Data Privacy

Data protection is a subject of special importance for Heraeus: We process your personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures.

Privacy Policy

United States Privacy Policy

The topic of data protection is very important to Heraeus. We process personal data exclusively in compliance with legal requirements and in accordance with appropriate technical and organizational data security measures. Please be sure to read this privacy policy before using this website. If you do not agree with Heraeus practices described in this privacy policy, your ultimate choice is not to use this website. By providing Consent (defined herein) or otherwise using any part of this website, you accept and agree to the Heraeus privacy practic es. Please see Section 6 below regarding changes to this privacy policy. Please check this area periodically for updates to this privacy policy.

1 General information

1.1 Objective and responsibility

(1) The purpose of this privacy policy is to inform you about the nature, scope and purpose of personal data processing on our internet website and the associated sites, functionalities and content (hereinafter collectively referred to as “website”). The privacy policy applies irrespective of the domains, systems, platforms and devices (e.g., desktop or mobile) on which the website is made available. Unless otherwise stated therein, this privacy policy does not apply to the Heraeus e-commerce webshops. There is a separate privacy statement for the Heraeus webshops, which can be found on the corresponding websites.

(2) The provider of the website and legally responsible party for it under privacy law is Heraeus Holding GmbH, Heraeusstraße 12-14, 63450 Hanau, Germany (hereafter referred to as the “provider”, “we” or “us”). For further details as well as how to contact us, please see the  imprint on our website.

(3) The website represents all legal entities of the Heraeus Group. For further details on the individual Heraeus entities please refer to the “Imprint” on the respective sub-sites.

(4) Our data protection officer can be reached via the following email address: dataprotection@heraeus.com.

(5) The term “user” includes all customers and their employees as well as visitors to our website.

(6) The products and services of Heraeus are intended exclusively for companies. Heraeus' websites, including its advertising and any business contact forms on Heraeus' websites, are not directed at children and adolescents (persons under 18 years of age). Persons under 18 years of age are not authorized to fill in and submit these contact forms to Heraeus. Except as stated below, does not knowingly collect personal information from persons under 18 years of age. Heraeus will only request data from persons under 18 years of age if such persons apply for a job, an apprenticeship or a student internship at Heraeus in a Heraeus application portal which is set up separately for such persons. The requested data is used exclusively for the purpose of the application process. They will not be used for any other purpose and will be deleted after the application procedure has been completed in accordance with the requirements of data protection law.

1.2 Legal basis

We collect and process personal data on the following legal basis:

a. Consent in accordance with Art. 6(1)(a) of the General Data Protection Regulation (GDPR). Consent is a statement of intent, freely given in a specific instance in an informed and unambiguous manner in the form of a declaration or another unequivocal affirmative act, where the data subjects make it clear that they consent to the processing of their personal data.

b. Necessity for the performance of a contract or in order to take steps prior to entering into a contract in accordance with Art. 6(1)(b) GDPR, i.e., the data is necessary for us to carry out our contractual obligations to users or we need the data in order to prepare a contract with users.

c. Processing for compliance with a legal obligation in accordance with Art. 6(1)(c) GDPR, i.e., the data processing is required on the basis of a law or some other requirement.

d. Processing to safeguard legitimate interests in accordance with Art. 6(1)(f) GDPR, i.e., the processing is necessary to safeguard our legitimate interests or those of a third party, provided the interests do not outweigh the fundamental rights and freedoms of users who require the protection of personal data.

1.3 Data subject rights

(1) Right to information: In accordance with Art. 15 GDPR, users can request confirmation of whether their data is being processed. If this is the case, users have the right to information regarding the information at no charge.

(2) Right to revoke consent: If personal data is processed on the basis of consent, users have the right to revoke this consent at any time in accordance with Art. 7 GDPR.

(3) Right to object: If processing the personal data is necessary to safeguard the legitimate interests of our company, users can object to the processing at any time in accordance with Art. 21 GDPR.

(4) Right to erasure: If users have revoked their consent, objected to the processing of their personal data (and there are no overriding legitimate reasons for the processing), their personal data is no longer necessary for the original purpose of the processing, there is a corresponding legal obligation or personal data has been processed unlawfully, users have the right to request the deletion of their personal data in accordance with Art. 17 GDPR.

(5) Right to rectification: If personal data has been processed while incorrect, users have the right, to request that this data be corrected immediately in accordance with Art. 16 GDPR.

(6) Right to restriction of processing: Under the provisions of Art. 18 GDPR, users have the right to demand that the processing of their personal data be restricted.

(7) Right to data portability: In accordance with Art. 20 GDPR, users have the right to receive the personal data they provided in a structured, commonly used and machine-readable format.

(8) Right to file a complaint: In accordance with Art. 77 GDPR, users have the right lodge a complaint with the responsible supervisory authorities.

1.4 Deletion of data

(1) The data that we store is erased as soon as it is no longer required for the purpose for which is was collected and provided that its erasure does not breach any statutory storage requirements . We review whether the data is still required every two years.

(2) If the user data is not erased because it is required for other legally permissible purposes, its processing is restricted. This means that the data is blocked and is not processed for other purposes. This applies, for example, to user data which must be retained for reasons relating to commercial or tax law.

1.5 Security measures

(1) We have in place state-of-the-art organizational and technical security measures to ensure compliance with relevant legal provisions and to protect personal data against accidental or intentional manipulation, loss, destruction and unauthorized access.

(2) Our security measures include, in particular, the encryption of data for transmission between the user’s browser and our server.

1.6 Transfer of data to third parties and third-party providers

(1) Heraeus transfers data to third parties exclusively in accordance with legal provisions. We only transfer user data to third parties if necessary (for example, for accounting purposes) or for other purposes necessary to meet our contractual obligations to users or legal requirements.

(2) Where we use sub-contractors to provide our services, we will take appropriate legal precautions and technical and organizational measures to protect personal data in accordance with applicable legal provisions.

(3) If, within the scope of this privacy policy, we use content, tools or resources of other providers (hereinafter collectively referred to as “third-party providers“) whose registered office is in a third country, it must be assumed that data are transferred to such third countries.

(4) Third countries are countries where the GDPR does not apply directly, i.e., in principle, all countries outside the EU or the European Economic Area. Data may only be transferred to third countries if an adequate level of data protection is ensured, if users have given their consent or if the transfer of such data is permitted by law.

1.7 External references and links

References or links ("links") to the content provided by external providers must be distinguished from the content of Heraeus' own website. By embedding a link to an external website ("hyperlinks"), Heraeus does not endorse same nor adopt such an external website or its content as its own. Should any infringement caused by the external website come to the attention of Heraeus, Heraeus will immediately delete the link. Heraeus neither assumes any responsibility for the availability of such external website nor for its content. You access and use such other web sites, including the content, items or services on those websites, solely at your own risk. With regard to Heraeus’ liability considering external references and links the provisions under the section  Disclaimer apply accordingly.

2 Cookies and reach measurement

2.1 General information

(1) Cookies are files transmitted by our web server or the web server of third parties to users’ web browsers and stored there so they can be accessed later on. Cookies are small files or other types of stored information. Users are hereby informed that cookies are used as part of pseudonymized reach measurement.

(2) More detailed information about the cookies on our website can be found on our cookie information page (see  https://www.heraeus.com/en/group/heraeus_group/cookie.html ).

(3) We only use non-essential cookies if you have given your express consent (opt-in). In addition, users who do not want to have cookies stored on their computer can deactivate the corresponding option in their system settings on their browser. Stored cookies can also be deleted in the browser’s system settings. Disabling cookies may limit the functionalities of this website.

2.2 Opt-out options

Users can opt out of the use of cookies used for reach measurement and advertising purposes via the opt-out page of the network advertising initiative (  http://optout.networkadvertising.org/ ) as well as the U.S. website (  http://www.aboutads.info/choices ) and the European website (  http://www.youronlinechoices.com/uk/your-ad-choices/ ).

3 Concrete data processing

3.1 Collection of access data

(1) When accessing our website, information is automatically transmitted from the user’s browser to us; this includes the name of the website and files that are accessed, the date and time they are accessed, the quantity of data transmitted, reports about successful access, the browser type and version, the user’s operating system, the referrer URL (the page visited prior to visiting our website), the user’s IP address and the requesting provider.

(2) The processing of this information is technically necessary and is carried out on the basis of our legitimate interests in accordance with Art. 6(1)(f) GDPR regarding the safeguarding of the security of the processing (e.g., to prevent and identify cyber-attacks).

(3) The information is automatically deleted four weeks after the end of the connection – i.e. the use of the website – provided there is no retention period that prevents this.

(4) The collection and storage of the data in log files is necessary for the provision of the website. For this reason, users may not request the deletion or correction of this data or object to its processing.

3.2 Contacting us

(1) When a user contacts us (by contact form or email) the user’s data is stored in order to process and carry out the request.

(2) The user information may be stored in our customer relationship management systems (“CRM systems”). The legal basis for the further processing of the data is the preparation of a business transaction (in accordance with Art. 6(1)(b) GDPR).

3.3 Use of cookies

(1) The legal basis for the use of cookies for the online marketing measures described below is the consent of the user in accordance with Art. 6(1)(a) GDPR.

(2) The legal basis for the use of cookies that are required for the technical functionality of the online platform is Art. 6(1)(f) GDPR. Our legitimate interest is the user-oriented and economically efficient operation of our website.

3.4 Cookie consent management

(1) We use the cookie consent management tool provided by Cookiebot, a company registered under the trade name Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot uses technologically required cookies (cookiebot cookie) to manage user consent in order to save the user’s consent to use the cookie. Cookiebot does not process any personal data whatsoever.

(2) The cookie that is stored only contains the user’s consent, which was granted when accessing the website. If the user would like to revoke this consent, the user simply deletes the cookie in the browser. If the user accesses the website again, the website will ask for the user to consent to the cookie again.

(3) We obtain the consent granted by the user so we can use cookies on all web pages in the  www.heraeus.com domain and the contact forms integrated there with the help of Microsoft’s ADX.

3.5 Google Tag Manager

If you give us your consent, we use Google Tag Manager. Google Tag Manager is a solution that allows us to use website tags via an interface (and integrate, for example, Google Analytics and other Google marketing services in our website). The tag manager itself (which implements the tags) does not process any of the user’s personal data. Regarding the processing of the user’s personal data, please note the following information about the Google services. Use policy:  https://www.google.com/intl/de/tagmanager/use-policy.html

3.6 Google Analytics

(1) If you give your consent, we use Google Analytics, a web analysis service of Google Ireland Limited (“Google”) in order to analyze and optimize our website. Google uses cookies. The information generated by the cookies about your use of this website is generally transferred to and stored on a Google server in Ireland.

(2) Google is listed in the EU-U.S. Privacy Shield; see  https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active .

(3) Google will use this information on behalf of Heraeus to evaluate your use of our website, to compile reports on website activity, and to provide other services to Heraeus that are related to the use of the website and the internet. The data retrieved in this context may be used to create pseudonymized user profiles.

(4) We only use Google Analytics with IP anonymization activated. This means that a user’s IP address will be truncated by Google within the member states of the European Union or in other states party to the Agreement of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server located in the U.S. and truncated there.

(5) The IP address transferred from the user’s browser will not be linked with other Google data. Users may prevent the storage of cookies by selecting the appropriate system settings in their browser. Users may also prevent the recording and processing by Google of data generated by cookies and data related to their use of the website by downloading and installing the browser plug-in available at:  https://tools.google.com/dlpage/gaoptout?hl=en .

(6) Users can find more information about the use of data by Google as well as settings and opt-out options on Google’s websites:  https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when using the websites or apps of our partners”),  http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”),  http://www.google.de/settings/ads (“Managing information that Google uses to show you advertising”).

3.7 Target group formation with Google Analytics

(1) We use Google Analytics to form target groups, provided you have given your consent to the use of Google Analytics, in order to show the ads that are displayed within the advertising services of Google and its affiliates only to those users who have either shown an interest in our website or who have certain characteristics (e.g., interests in certain topics or products determined from websites visited) and that we have sent to Google (so-called “remarketing” or “Google Analytics Audiences”). We use Remarketing Audiences to ensure that our ads correspond to the potential interests of users.

(2) Users can find more information about the use of data by Google as well as settings and opt-out options on Google’s websites:  https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when using the websites or apps of our partners”),  http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”),  http://www.google.de/settings/ads (“Managing information that Google uses to show you advertising”).

3.8 Google Display & Video 360

(1) If you give your consent to do so, we use the Google online marketing service “Display & Video 360” to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). Display & Video 360 differs from other services in that it shows real time advertisements based on user’s presumed interests. This allows us to show ads for and within our website in a more targeted manner so that we only show users those ads that potentially correspond to their interests. When a user is shown an ad for products that they have been viewing on other websites, this is referred to as “remarketing”. For these purposes, upon accessing our websites and other websites on which the Google Advertising Network is active, Google will immediately run a code and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") will be incorporated into the website. With their help, an individual cookie, i.e. a small file, will be saved on the user’s device (comparable technologies may also be used instead of cookies). This file keeps a record of which websites the user has visited, what content the user is interested in and what offers the user has clicked on, as well as technical information about the browser and operating system, websites that have referred the user, access duration, and other information regarding the use of our website.

(2) The user's IP address is also recorded. It is truncated within Member States of the European Union or in other States which are party to the Agreement on the European Economic Area. It is only transmitted in full to a Google server in the U.S. and truncated there in exceptional cases. The above information may also be linked with such information from other sources by Google. If the user subsequently visits other websites, they may be shown advertisements tailored to their presumed interests on the basis of their user profile.

(3) The user's data is processed pseudonymously within the Google Advertising Network. This means that Google does not store and process, for example, the user’s name or email address but instead processes the relevant data using cookies within the pseudonymous user profile. In other words, from the perspective of Google, the ads are not managed and displayed for a person who is concretely identifiable, but rather for the person with the cookie, irrespective of who this person is. This does not apply if a user has expressly permitted Google to process the data without pseudonymization. The information about the user collected by Google Marketing Services is transmitted to Google and stored on Google servers in the U.S.

(4) Users can find more information about the use of data by Google as well as setting and opt-out options in Google’s privacy policy (  https://policies.google.com/technologies/ads ) as well as the settings for showing ads by Google (  https://adssettings.google.com/authenticated ).

3.9 Google (re)marketing services

(1) If you have given us your consent to do so, we use the marketing and remarketing services (“Google marketing services”) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

(2) Google is listed in the EU-U.S. Privacy Shield; see  https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active .

(3) For the purposes of the Google Marketing Services, user data is pseudonymized for processing. This means that Google does not store and process, for example, the user’s name or email address but instead processes the relevant data using cookies within the pseudonymous user profile. In other words, from the perspective of Google, the ads are not managed and displayed for a person who is concretely identifiable, but rather for the person with the cookie, irrespective of who this person is. This does not apply if a user has expressly permitted Google to process the data without pseudonymization. The information about the user collected by Google Marketing Services is transmitted to Google and stored on Google servers in the U.S.

(4) The Google marketing services we use include the “Google AdWords” online advertising program, among others. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. This ensures that cookies cannot be tracked across websites of AdWords customers. The information collected with the help of the cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers receive information about the total number of users who have clicked on their ad and were forwarded to a page with a conversion tracking tag. However, they do not receive any information allowing them to identify individual users.

(5) We can show third-party ads using Google’s Display & Video 360 marketing service. Display & Video 360 uses cookies that allow Google and its partner websites to show ads based on user visits to this website and other websites on the internet.

(6) Users can learn more about the use of data by Google for marketing purposes on the overview site at:  https://www.google.com/policies/technologies/ads ; the Google privacy policy can be accessed at:  https://www.google.com/policies/privacy .

(7) Users who would like to opt out of personalized advertisements from Google marketing services can do so with the opt-options provided by Google:  http://www.google.com/ads/preferences .

3.10 Google reCAPTCHA

(1) On this website, we use the reCAPTCHA function provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is mainly used to differentiate between entries made by a natural person and abuse via machine or automated processing.

(2) The service involves the transmission of the user’s IP address and other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in identifying individual responsibility on the internet and avoiding abuse and spam. Within the framework of the use of Google reCAPTCHA, personal data may be transmitted to Google LLC servers in the U.S.

(3) In the event personal data is transmitted to Google LLC, headquartered in the U.S., Google has been certified by the EU-U.S. Privacy Shield, which ensures compliance with the applicable level of protection in the EU. The current certificate can be viewed here:  https://www.privacyshield.gov/list

(4) Further information about Google reCAPTCHA as well as Google’s privacy policy is available here:  https://www.google.com/intl/de/policies/privacy/

3.11 LinkedIn (re)marketing services

(1) Functions and content from LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”), may be incorporated within our website. This may include, for example, content such as images, videos, or text and buttons that allow users to share content from this website within LinkedIn if they have a LinkedIn account. By clicking on the integrated LinkedIn button you consent to the LinkedIn terms of use and will be forwarded to that website.

(2) We use LinkedIn to show the advertisements displayed within LinkedIn advertising services and its affiliates only to those users who have also shown an interest in our website or who have certain characteristics (e.g. interests in specific themes or products that are determined from the websites visited), which we submit to LinkedIn (so-called "remarketing"). We use LinkedIn to ensure that our ads correspond to the potential interests of users.

(3) If users are members of the LinkedIn platform, LinkedIn can assign the content and functions that have been accessed to the user’s profile.

(4) LinkedIn is listed in the EU-U.S. Privacy Shield; see  https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active .

(5) Further information about LinkedIn is available in its privacy policy at  https://www.linkedin.com/legal/privacy-policy .

(6) Users who would like to opt out of personalized advertising by LinkedIn marketing services can take advantage of the setting and opt-out options provided by LinkedIn:  https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

3.12 Newsletter mailing by Inxmail

(1) Newsletter content: We send newsletters, invitations and white papers by email (hereafter referred to as “newsletters”) only with the consent of the recipient or if we are legally permitted to do so. If the content of the newsletter is described in detail in the subscription process, the user’s consent is authoritative.

(2) Email marketing service provider: Newsletters are sent by Inxmail GmbH, Wentzingstr. 17, 79106 Freiburg, Germany (hereafter referred to as “email marketing service provider”). The privacy policy of our email marketing service provider can be found here:  https://www.inxmail.com/data-conditions .

(3) According to information provided by the email marketing service provider, the email marketing service provider may also use these data in pseudonymized form, i.e., without linking the data to a specific user, to optimize or improve its own services, e.g., for the technical optimization of the mailing and the presentation of the newsletter or for statistical purposes, i.e., for the statistical analysis of the location of recipients. However, the email marketing service provider will not use the data of our newsletter recipients to contact them directly and will not disclose the newsletter recipients' data to third parties.

(4) Statistical collection and analyses - The newsletters contain a so-called “web beacon”, i.e., a single-pixel file which is retrieved from the email marketing service provider’s server when the newsletter is opened. When the newsletter is opened, technical information is collected from the user, such as information about the user’s browser and system as well as the user’s IP address and the date and time of the retrieval. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading habits, the place where the newsletter is opened (which can be determined by using the IP address), or the date and time when the newsletter is opened. The statistical information collected also includes whether the newsletter was opened, when it was opened and which links the user clicked on. While this information can technically be attributed to individual newsletter recipients, the analysis of personal data has been deactivated and information about newsletter recipients is only analyzed in the aggregate.

(5) The use of the email marketing service provider, the collection and analysis of statistical information and the logging of the subscription procedure are carried out on the basis of your consent. We are interested in a user-friendly and secure newsletter system that both serves our business interests and also meets the expectations of users.

(6) Double opt-in and recording of data: Subscribing to our newsletter is subject to a so-called double opt-in process. This means that after subscribing to our newsletter users receive an email in which they are asked to confirm their subscription. Such confirmation is necessary to ensure that people do not subscribe using someone else’s email address. The newsletter subscription is logged so the subscription process can be verified in accordance with legal requirements. This includes recording the date and time of the subscription and the confirmation as well as the IP address. The changes to the user data saved by the email marketing service provider are also logged.

(7) Unsubscribe: Users can unsubscribe from the newsletter at any time, i.e., they can revoke their consent to receive it. There is an unsubscribe link at the end of each newsletter. The personal data of users that has been processed in connection with the mailing of the newsletter will be deleted after the user unsubscribes.

3.13 Microsoft Dynamics 365 Cloud for Marketing

(1) We use the Microsoft Dynamics 365 Cloud for Marketing automation system provided by Microsoft Corporation (Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany) – hereafter referred to as “Microsoft” – to carry out marketing campaigns, for analysis purposes and for target group-specific contact with customers and potential customers. The data is processed within the European Union.

(2) In particular, we use the system to send email communications (e.g., in connection with the provision of downloads), for event management (e.g., to manage event participants) and to provide landing pages and contact forms.

(3) The use of Microsoft and the system, the collection and analysis of statistics and the logging of the registration procedure for communication by email are carried out on the basis of your consent to receive email communication via Microsoft Dynamics 365 Cloud for Marketing. We are interested in a user-friendly and secure system that both serves our business interests and also meets the expectations of users.

(4) System components integrated in our website (e.g., forms) use so-called “cookies” that are stored on the user’s computer and enable us to analyze the use of the website. In particular, the following information is collected: client ID, geographical location, browser type, duration of the visit and pages accessed.

(5) Pseudonymized email tracking: The statistical information collected also includes whether the newsletter was opened, when it was opened and which links the user clicked on. While this information can technically be attributed to individual newsletter recipients, the analysis of personal data has been deactivated and information about newsletter recipients is only analyzed pseudonymously and cannot be decrypted and attributed to individual users.

(6) Double opt-in and recording of data: Subscribing to our newsletter is subject to a so-called double opt-in process. This means that after subscribing for our newsletter users receive an email in which they are asked to confirm their subscription. Such confirmation is necessary to ensure that people do not subscribe using someone else’s email address. The newsletter subscription is logged so the subscription process can be verified in accordance with legal requirements. This includes recording the date and time of the subscription and the confirmation as well as the IP address. The changes to the user data saved by the email marketing service provider are also logged.

(7) Unsubscribe: Users can unsubscribe from the newsletter at any time, i.e., they can revoke their consent to receive it. There is an unsubscribe link at the end of each newsletter. The personal data of users that has been processed in connection with the mailing of the newsletter will be deleted after the user unsubscribes.

(8) Further data privacy information can be found in the Microsoft privacy policy at  https://privacy.microsoft.com/en-US/privacystatement .

(9) Further information about the use of cookies in connection with the system can be found at  https://docs.microsoft.com/en-US/dynamics365/marketing/cookies .

4 CRM systems

4.1 Microsoft Dynamics 365

(1) We use the Microsoft Dynamics 365 CRM system at some Heraeus locations. The data is processed in Heraeus Group data centers by Heraeus Infosystems GmbH (hereafter referred to as “HSY ”).

(2) HSY uses the data of users solely for the technical processing of requests, and it does not transmit the data to third parties.

(3) In particular, we use the system to manage customers and prospective customers (leads) and to process user requests faster and more efficiently. The use of the system is based on our legitimate interest in accordance with Art. 6(1)(f) GDPR.

4.2 Microsoft Dynamics 365 Cloud

(1) At some Heraeus locations, we use the Microsoft Dynamics 365 Cloud CRM system from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, United States) – hereafter referred to as Microsoft – as a cloud service, i.e., the data is processed at Microsoft data centers.

(2) Microsoft is listed in the EU-U.S. Privacy Shield; see  https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active .

(3) Microsoft uses the data of users solely for the technical processing of requests and it does not disclose the data to third parties.

(4) In particular, we use the system to manage customers and prospective customers (leads) and to process user requests faster and more efficiently. The use of the system is based on our legitimate interest in accordance with Art. 6(1)(f) GDPR.

(5) Further data privacy information can be found in the Microsoft privacy policy at  https://privacy.microsoft.com/en-US/privacystatement .

4.3 Salesforce

(1) At some Heraeus locations, we use the Salesforce CRM system from Salesforce.com Germany GmbH (Erika-Mann-Str. 31, 80636 Munich, Germany) – hereafter referred to as “Salesforce” – as a cloud service, i.e., the data is processed at Salesforce data centers. Salesforce stores personal data mainly in the U.S.

(2) Salesforce is listed in the EU-U.S. Privacy Shield; see  https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active .

(3) Salesforce only uses user data for the technical processing of requests.

(4) In particular, we use the system to manage customers and prospective customers (leads) and to process user requests faster and more efficiently. The use of the system is based on our legitimate interest in accordance with Art. 6(1)(f) GDPR.

(5) Further data privacy information can be found in the Salesforce privacy policy at  https://www.salesforce.com/company/privacy/

5 Online presence in social media

(1) We maintain a presence in social networks and platforms in order to be able to communicate with active customers , interested parties and users who are active there and to provide information to users there about our services.

(2) Please note that user data may be processed outside of the European Union and Switzerland. This may imply risks for users because, for example, it could be more difficult to enforce user rights. Please note that U.S. providers that are listed EU-U.S. Privacy Shield are thereby making a commitment to comply with the data protection standards of the EU and the Swiss Confederation.

(3) In addition, user data is generally processed for market research and advertising purposes. For example, user behavior and the resulting information about the user’s interests can be used to create user profiles. The user profiles can, in turn, be used to place advertisements, for example, within and outside of platforms that are supposedly in line with user interests. For these purposes, cookies that record the user’s behavior and interests are generally stored on the user’s computer. In addition, data can also be stored in the user profiles separately from the users' devices (in particular if the users are members of the relevant platforms and are logged in to them).

(4) The personal data of users is processed on the basis of our legitimate interests in providing effecting information to users and communicating with users. If the users are asked to consent to data processing by the respective providers (i.e., give their consent, for example, by clicking a check box or pressing a button), the legal basis of the processing is consent.

(5) For a detailed overview of the processing and opt-out options discussed in this paragraph, see the information from the provider in the following link:

(6) Note that users seeking information or attempting to assert user rights would best be served by contacting the relevant provider(s) directly. Only the providers have access to the user’s data and can take the corresponding measures and provide information. Users can contact us if they still require assistance.

6. Webinars

(1) A webinar is comparable to a face-to-face seminar and takes place on the internet with computer / software support.

(2) Heraeus uses the GoToWebinar software from LogMeIn Ireland Limited to process customer webinars (processor). As part of the registration on the infrastructure of LogMeIn (Bloodstone Building Block C70 Sir John Rogerson’s Quay Dublin 2, Ireland), personal data is collected / stored.

(3) The legal basis for data processing is Art. 6 Para. 1 lit. f General data protection regulation. The processing of the data by LogMeIn (as a processor) is based on Article 28 General Data Protection Regulation. The data is processed within the legally permissible framework in Germany, the European Union and the USA.An appropriate level of protection has been established for data processing in the USA through agreement of the EU standard contractual clauses. Please also note the data protection compliance of LogMeIn:  https://www.logmeininc.com/gdpr/gdpr-compliance and their privacy policy including regulations according to the California Privacy Rights Act:  https://www.logmeininc.com/legal/privacy

(4) For the order-related implementation of the webinar, we transmit your registration or customer data to LogMeIn, Inc. For this purpose, the following data is requested: first name, last name, company name, zip code, e-mail address, telephone (optional).

(5) The data is transferred via an encrypted SSL connection.

(6) An encrypted connection will be established between you and the organizer of the webinar.

(7) You can end the session at any time by simply closing the browser window or exiting the program or app. When your contact person ends the session, your session participation is automatically ended.

7 Changes to the privacy policy

(1) We reserve the right to change the privacy policy in order to adapt to changes in the legal situation or to changes in our services and data processing. However, this only applies to policies regarding data processing.

(2) If the consent of the user is required or if elements of the privacy policy contain components of the contract agreed the user, the changes will only be made with the user's consent.

(3) Users are requested to familiarize themselves regularly with the content of the privacy policy.

8 Privacy Notice for California Residents

(1) Heraeus’s privacy notice for California residents pursuant to the California Consumer Privacy Act of 2018, as amended, which supplements this privacy policy, can be found via this link:  California Consumer Privacy Act .

Last updated: 10/29/2020