies.google.com/privacy.

    I am already a customer.
    Login for registered customers
    Forgot password
    Log in
    Are you a new customer?
    User registration type
    Register now! Register now!

    Add product directly to the cart:

    You can search by item no. or EAN/GTIN to quickly add the product to the cart.

    Service & Help
    Service & Hilfe
    Customer Service & Support

    We help and advise you on all questions

     Contact
     Payment Methods
     Shipping costs
     Imprint
     AGB
    Contact
      Lohrheidestr. 58
    44866 Bochum
      Tel: (02327) 3741
      WhatsApp Chat
      Email: info@heiku.de
      Mo-Fr: 9:00 - 17:00 Uhr
      Sa: 10:00 - 13:00 Uhr