HeiQ Group Privacy Notice
as of Aug 24, 2021
This Privacy Notice gives you an overview of how HeiQ processes your data. It applies to all websites and other services offered by HeiQ.
This Privacy Notice is generally based on the EU General Data Protection Regulation (“GDPR”) and the Swiss Federal Data Protection Act. However, the data protection information and rights stated hereafter are generally relevant also under the data protection laws of other countries.
If you have any questions regarding this Privacy Notice or data protection at HeiQ or if you want to exercise your data protection rights, you can reach out to our Data Protection Officer (DPO) by contacting us through our Service Desk at https://heiq.atlassian.net/servicedesk. You can also request data access or data deletion, or to exercise other data protection rights.
Which data does HeiQ process?
HeiQ offers you various services, which you can also use in different ways. Depending on whether you contact us online, by phone or otherwise and on which services you use, various data from different sources may come into play. Much of the data we process is provided by yourself when you use our services or contact us. For example, we collect personal data over our Shopify-Webshops, our website, our Service Desk (Jira/Atlassian), our contact forms or our newsletter registration. We do, however, also receive technical device and access data which is automatically collected when you interact with our services. We collect further data using data analyses. We may also receive data relating to you from third parties, for example from payment service providers.
We may process the following personal data:
- Profile data: your first and last name, your contract details (e.g. telephone number, e-mail address), demographic information such as your gender, age and place of residence.
- Shopping information: Order number, details on the purchased items, payment method information, delivery and billing addresses, messages and communication relating to purchases (e.g. notice of revocation, complaints and messages to customer service), delivery and payment status, information on service providers involved in executing the contract.
- Payment details: preferred payment method (i.e. credit card or debit card, PayPal, Twint, Apple Pay), billing addresses; credit or debit card, PayPal, Twint, ApplePay details. Please visit the privacy policies of our partner services providers if you have questions regarding their privacy practices.
- Social network data: HeiQ maintains profile pages on various social networks. Also, HeiQ may incorporate social networking features. These may be messenger services and so-called social plug-ins or social logins such as “Sign in with Facebook”. If you are in direct contact with us through our social media profiles or if you use social networking features integrated into our services and you are a member of the respective social network, we may receive data from the social network operator that allows us to identify you (e.g. your public profile information stored on the respective social network).
- Site data: For particular purposes, we collect data on your device’s current location when you use our services or visit our website. This allows us to direct the customer to the correct country webshop or website. The procedure (so-called geolocalization) may also be used by us to identify fraud and suspicious orders.
- Device and access data: When using online and mobile services, it is inevitable that technical data will be generated and processed to provide the features and content offered and to display them on your device. “Device and Access Data” are created whenever online and mobile services are used. Device and Access Data are therefore created, for example, when using websites, apps, email newsletters. HeiQ collects Device and Access Data for online services offered. Device and Access Data includes the following categories: general device information (e.g. information on the device type), identification data (e.g. cookie IDs), access data automatically transmitted by apps and web browsers.
What does HeiQ use my data for?
HeiQ processes your data in accordance with all applicable data protection laws. We therefore generally only process your data for the purposes explained to you in this Privacy Notice or shared when we collect the data. We also use your data within the framework of applicable data protection law for other purposes such as product development, market research and optimization of business processes. We are generally entitled to use your data based on customer contracts and in some cases based on consent.
We may use your data for the following:
- Purchase processing, online services: We process your data to the extent necessary to fulfil contracts and provide and execute further services requested by you, as described in this Privacy Notice.
- Transfer of data to service providers: We provide fulfilment companies with necessary data (e.g. name, address, telephone number, email and possibly company name) for shipping processing. We may transfer data on outstanding debts to collection service providers.
- Advertising, market research, data analysis: We may use your data, within the framework of data analysis and to the extent permitted, for advertising and market research. We may place geo-targeted ads (possibly on social media).
- Product and technology development: We may use your data for product and technology development.
- Business management and business optimization: We transmit and process your data where necessary for administrative and logistical processes and to optimize business processes within the group in order to design these processes in a more efficient and legally secure way.
- On the basis of your consent: If you have given us your consent for the processing of personal data, your consent is the primary basis of our data processing. You may revoke your consent at any time. We may ask you for your consent for example in the following context: subscription of a newsletter, transmission of your data to third parties (controller-to-controller) or to a country outside the EU and Switzerland, marketing of new products, participation in market research studies, processing of particularly sensitive data.
HeiQ currently uses Google Analytics on its websites. This application is a third-party service which allows HeiQ to measure and analyze the use of its website. Google Analytics is operated by Google Inc. in the U.S. (www.google.com). The service provider uses permanent cookies for this application. HeiQ will not disclose any personal data to the service provider (who will also not save any IP addresses). The service provider may, however, monitor the use of the Website by the user and combine this data with data from other websites monitored by the same service provider which the user has visited and the service provider may use these findings for its own benefits (e.g. control of advertisement). The service provider knows the identity of the user who has registered with the service provider. In this case the processing of personal data will be the service provider’s responsibility and data shall be processed pursuant to data protection and privacy laws and according to the data protection policies of the service provider (see policies.google.com/privacy). The service provider will provide data on the use of the website to HeiQ.
Information on websites
We use your data to provide access to the HeiQ websites. Along with the device and access data collected whenever you use these services, the type of data processed as well as the processing purposes depend on how you use the functions and services provided. We also use the data collected when you use our services to find out how our online offering is used.
The following types of data are collected:
- Device and access data: Whenever you access our services and databases, we collect device and access data and record it in so-called server log files.
- Login: We may set up password-protected personal access for users who register for a customer account or another service.
- Social plug-ins: Our services may contain social plug-ins (“plug-ins”) from various social networks. These plug-ins allow you, for example, to share content or recommend products. The plug-ins are deactivated as standard and therefore do not send any data. You can activate the plug-ins by clicking on the corresponding button. The plug-ins can also be deactivated again with a click.
(1) Necessary cookies: These cookies are required for optimal navigation and operation of the website;
(2) Statistical cookies: These cookies collect device and access data to analyze the use of our website, such as which areas of the website are used how, how fast content is loaded and whether errors occur. These cookies only contain anonymous or pseudonymous information and are only used to improve our website and to find out what our users are interested in. Statistical cookies can be blocked without adversely affecting the navigation and operation of the website.
(3) Personalization cookies: These cookies allow users to access web services with certain predefined elements, established through a series of criteria on the user’s computer. Based on these cookies we can show you personalized content that fits your preferences. Personalization cookies can be blocked without adversely affecting the navigation and operation of the website.
(4) Marketing cookies (“tracking cookies”): These cookies contain identifiers and collect device and access data in order to adapt personalized advertising on our websites to your individual interests. Marketing cookies can be blocked without adversely affecting the navigation and operation of the website.
We offer a newsletter to our website and webshop users. You must sign up for the newsletter on our websites in order to receive our newsletter services. We use the software MailChimp and Klaviyo for our newsletter. If you no longer wish to receive emails from us, you can unsubscribe at any time and send a notification in text form (e.g. email, fax, letter) to the HeiQ company responsible for the newsletter.
If you subscribe to our newsletter, we temporarily store your IP address and save the time of your subscription and confirmation. This way we can prove that you actually subscribed and identify any unauthorized use of your email address. Your name, address, email address and (in the event of purchase) purchase amount may be provided to MailChimp and Klaviyo.
Who is my data forwarded to?
HeiQ only forwards your data to the extent allowed under applicable data protection law. We work particularly closely with certain service providers, for example with technical service providers (e.g. running computer centers) or with logistics companies (e.g. MS Direct). These service providers will generally only process your data on our behalf under special conditions. If applicable, the service providers only receive access to your data in the scope and for the time period required for the provision of the relevant service.
Your data may be forwarded to the following companies:
- HeiQ Group companies: Many systems and technologies are shared within the HeiQ Group. This allows us to offer you a more economical, secure and unified service. Therefore, companies within the HeiQ Group receive access to your data if they require such access in order to fulfil our contractual and legal obligations, or to fulfill their respective functions within the group.
- Shipping companies: We work with external shipping companies (e.g. MS Direct and Q36.5) to deliver orders. These shipping companies receive the following data to execute the relevant orders: name, address, telephone number, e-mail and possibly company name.
- Technical service providers: We work together with technical service providers (e.g. Microsoft Dynamics running CRM and ERP) in order to be able to provide our services. If they process your data outside the European Union or Switzerland, this may mean that your data is transmitted to a country with a lower data protection standard than the European Union or Switzerland. In such cases, HeiQ will ensure that the relevant service providers contractually or otherwise guarantee an equivalent data protection level.
- Payment service providers: HeiQ offers different payment options, such as payment by credit and debit card, payment by PayPal, Twint or Apple Pay. For this purpose, payment data are transferred to the payment service providers we work with.
- Social media networks: As part of advertising campaigns we may forward data to social network providers to the extent permitted under applicable data protection law.
- Authorities and other third parties: If we are obliged by law (e.g. court decision) we will forward your data to prosecution authorities or other third parties to the extent necessary.
Which data protection rights do I have?
You have various legal data protection rights under applicable data protection law. In particular, the GDPR provides for the following rights: Right to information (Article 15 GDPR), right to deletion (Article 17 GDPR), right to correction (Article 16 GDPR), right to restriction of processing (Article 18 GDPR), right to data portability (Article 20 GDPR), right to lodge a complaint with the competent supervisory authority (Article 77 GDPR), right to withdraw consent (Article 7 (3) GDPR) as well as the right to object to particular data processing measures (Article 21 GDPR).
The data protection rights in countries outside the EU/EEA or Switzerland may possibly be less extensive. Reference is made to the data protection law of the relevant country.
When will my data be deleted?
We will store your personal data as long as it is necessary for the purposes stated in this Privacy Notice. We may also store your data for other purposes to the extent permitted under applicable data protection law, for example for our defense against legal claims.
If you close your customer account, we will generally delete all your data we have stored. If it is not possible or necessary to completely delete your data for legal reasons, the relevant data will be appropriately blocked for further processing.
How does HeiQ protect my data?
We use technical and organizational measures to secure our website and other systems against loss, destruction, access, change or dissemination by unauthorized persons. HeiQ transmits your personal data securely using encryption. This applies to your order and your customer login.
Every website (including online-shops) and every presence on social media has a controller within the HeiQ Group with respect to the collecting of personal data according to applicable data protection law. Unless provided otherwise on the website, HeiQ Materials AG, Ruetistrasse 12, 8952 Schlieren (Zurich), Switzerland is the controller for the Shopify-Webshops (https://ch.heiq.com/ and https://us.heiq.com/ and https://eu.heiq.com/) the WordPress Website (global) (https://heiq.com/), the newsletter and the Service-Desk (https://heiq.atlassian.net/servicedesk/customer/portals).
Should a HeiQ company or affiliate disclose personal data to another HeiQ company or affiliate for specific purposes, the transferring company or affiliate is the controller.
Competent supervisory authority
The data protection supervisory authority in Switzerland is: Office of the Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Berne, Switzerland.
The EU/EEA Member States each have a data protection supervisory authority. The same generally applies to other countries.
Changes to this Privacy Notice
Any further development of our websites and the implementation of new technologies to improve our services may require changes to this Privacy Notice. We therefore recommend that you read this Privacy Notice again from time to time.