Privacy policy

The Heinze Gruppe GmbH thank you for visiting our website and expressing interest in our company and our products and brands. We take the protection and security of the personal data you entrust to us very seriously, and would therefore like you to feel secure and comfortable when visiting our website and using our services.

It is of particular importance to us that you know which personal data is collected when using our offers and services, and how we use this data subsequently.

Purpose of data processing

The Heinze Group is a group of leading companies in the fields of plastics technology, surface finishing, electroplating, equipment construction, tool and jig making, and engineering. We can provide a vertically integrated service unique in Europe, from our bases in Germany, the Czech Republic and Kosovo. Benefit from an interdisciplinary dynamic group working in partnership, using innovative solutions to set new standards in the automotive, telecommunications, construction, sanitary engineering, consumer goods, equipment build and engineering sectors.

Where the Heinze Gruppe GmbH or its subsidiaries process personal data, this is done for the purposes stated in this data protection policy.

Processing personal data

Accessing our website

We record and store your computer’s IP address in order to transmit the website content you have requested to your computer (e.g. text, images and files made available for download, etc.) (see Art. 6 para. 1(b) GDPR). We also process this data for to detect misuse, and for tracking. The lawful basis for this is Art. 6 para. 1(f) GDPR. Our legitimate interest in processing data is to ensure our website and its transactions function properly.

Other purposes

If, additionally, you provide us with personal data, we will also process that. When registering to access the STP files, for instance. The lawful basis in this respect is Art. 6 para. 1(b) GDPR. The data processed by us in this respect includes customer and employee details, as well as details of business partners, suppliers and other interested parties where these are required for the purposes stated as part of this data protection policy.

Where we process your data as described above for the purposes of receiving and processing your request appropriately (or registration as referred to above), you are contractually obliged to provide us with this information. We are unable to process your request without this information.

Where you have consented to the processing of personal data (see Article 6 para. 1(a) GDPR), you may withdraw your consent at any time without affecting the lawfulness of any processing carried out prior to withdrawal, based on that consent.

Download service

Registration is required if you wish to use our download service. You need to enter your company name, title, first and last name, address, email address and phone number for this. We will store and process all of the above information, including any contact details you provide, for processing your registration, and for any questions that may arise. Processing your data as defined above is reserved exclusively for answering and processing your request. We process the data in accordance with Art. 6 para. 1(a) GDPR, on the basis of your consent. You may withdraw this at any time (right to object).

Job applications

If you send us job application documents via email, we collect and process all of the personal data you make available to us, also referred to hereafter as application data. These include the following details, among others:

  • Name, first name
  • Date of birth
  • Address
  • Phone number
  • Email
  • Job application documents (letter of application, CV, qualifications, certificates, possibly photographs and the like)

Your personal application data will only be collected and processed for the purpose of filling positions within our company. As a matter of principle, the data is only passed on to those in-house teams and specialist departments at the companies advertising the post which are responsible for the specific recruitment process. Your application data will not be used further or passed on to third parties without your prior express consent.

The personal application data sent to us will be deleted three months after the recruitment process is complete. By way of exception, we may also process the application documents after the date given above, if statutory requirements prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to a longer storage period.

Where we are unable to offer you a position this time, but your application profile suggests that your application may be of interest for future job postings, we will store your personal application data for 12 months. However, this will only happen if you have expressly consented to such storage and use.

The data we collect as part of your application is protected against manipulation and unauthorised access using various technical and organisational means. In particular, transfer of your application documents and the personal data contained therein is encrypted in accordance with the currently recognised state of the art.

In submitting your application, you agree that you may be contacted and notified by post, email and/or telephone during the application process. Furthermore, in submitting your application, you confirm that you have read and understood the information contained in this privacy policy regarding processing and using your personal data. Please note that your application data will not be stored anonymously, but will be made accessible and will disclose your personal data to management and the departments responsible for filling the position in our company.

If you are under 18, you guarantee when submitting your application that you have obtained the consent of a legal guardian to apply to our company, before using our online application portal or sending your application documents by email. You furthermore guarantee that all your information is accurate.

Passing on to third parties

Your information will basically be forwarded to the relevant subsidiaries within Heinze Gruppe GmbH for the purposes of processing. It will be processed there further, depending on the enquiry you have made.

Should it be necessary for the purposes stated in this privacy policy, and for other organisations, including subsidiaries of Heinze Gruppe GmbH, to fulfil their function, your data may also be passed on to these other companies within Heinze Gruppe GmbH and other organisations and processed there.

Our service providers are under instruction as service providers/processors and are thus obliged, among other things, to process your data exclusively in accordance with our instructions and the applicable data protection regulations. In particular, they are required to keep your information strictly confidential. In addition, they are not permitted to process the data for purposes other than what is agreed. The transfer of data to processors is in accordance with Art. 28 para. 1 GDPR.

Your data is not sold or otherwise made commercially available to third parties.

Your personal data will not be disclosed without your express consent unless requested by law enforcement agencies or, where appropriate, to injured parties, where it is necessary for investigating illegal use of our services or for bringing legal action. However, transferring this data requires there to be specific suggestions of unlawful or abusive behaviour. It may also be disclosed if needed to enforce terms of use or other agreements. Furthermore, we are also required by law to provide information to certain public authorities upon request. These include law enforcement agencies, agencies pursuing penalty charges and the tax authorities.

Disclosure of this information is based on our legitimate interest in the fight against abuse and the prosecution of criminal offences. Also, for securing, asserting and enforcing claims where your rights and interests in protecting your personal data do not take precedence, Art. 6 para. 1(f) GDPR.

Plans to transfer data to third countries

Your data is not currently transferred to third countries, nor are there plans to do so. Should data be transferred to third parties in future, appropriate statutory requirements will be put in place. In particular, you will be notified about the relevant recipients or categories of recipients in accordance with statutory requirements.


In order to protect the data made available to us against accidental or intentional manipulation, loss, destruction or access by unauthorised parties, we employ technical and organisational security measures. We regularly review these technical and organisational security measures and their effectiveness, and continuously improve them in line with developments in technology. When entering personal data, this is transmitted using encryption.


We use cookies in some instances to make our website user-friendly and optimally tailored to your needs. A cookie is a small file that is stored locally on your computer when you visit a web page. If you visit the website again using the same device, the cookie shows, for instance, that it is a repeat visit. Cookies also allow us to analyse usage of our website. Cookies contain no personal information, and are not intended to identify you on third-party websites. This also applies to the websites of analytics providers. We use the following types of cookies:

  • Basic/necessary cookies
    These cookies are fundamental to the functioning of our website. For example, assigning anonymous session IDs to bundle multiple queries to a web server or for registration and ordering to function without error.
  • Performance/statistics cookies
    These cookies collect information about how you use our website (for example, internet browsers used, number of visits, pages viewed or time spent on the website). These cookies do not store any information which allows a visitor to be personally identified. The information collected using these cookies is pooled together and therefore anonymous.

You can set your web browser to accept or reject cookies – including for web tracking. You can configure your browser so that you either refuse cookies altogether, or are asked first whether you agree to a cookie being stored. This may however impair functionality of the website (for order processing, for instance). Your browser also offers the option to delete cookies (for example, using clear browsing data). More information about this can be found in the operating instructions, usually under the web browser settings menu.

Google Maps

This website uses a link to the map service Google Maps. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

This is a link, so your data will not be forwarded to the map service operator when visiting our website.

You will only leave the Heinze Gruppe GmbH website and be redirected to the Google Maps website if you click on the link.

If you click on the link and you are redirected to the website for the mapping service provider, we have no influence on the data collected and the data processing operations, and are not responsible for that data processing. In this respect, we are not responsible in such event within the meaning of the GDPR. We are not aware of the full extent of the data collection, its lawful basis, the purposes and the retention periods. Consequently, the information we provide here is not necessarily complete.

For more information about how user data is handled, please refer to the Google Privacy Policy:

Anonymised website tracking

In order to tailor our website to the needs of our clients, visits to our website are analysed. For this we use your IP address, which we first anonymise (and possibly similar data which is exchanged between computers during normal internet use). This is done with the intention of performing analysis. This involves analysing the data, the websites visited via the Heinze Gruppe GmbH website, your browser and your computer, among other things. Cookies are also used for this. Our cookie includes a unique number solely in order to be able to identify you on our websites – but not on third party websites. Stored data is evaluated exclusively for statistical purposes. The IP address is not linked to a specific person.

Using Google Universal Analytics

Our website uses Google Universal Analytics, a web analytics service provided by Google Inc. (“Google”). Google Universal Analytics uses so-called “cookies”, text files stored on your computer allowing your use of the website to be analysed. Information generated by the cookie about your use of this website (including your IP address) is normally transmitted to a Google server in the USA and stored there.

IP anonymisation has been enabled on our website. Therefore, Google’s IP address is first shortened within European Union member states or in other contracting parties to the European Economic Area agreement. The full IP address is only transferred to a Google server in the US and shortened there in exceptional cases. Google will use this information to evaluate your use of the website on behalf of the operator of this website, to compile reports on website activity and to provide us with other services related to website and internet use. The IP-address transferred from your browser by Google Universal Analytics is not merged with other information held by Google. Storing cookies can be disabled by setting your browser software as appropriate. However, if storing cookies is disabled, you may not be able to use all the functionality of this website to the full extent. Furthermore, you can prevent Google collecting data generated by the cookie relating to your use of the website (including your IP address) and processing this data by downloading and installing the browser plugin available from the following link:

You can prevent Google Universal Analytics collecting data by clicking on the following link. An opt-out cookie will be set to prevent your data being collected when visiting this web site in future: disable Google Analytics

For more information regarding Terms of Use and Privacy, please visit or visit Please note that this website uses Google Universal Analytics with the code extension “anonymizeIp” to ensure anonymous collection of IP addresses (so-called IP-Masking) and to prevent a direct personal identification.

Google Web Fonts

This site uses so-called web fonts for the uniform display of fonts. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. When you visit our page, your browser loads the required web fonts into your browser cache, to display texts and fonts correctly.
To do this, the browser you use needs to connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. Using Google Web Fonts is in the interests of consistent and attractive display of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1(f) GDPR.
Should your browser not support web fonts, a default font will be used by your computer.
More information about Google Web Fonts can be found at and in Google’s Privacy Policy:

Integration of social network plug-ins

Our website uses buttons for social networks:

  • Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
  • Google+, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
  • Xing, XING AG, Gänsemarkt 43, 20354 Hamburg, Germany

The respective social networks are linked to by means of a button with the logo associated with the relevant social network operator. This are not the usual social media plugins, but buttons with embedded links. The respective buttons must be enabled (clicked) by clicking on them individually. If the buttons are not clicked, no data will be transferred to the social networks. The buttons only become active and establish a connection to the respective social network when these buttons are clicked and you confirm your consent to communication with the social network servers.

If the button is clicked, the button corresponds to a so-called share plugin. The social network will be supplied with information about the page visited, which you can share with your contacts in your social network. You must be logged in to the social network website in order to use the share feature. If you are not already logged in, you will be redirected to the login page for the social network you have clicked, and you will no longer be on the Heinze Gruppe GmbH website. If you are logged in, the information is sent that you wish to recommend the relevant article.

By clicking the social network button, the social network then also receives information including when and how you accessed our website, your IP address, and details of the browser used and the language settings. If you click the button, your click will be sent to the social network and used in accordance with its data usage guidelines.

Should you click the button for a social network, we have no influence on the data collected or data processing operations and are not responsible for this data processing. In this respect, we are not responsible in such event within the meaning of the GDPR. We are not aware of the full extent of the data collection, its lawful basis, the purposes and the retention periods. Consequently, the information we provide here is not necessarily complete.

Data is transferred regardless of whether you actually have an account with the provider of the social network or are logged in to it. If you are logged in to the operator, your data will be immediately linked to your account. If necessary, social network operators also use cookies on your computer to track you.

As far as we know, the operator stores this data in user profiles and uses it for advertising purposes, market research and/or the needs-based design of its website. This evaluation is done in particular (including users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact the relevant operator in order to exercise this right of objection.

For the purpose and scope of data collection and the further processing and use of data by the relevant social network and your related rights and settings for protecting your privacy, please refer to the information given under the links listed for the following social network operators’ websites:

  • Facebook:
  • Google:
  • Twitter:
  • Xing:

If you do not want the social network to receive data about you, you should not click the button.

Standard retention times for data

Various statutory retention times and obligations have been defined. Data is routinely deleted upon expiry of these retention times. Should data not be subject to statutory retention times and obligations, it will be deleted and anonymised, provided the purposes stated in this privacy policy are no longer necessary. If no other, alternative provisions regarding data retention times are derived from this Privacy Policy, the data we collect will be stored for as long as necessary for the purposes for which they were collected as stated above.

Other data use and data deletion

Your personal data will only be processed further where a legal provision allows this, or where you have consented to processing or using the data. If any further processing is for a purpose other than that for which the data was originally collected, you will be notified of the other purposes before processing further, and will receive further relevant information.

Detecting and tracking misuse

We retain certain information, in particular your IP address, for up to 14 days for detecting and tracking misuse. The lawful basis in this respect is Art. 6 para. 1(f) GDPR. The retention time of 14 days is based on our legitimate interest in ensuring the proper functionality of our website and the transactions undertaken there, as well as to deter cyber attacks, etc. Where necessary, we use anonymous usage information for the needs-based design of our website.

Your rights

Right to be informed

You have the right to request information from us at any time free of charge about the personal data being processed concerning you, under Art. 15 GDPR. To do this, please send us a request by post or email to the addresses below.

Right to rectification

You have the right to demand that personal data concerning you, if incorrect, be rectified promptly and free of charge (Art. 16 GDPR). To do this, too, please send us a request by post or email to the addresses below.

Right to erasure

You also have the right to demand that your personal data be deleted promptly and free of charge (“right to be forgotten”) where the legal grounds exist under Art. 17 GDPR. This is the case, for example, where data is no longer required for the original purpose for which it was collected, and you have withdrawn your consent, and if no other legal basis or overriding reasons (e.g. legal obligations) apply to processing your data. If you want immediate deletion, please contact us by post or email at the addresses below.

Right to restrict processing

You have the right to require us to restrict processing where the conditions in accordance with Art. 18 GDPR apply, free of charge. Restriction of processing may, in particular, be required if the processing is unlawful and the data subject opposes deleting the personal data and instead requests restrictions on the use of the personal data. Furthermore, restriction of processing may be required where the data subject has objected to processing in accordance with Art. 21 para. 1 GDPR, and it is not yet certain whether our legitimate reasons for processing outweigh your grounds for objection. To request restriction of processing, please contact us by post or email at the addresses below.

Right to data portability

You also have the right to data portability under Art. 20 GDPR. This is your right to obtain any data at our disposal which concerns you, in an accessible, structured and machine-readable format and to transfer this data to another responsible person, such as another service provider. This presupposes that processing is based on consent or a contract and takes place by means of automated procedures. To exercise your right, please contact us by post or email at the addresses below.

Right to object

In particular, you have the right at any time, for reasons arising from your particular situation, to lodge an objection under Art. 21 GDPR to processing personal data concerning you, which falls inter alia under Art. 6 para. 1(e) or (f) GDPR. Should you exercise your right of objection, we will cease processing your personal data, unless we can prove compelling legitimate reasons for processing which outweigh your interests, rights and freedoms, or if processing supports the assertion, exercise or defence of legal claims. To assert your right to object, please contact us by post or email at the addresses below.

Right to complain to a supervisory authority

You have the right to complain to the supervisory authority responsible for us if you believe that processing personal data concerning you is not acceptable. The contact details of the supervisory authority responsible for us are as follows:

  • Nordrhein-Westfalen Regional Office for Data Protection and Freedom of Information, Kavelleriestr. 2-4,
  • 40213 Düsseldorf
  • Tel.: +49 (0) 211 / 38 424-0
  • Fax: +49 (0) 211 / 38 424-10
  • Email:

References and links

When visiting websites referred to in this website, you may be asked again for information such as name, address, email, browser properties, etc. This privacy policy does not cover the collection, transfer or handling of personal data by third parties.

Third party service providers may have different and separate terms for dealing with the collection, processing and use of personal information. It is therefore recommended to check third-party websites regarding their policy for handling personal data, before entering personal details.

Changes to our privacy policy

In order for this privacy policy to comply with current legal requirements at all times, or to be able to include changes to our services in the policy, we expressly reserve the right to make changes to the privacy policy if necessary. Your next visit will be subject to the updated privacy policy. We therefore ask you to check the privacy policy again when returning to our website.

If you have any further questions regarding processing your personal data, you can contact our data protection officer directly. They are also available to you in the event of requests for information, applications or complaints:

Data protection officer

Heinze Gruppe GmbH
Data protection officer
Eupener Straße 35
32051 Herford
Tel.: +49 (0) 521-56 05 63-40
Fax: +49 (0) 521-56 05 63-41

Contact details for the data controller

Heinze Gruppe GmbH
Managing Director: Jörg Tilmes
Eupener Straße 35
32051 Herford
Tel.: +49 (0) 5221 186-0
Fax: +49 (0) 5221 186-111

Revised: October 2019