The Heinze Gruppe GmbH thank you for visiting our website www.k-fix.com and expressing interest in our company and our products and brands. We take the protection and security of the personal data you entrust to us very seriously, and would therefore like you to feel secure and comfortable when visiting our website and using our services.
It is of particular importance to us that you know which personal data is collected when using our offers and services, and how we use this data subsequently.
Purpose of data processing
The Heinze Group is a group of leading companies in the fields of plastics technology, surface finishing, electroplating, equipment construction, tool and jig making, and engineering. We can provide a vertically integrated service unique in Europe, from our bases in Germany, the Czech Republic and Kosovo. Benefit from an interdisciplinary dynamic group working in partnership, using innovative solutions to set new standards in the automotive, telecommunications, construction, sanitary engineering, consumer goods, equipment build and engineering sectors.
Where the Heinze Gruppe GmbH or its subsidiaries process personal data, this is done for the purposes stated in this data protection policy.
Processing personal data
Accessing our website
We record and store your computer’s IP address in order to transmit the website content you have requested to your computer (e.g. text, images and files made available for download, etc.) (see Art. 6 para. 1(b) GDPR). We also process this data for to detect misuse, and for tracking. The lawful basis for this is Art. 6 para. 1(f) GDPR. Our legitimate interest in processing data is to ensure our website and its transactions function properly.
If, additionally, you provide us with personal data, we will also process that. When registering to access the STP files, for instance. The lawful basis in this respect is Art. 6 para. 1(b) GDPR. The data processed by us in this respect includes customer and employee details, as well as details of business partners, suppliers and other interested parties where these are required for the purposes stated as part of this data protection policy.
Where we process your data as described above for the purposes of receiving and processing your request appropriately (or registration as referred to above), you are contractually obliged to provide us with this information. We are unable to process your request without this information.
Where you have consented to the processing of personal data (see Article 6 para. 1(a) GDPR), you may withdraw your consent at any time without affecting the lawfulness of any processing carried out prior to withdrawal, based on that consent.
Registration is required if you wish to use our download service. You need to enter your company name, title, first and last name, address, email address and phone number for this. We will store and process all of the above information, including any contact details you provide, for processing your registration, and for any questions that may arise. Processing your data as defined above is reserved exclusively for answering and processing your request. We process the data in accordance with Art. 6 para. 1(a) GDPR, on the basis of your consent. You may withdraw this at any time (right to object).
If you send us job application documents via email, we collect and process all of the personal data you make available to us, also referred to hereafter as application data. These include the following details, among others:
- Name, first name
- Date of birth
- Phone number
- Job application documents (letter of application, CV, qualifications, certificates, possibly photographs and the like)
Your personal application data will only be collected and processed for the purpose of filling positions within our company. As a matter of principle, the data is only passed on to those in-house teams and specialist departments at the companies advertising the post which are responsible for the specific recruitment process. Your application data will not be used further or passed on to third parties without your prior express consent.
The personal application data sent to us will be deleted three months after the recruitment process is complete. By way of exception, we may also process the application documents after the date given above, if statutory requirements prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to a longer storage period.
Where we are unable to offer you a position this time, but your application profile suggests that your application may be of interest for future job postings, we will store your personal application data for 12 months. However, this will only happen if you have expressly consented to such storage and use.
The data we collect as part of your application is protected against manipulation and unauthorised access using various technical and organisational means. In particular, transfer of your application documents and the personal data contained therein is encrypted in accordance with the currently recognised state of the art.
If you are under 18, you guarantee when submitting your application that you have obtained the consent of a legal guardian to apply to our company, before using our online application portal or sending your application documents by email. You furthermore guarantee that all your information is accurate.
Passing on to third parties
Your information will basically be forwarded to the relevant subsidiaries within Heinze Gruppe GmbH for the purposes of processing. It will be processed there further, depending on the enquiry you have made.
Our service providers are under instruction as service providers/processors and are thus obliged, among other things, to process your data exclusively in accordance with our instructions and the applicable data protection regulations. In particular, they are required to keep your information strictly confidential. In addition, they are not permitted to process the data for purposes other than what is agreed. The transfer of data to processors is in accordance with Art. 28 para. 1 GDPR.
Your data is not sold or otherwise made commercially available to third parties.
Disclosure of this information is based on our legitimate interest in the fight against abuse and the prosecution of criminal offences. Also, for securing, asserting and enforcing claims where your rights and interests in protecting your personal data do not take precedence, Art. 6 para. 1(f) GDPR.
Plans to transfer data to third countries
Your data is not currently transferred to third countries, nor are there plans to do so. Should data be transferred to third parties in future, appropriate statutory requirements will be put in place. In particular, you will be notified about the relevant recipients or categories of recipients in accordance with statutory requirements.
In order to protect the data made available to us against accidental or intentional manipulation, loss, destruction or access by unauthorised parties, we employ technical and organisational security measures. We regularly review these technical and organisational security measures and their effectiveness, and continuously improve them in line with developments in technology. When entering personal data, this is transmitted using encryption.
- Basic/necessary cookies
These cookies are fundamental to the functioning of our website. For example, assigning anonymous session IDs to bundle multiple queries to a web server or for registration and ordering to function without error.
- Performance/statistics cookies
These cookies collect information about how you use our website (for example, internet browsers used, number of visits, pages viewed or time spent on the website). These cookies do not store any information which allows a visitor to be personally identified. The information collected using these cookies is pooled together and therefore anonymous.
This website uses a link to the map service Google Maps. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
This is a link, so your data will not be forwarded to the map service operator when visiting our website.
You will only leave the Heinze Gruppe GmbH website and be redirected to the Google Maps website if you click on the link.
If you click on the link and you are redirected to the website for the mapping service provider, we have no influence on the data collected and the data processing operations, and are not responsible for that data processing. In this respect, we are not responsible in such event within the meaning of the GDPR. We are not aware of the full extent of the data collection, its lawful basis, the purposes and the retention periods. Consequently, the information we provide here is not necessarily complete.
Anonymised website tracking
In order to tailor our website to the needs of our clients, visits to our website are analysed. For this we use your IP address, which we first anonymise (and possibly similar data which is exchanged between computers during normal internet use). This is done with the intention of performing analysis. This involves analysing the data, the websites visited via the Heinze Gruppe GmbH website, your browser and your computer, among other things. Cookies are also used for this. Our cookie includes a unique number solely in order to be able to identify you on our websites – but not on third party websites. Stored data is evaluated exclusively for statistical purposes. The IP address is not linked to a specific person.
Using Google Universal Analytics
Our website uses Google Universal Analytics, a web analytics service provided by Google Inc. (“Google”). Google Universal Analytics uses so-called “cookies”, text files stored on your computer allowing your use of the website to be analysed. Information generated by the cookie about your use of this website (including your IP address) is normally transmitted to a Google server in the USA and stored there.
IP anonymisation has been enabled on our website. Therefore, Google’s IP address is first shortened within European Union member states or in other contracting parties to the European Economic Area agreement. The full IP address is only transferred to a Google server in the US and shortened there in exceptional cases. Google will use this information to evaluate your use of the website on behalf of the operator of this website, to compile reports on website activity and to provide us with other services related to website and internet use. The IP-address transferred from your browser by Google Universal Analytics is not merged with other information held by Google. Storing cookies can be disabled by setting your browser software as appropriate. However, if storing cookies is disabled, you may not be able to use all the functionality of this website to the full extent. Furthermore, you can prevent Google collecting data generated by the cookie relating to your use of the website (including your IP address) and processing this data by downloading and installing the browser plugin available from the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent Google Universal Analytics collecting data by clicking on the following link. An opt-out cookie will be set to prevent your data being collected when visiting this web site in future: disable Google Analytics
Google Web Fonts
This site uses so-called web fonts for the uniform display of fonts. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. When you visit our page, your browser loads the required web fonts into your browser cache, to display texts and fonts correctly.
To do this, the browser you use needs to connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. Using Google Web Fonts is in the interests of consistent and attractive display of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1(f) GDPR.
Should your browser not support web fonts, a default font will be used by your computer.
Integration of social network plug-ins
Our website uses buttons for social networks:
- Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
- Google+, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
- Xing, XING AG, Gänsemarkt 43, 20354 Hamburg, Germany
The respective social networks are linked to by means of a button with the logo associated with the relevant social network operator. This are not the usual social media plugins, but buttons with embedded links. The respective buttons must be enabled (clicked) by clicking on them individually. If the buttons are not clicked, no data will be transferred to the social networks. The buttons only become active and establish a connection to the respective social network when these buttons are clicked and you confirm your consent to communication with the social network servers.
If the button is clicked, the button corresponds to a so-called share plugin. The social network will be supplied with information about the page visited, which you can share with your contacts in your social network. You must be logged in to the social network website in order to use the share feature. If you are not already logged in, you will be redirected to the login page for the social network you have clicked, and you will no longer be on the Heinze Gruppe GmbH website. If you are logged in, the information is sent that you wish to recommend the relevant article.
By clicking the social network button, the social network then also receives information including when and how you accessed our website, your IP address, and details of the browser used and the language settings. If you click the button, your click will be sent to the social network and used in accordance with its data usage guidelines.
Should you click the button for a social network, we have no influence on the data collected or data processing operations and are not responsible for this data processing. In this respect, we are not responsible in such event within the meaning of the GDPR. We are not aware of the full extent of the data collection, its lawful basis, the purposes and the retention periods. Consequently, the information we provide here is not necessarily complete.
As far as we know, the operator stores this data in user profiles and uses it for advertising purposes, market research and/or the needs-based design of its website. This evaluation is done in particular (including users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact the relevant operator in order to exercise this right of objection.
For the purpose and scope of data collection and the further processing and use of data by the relevant social network and your related rights and settings for protecting your privacy, please refer to the information given under the links listed for the following social network operators’ websites:
- Facebook: http://www.facebook.com/about/privacy
- Google: http://www.google.com/intl/de/policies/privacy
- Twitter: http://twitter.com/privacy
- Xing: https://www.xing.com/privacy
If you do not want the social network to receive data about you, you should not click the button.
Standard retention times for data
Other data use and data deletion
Your personal data will only be processed further where a legal provision allows this, or where you have consented to processing or using the data. If any further processing is for a purpose other than that for which the data was originally collected, you will be notified of the other purposes before processing further, and will receive further relevant information.
Detecting and tracking misuse
We retain certain information, in particular your IP address, for up to 14 days for detecting and tracking misuse. The lawful basis in this respect is Art. 6 para. 1(f) GDPR. The retention time of 14 days is based on our legitimate interest in ensuring the proper functionality of our website and the transactions undertaken there, as well as to deter cyber attacks, etc. Where necessary, we use anonymous usage information for the needs-based design of our website.
Right to be informed
You have the right to request information from us at any time free of charge about the personal data being processed concerning you, under Art. 15 GDPR. To do this, please send us a request by post or email to the addresses below.
Right to rectification
You have the right to demand that personal data concerning you, if incorrect, be rectified promptly and free of charge (Art. 16 GDPR). To do this, too, please send us a request by post or email to the addresses below.
Right to erasure
You also have the right to demand that your personal data be deleted promptly and free of charge (“right to be forgotten”) where the legal grounds exist under Art. 17 GDPR. This is the case, for example, where data is no longer required for the original purpose for which it was collected, and you have withdrawn your consent, and if no other legal basis or overriding reasons (e.g. legal obligations) apply to processing your data. If you want immediate deletion, please contact us by post or email at the addresses below.
Right to restrict processing
You have the right to require us to restrict processing where the conditions in accordance with Art. 18 GDPR apply, free of charge. Restriction of processing may, in particular, be required if the processing is unlawful and the data subject opposes deleting the personal data and instead requests restrictions on the use of the personal data. Furthermore, restriction of processing may be required where the data subject has objected to processing in accordance with Art. 21 para. 1 GDPR, and it is not yet certain whether our legitimate reasons for processing outweigh your grounds for objection. To request restriction of processing, please contact us by post or email at the addresses below.
Right to data portability
You also have the right to data portability under Art. 20 GDPR. This is your right to obtain any data at our disposal which concerns you, in an accessible, structured and machine-readable format and to transfer this data to another responsible person, such as another service provider. This presupposes that processing is based on consent or a contract and takes place by means of automated procedures. To exercise your right, please contact us by post or email at the addresses below.
Right to object
In particular, you have the right at any time, for reasons arising from your particular situation, to lodge an objection under Art. 21 GDPR to processing personal data concerning you, which falls inter alia under Art. 6 para. 1(e) or (f) GDPR. Should you exercise your right of objection, we will cease processing your personal data, unless we can prove compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or if processing supports the assertion, exercise or defence of legal claims. To assert your right to object, please contact us by post or email at the addresses below.
Right to complain to a supervisory authority
You have the right to complain to the supervisory authority responsible for us if you believe that processing personal data concerning you is not acceptable. The contact details of the supervisory authority responsible for us are as follows:
- Nordrhein-Westfalen Regional Office for Data Protection and Freedom of Information, Kavelleriestr. 2-4,
- 40213 Düsseldorf
- Tel.: +49 (0) 211 / 38 424-0
- Fax: +49 (0) 211 / 38 424-10
- Email: firstname.lastname@example.org
References and links
Third party service providers may have different and separate terms for dealing with the collection, processing and use of personal information. It is therefore recommended to check third-party websites regarding their policy for handling personal data, before entering personal details.
If you have any further questions regarding processing your personal data, you can contact our data protection officer directly. They are also available to you in the event of requests for information, applications or complaints:
Data protection officer
Heinze Gruppe GmbH
Data protection officer
Eupener Straße 35
Tel.: +49 (0) 521-56 05 63-40
Fax: +49 (0) 521-56 05 63-41
Contact details for the data controller
Heinze Gruppe GmbH
Managing Director: Jörg Tilmes
Eupener Straße 35
Tel.: +49 (0) 5221 186-0
Fax: +49 (0) 5221 186-111
Revised: October 2019