Privacy Policy


We are very delighted that you have shown interest in our enterprise and our web presence www.heubachcolor.com („Website“). Data protection is of a particularly high priority for the management of the Heubach GmbH. The website is operated by Heubach GmbH ("data controller", "Heubach", "we" or "us"), and offers you as a user (hereinafter "user" or "you") an opportunity to learn about us, our products and our services. You can contact us and our partners via our contact form, by phone or e-mail.

The processing of personal data shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Heubach GmbH. The legal basis of data protection can be found in the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the Telemedia Act (TMG), and, where appropriate, in the other overriding legal provisions.

In the following, we inform you about the nature, scope and purpose of the personal data collected, used and processed by us if you visit our website, make a request via our contact form or contact us to apply for a position. This Privacy Policy explains the legal basis and purpose of doing so. We also inform you about the rights you have with regard to the use of your personal data. If you have questions about how we use your personal information, please contact us in our capacity as the data controller (contact under Section 1).

As the controller, the Heubach GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

1. General information and required information

Heubach takes the protection of your personal data very seriously. We treat your personal data as confidential and follow the statutory data protection requirements and the provisions of this Data Protection Statement. When you use this website, various forms of personal data are collected.

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data are collected and processed only insofar as this is permitted by statutory provisions, or you have consented to the respective use. Once the purpose of the data processing no longer applies, the data will be deleted unless you have agreed to further use or the erasure is prohibited under statutory retention requirements. 

Name and Address of the controller

Heubach GmbH
Heubachstraße 7
38685 Langelsheim
Phone: +49 5326 52 0; Fax: +49 5326 52 213
Email: info@heubachcolor.de

The responsible entity is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email address and the like).

Notice of protection rights

Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. If you have already given consent, you can withdraw it at any time. An informal notification by email to us suffices. The lawfulness of the data processing performed before the withdrawal remains unaffected by the withdrawal.

Right to lodge a complaint with the competent supervisory authority
In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the data protection supervisor of the federal state in which our company is domiciled. For our company, the data protection supervisor in Lower Saxony is the competent supervisory authority. You can find a list of the data protection supervisors of the federal states and their contact data at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability
You have the right to have data that we process automatically on the basis of your consent or for the performance of a contract handed over to you or third parties in a commonly used machine-readable format. If you request direct transfer of the data to another controller, this will occur only insofar as this is technically possible.

Right to object
You can object at any time with effect for the future to the use and processing of data for safeguarding legitimate interests of our company, e.g., for purposes of advertising and offering customer-oriented information and services, through an informal notification communicated to: Heubach GmbH, Heubachstraße 7, 38685 Langelsheim; tel. +49 5326 52 0 / Fax +49 5326 52 213 or by emailing widerspruch@heubachcolor.de.

Right of access, rectification, restriction of processing (blocking) and erasure
Within the scope of the applicable statutory data protection regulations, you have the right to obtain information at no charge at any time about the personal data stored concerning you, their origin and recipients and the purpose of the data processing, and, if applicable, a right to rectification of the stored data, restriction of processing (blocking) or erasure of these data.

  • Right of access: You may request confirmation as to whether personal data concerning you are processed by us. Where this is the case, you can request access to the following information:

    • Purposes of processing;
    • Recipients or categories of recipient to whom your personal data have been or will be disclosed;
    • Where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
    • Further existing rights – see below;
    • All available information about the source of the data, if the personal data are not collected from you;
    • The existence of automated decision-making, including profiling, and any more detailed information on this.

Where your personal data are transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

  • Right to rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.

  • Right to restriction of processing: You have the right to obtain from us restriction of processing where one of the following applies:

    • You contest the accuracy of the personal data.
    • The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.
    • We no longer need the personal data for the purposes of the processing, but you require such data for the establishment, exercise or defense of legal claims; or
    • You have objected to processing (see below), pending the verification whether our legitimate grounds override yours.

  • Right to erasure: You have the right to obtain from us the erasure of personal data concerning you without undue delay, and we have the obligation to erase such data without undue delay where one of the following grounds applies:

    • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
    • You withdraw your consent, and there is no other legal ground for the processing.
    • You object (see below) to the processing.
    • Your personal data have been unlawfully processed.
    • Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
    • We have collected personal data on the basis of consent given by a child.

  • Notification obligation: Where you have asserted toward us your right to rectification, erasure or restriction of processing, we are obligated to communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We must inform you about those recipients if you request it.

2. Data protection officer

Legally required data protection officer

We have appointed a data protection officer for our company, whom you can contact in writing or by email as follows:

Heubach GmbH,
Data protection officer,
Heubachstraße 7,
38685 Langelsheim,
Phone: +49 5326 52 – 0
Fax: +49 5326 52 – 213
Email: datenschutz@heubachcolor.de

3. Data collection on our website

3.1 Creation of Server Log Files

Description of Data Processing:
Users can visit our website without registration. When you visit our website and every time you open a file, the browser used on your device automatically sends information to the server of our website and temporarily stores it in so-called log files. This is beyond our control. The following information is also recorded without your intervention and stored until it is deleted automatically:

  • IP address,
  • time stamp of the retrieval,
  • requested resource,
  • status,
  • data volume transferred,
  • duration of the data transfer,
  • origin of your page view,
  • name and version of the browser software

These data are not combined with other data sources.

Legal Basis and Purpose
The legal basis for data processing is Art. 6(1)(f) of the General Data Protection Regulation ("GDPR"), which allows the processing of data in order to safeguard legitimate interests of the controller, provided that this does not conflict with the overriding interests, fundamental rights and fundamental freedoms of the user.

The temporary storage of this data is necessary to display the contents of the website to the user. Therefore, the collection of this information is required for the representation of our website. For this purpose, the IP address of the user, too, must remain stored for the duration of the session. Data are stored in log files to ensure the functionality of the website and to optimize it in order to improve our services. In addition, this is to ensure the security of our IT systems. It is on these purposes that the legitimate interest of the controller is based in accordance with Art. 6(1)(f) GDPR.

Duration of Storage and Option to Object
This data are deleted when further storage is no longer required for the purpose of storage. For the provision of the website, this is the case when the respective session ends. Additional storage is possible if the IP addresses of the users are deleted or shortened, so that an assignment of the calling user is not possible. The server log data are stored for 90 days and then deleted.

The collection of data for the provision of the website, and the storage of the data in log files, is essential for the operation of the website. Accordingly, the user has no right to object to this.

3.2 Cookies

Description of Data Processing
The Internet pages of the Heubach GmbH use cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the dats subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

We use cookies to make our website more user-friendly, effective and secure. Some elements of our website require that the calling browser be recognized even after the user changes the page.

The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user's computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.

We also use cookies to analyze users' usage behavior on our website. For more information on this, refer to Section 5. The data of users collected in this way are pseudonymized. The data of the user are not reconciled with other personal data of the user.

At the beginning of the use of the website, users are informed about the use of cookies for analysis purposes with reference to this Privacy Policy. The user is also informed about the possibility of preventing the storage of cookies.

Third-Party Cookies
When you visit our website, cookies from affiliated companies are also stored on your device (third-party cookies). This is done to make our website more interesting for you. The use of such cookies and the extent of the data collected by them are explained in more detail in Section 5 below. Some of third-party cookies we use result in data being processing in the USA. These providers (e.g., Google) have undertaken to respect the privacy provisions of the EU-US Privacy Shield, the legal framework for the transatlantic transfer of data agreed between the European Commission and the United States of America (IMPLEMENTING DECISION (EU) 2016/1250) OF THE COMMISSION dated 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of protection provided by the EU-US Privacy Shield (notified under file number C(2016) 4176)). In addition, these providers are registered with the U.S. Department of Commerce's "Privacy Shield" program. Furthermore, we have concluded contract data processing agreements with these providers to safeguard the data protection requirements.

Purpose and Legal Basis of Data Processing
The purpose of using the technically necessary cookies is to facilitate the use of the website by the user. Some functions of the website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after the user changes the page. In some cases, the cookies are used to simplify the use of the website by storing settings (e.g., import of language settings, remembering search terms, etc.). The user data collected through technically necessary cookies are not be used to create user profiles. Personal data are processed by means of cookies on the basis of Art. 6(1)(f) GDPR. Heubach has a legitimate interest in the storage of cookies to ensure the technically error-free and optimized provision of its services.

Analysis cookies are used to improve the quality of our website and to optimize our offer. The data collected here are only used in pseudonymized user profiles. We pursue in this way – through market research – the legitimate interest of identifying which offers are interesting for you. This allows us to adapt our online offer as needed. It is also on these purposes that the legitimate interest in processing personal data is based in accordance with Art. 6(1)(f) GDPR.

Duration of Storage, Option to Object
Cookies are stored on your device. "Session cookies" are deleted automatically after you leave the site. Other cookies remain on your device until you delete them – these are so-called "permanent cookies". These cookies allow us or our affiliated companies (third-party cookies) to recognize your browser on your next visit. Permanent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

You can set your browser so that you are informed about the setting of cookies and in order to allow cookies only in individual cases, to exclude acceptance of cookies for certain cases or generally exclude, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

If users do not want to store cookies on their device, or want to delete a stored cookie or be notified of the storage of cookies, they can set their browser accordingly. For details on how to do this, refer to the help information of your browser. We expressly point out that in this case not all functions of the website may be fully accessible.

3.3 Queries via contact form, Email or Phone

Description of Data Processing
If you send us queries through the contact form, via Email or Phone, we store your information from the information form, including the contact data you provide there, for the purpose of processing the query and in case of follow-up questions. We do not share these data without your consent. We do not share such data without your consent.

For this purpose, the following data are transmitted to us and stored: Your first and last name, name of the company, address, e-mail address, and any information about personal data that you reference in the text of your inquiry.

Sharing of Personal Data with Third Parties
If you have specified a country selection outside of Germany in connection with your inquiry, your inquiry and also the personal data you provide to process your inquiry will be forwarded directly to the partner company indicated in the corresponding field as the contact for the country, and processed directly. You consent to this by sending your inquiry.

In this case, Heubach does not receive any personal data and information from you, nor any copy of your inquiry.     

Purpose and Legal Basis of Processing
The data provided in the contact form, by e-mail or telephone are processed based on your consent (Art. 6(1)(a) GDPR). If, in the case of contact by telephone, no consent to data processing and storage should be evident from the user's call, data processing must be considered justified in accordance with Art. 6(1)(f) GDPR. Otherwise, the user's request cannot be processed.

The transmitted data must be processed for processing the request and in case of follow-up questions. Contact by telephone also implies the required legitimate interest in the processing of the data.

Duration of Storage; Option to Object and Erase
You can withdraw this consent at any time. An informal notification by email to us suffices. The lawfulness of the data processing operations performed before the withdrawal remains unaffected by the withdrawal. We retain the data you enter in the contact form until you request erasure, withdraw your consent to storage, or the purpose of the data storage ceases to exist (e.g., after the processing of your query concludes). Mandatory legal requirements – especially retention periods – remain unaffected.

3.4 Data protection for applications and the application procedures

Description of Data Processing
We collect and process personal data of job applicants for the purpose of processing and carrying out the application process. In the following we inform you about data processing within the application process: 

In particular, the processed categories of personal data include your master data (such as name, first name, nationality), contact details (such as private address, e-mail address and telephone number), information on education, qualifications, certificates, previous employers, professional experience and previous activities. This may also include special categories of personal data, such as health data.

As a rule, your personal data are collected directly from you during the application process. In certain situations, your personal data are also collected by other entities due to legal regulations. In addition, we may have received data from third parties (e.g., job placement agencies).

Provision of Data; Purpose and Legal Basis of Processing
The provision of personal information is neither required by law nor by contract, nor are you required to provide your personal information. However, the provision of personal data is required to assess the suitability and, if necessary, the commencement and maintenance of employment, as well as fulfillment of the related contractual obligations. Without such data we will not be able to complete the application process with you, and we cannot enter into any employment with you.

Your personal data are collected, stored and processed in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other relevant laws (e.g., German Works Constitution Act (BetrVG), German Working Hours Act (ArbZG), etc.).

First and foremost, the data are processed for the purposes of the aptitude test to assess and, if necessary, prepare employment on the basis of Art. 26 BDSG. Insofar as this is necessary, we also process your data in order to safeguard our legitimate interests or those of third parties (e.g., authorities). The legal basis for this is Art. 6(f) GDPR.

As far as special categories of personal data under Art. 9(1), Art. 26(3) GDPR, are processed, this is done, in the context of the preparation of an employment relationship, for the purpose of exercising rights or fulfilling legal obligations under labor law, social security law and social protection (e.g., provision of health data to the health insurance, documentation of severe disability in connection with, inter alia, the arrangement of additional leave).

If we are to process your personal data for a purpose not mentioned above, we will inform you in advance.

Sharing of Data
Within our company, only the persons and entities (e.g., department of works council, representative council for employees with disabilities) receive your personal data that require them to fulfill our contractual and legal obligations.

Within our group of companies, your data will be transmitted to specific companies within the scope of the purposes set out and legal basis, if these perform data processing tasks centrally for the group's affiliated companies.

In addition, we rely to some degree on external service providers to fulfill our contractual obligations. Each service provider receives only the data that are necessary for the performance of the respective service.

We may also transfer your personal information to other recipients outside the company where this is necessary to fulfill legal obligations. A transfer to a third country is not intended.

Duration of Storage
Your personal data will be deleted as soon as they are no longer required for the above purposes – generally, after six (6) months.

After completion of the application process, your personal data will be deleted or destroyed in accordance with data protection regulations, unless we have received consent for a longer storage period, and the erasure does not conflict with any other legitimate interests of the controller. Another legitimate interest in this sense, for example, is a burden of proof in a procedure under the German General Equal Treatment Act (AGG).

If the application results in employment, your data will be transferred to our personnel administration system to establish an employment relationship and stored in accordance with the statutory retention periods. We will store your application documents beyond the aforementioned six (6) months only with your express consent.

If we have covered the costs of your arrival and departure for the interview, we will be obligated to store the data of your arrival and departure for the duration of the retention period. We will delete such personal data at the latest at the end of the statutory retention period (Section 147(3) of the German Regulation on Taxation (AO)), that is, after the expiration of 10 years, starting with the departure day.

If you have consented to the storage of the applicant data without time limit, we will store your data until you revoke your consent or until you instruct us to delete the data.

Consent and Right of Revocation
We may ask you to give us your consent so that we may save your application data beyond the end of the application process and use it for future application procedures.

We use the data and documents collected with your consent exclusively for the purposes of future application procedures. This data processing is justified by your consent under Art. 6(1)(a) GDPR.

You can revoke your consent by e-mail at any time with future effect. We will delete all your applicant data upon receipt of your revocation.

We record your declaration of consent electronically for the purpose of traceability. You can view and inspect your consent given at any time.   

For more detailed information on the rights to which you are entitled, refer to Section 1.

4. Google Analytics

Description of Data Processing
This Offering uses Google Analytics, a web analysis service of Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses “cookies,” i.e. text files stored on your computer to enable analysis of website usage by you. Information generated by the cookie about your use of this website is usually transmitted to a Google server in the United States and stored there.

IP- anonymization
However, if IP anonymization is activated on this website, Google will first shorten your IP address within member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases will your complete IP address be transmitted to a Google server in the United States and shortened there. IP anonymization is enabled on this website. Google will use this information on behalf of this website’s operator to evaluate your use of the website, compile reports about website activities, and provide the website’s operator with further services related to website and Internet usage. The IP address sent from your browser as part of Google Analytics is not merged with other data by Google.

Legal Basis of Processing
Google Analytics cookies are stored in accordance with Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

Contract Data Processing
We have a contract processing agreement with Google, and fully implement the stringent requirements of the EU Data Protection Regulation in connection with the utilization of Google Analytics.

Purpose of Processing
On behalf of the operator of this website, Google will use this information to evaluate users' use of the website, to compile reports on website activity, and to provide the website operator with other services related to website activity and internet usage. It is on these purposes that our legitimate interest in processing personal data is based in accordance with Art. 6(1)(f) GDPR.

Options to Object

Browser Plugin
You can prevent storage of cookies by appropriately setting your browser software; in this case, however, please note that you might not be able to fully use all functions offered by this website. Furthermore, you can prevent data generated by the cookie and relating to your use of the website (including your IP address) from being recorded and sent to Google, along with the processing of this data by Google, by downloading and installing the browser plugin under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to Data Collection
As an alternative to the browser add-on or from browsers on mobile devices, please click on this link, to block recording by Google Analytics on this website in the future. Clicking on the link will place an opt-out cookie on your device. If you delete your cookies, you will need to click on the link again. https://support.google.com/analytics/answer/181881?hl=de

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html.

Google Analytics is further explained under the following Link: https://www.google.com/intl/de_de/analytics/

5. Security notice

For security reasons and to protect the transfer of confidential content such as queries or messages you send to us as the site operator, this site uses SSL or TLS encryption. You can identify an encrypted connection by the fact that the address bar of the browser switches from “http://” to “https://” and by the padlock symbol in your browser bar. When SSL or TLS encryption is enabled, the data you send us cannot be read by third parties.

We take all technical and organizational security measures necessary in order to save your personal data in a manner that is not accessible to third parties or the public. However, please note that data transfer over the Internet (e.g., during email communication) can involve security gaps. End-to-end protection of data against third-party access is not possible.

We use an external service provider to make these web pages available to you. All of the information is saved in a secure operating environment. This area is not accessible to the public. The service provider is only responsible for the technical availability of the web pages.

The service provider is:

zuk. B2B Communication Guides
Brüsseler Straße 89-93
50672 Cologne

If you wish to contact us by email, please note that this communication method cannot guarantee the confidentiality of the information you transmit.

Therefore, we recommend that you send confidential information exclusively by post.

6. Links, banners and content from other providers

If our website provides links to content from other providers, your IP address will be transmitted to the respective provider if you click on these offerings.

In this case, you will leave Heubach’s website and be taken to external web pages. The addresses of the target page may use cookies. Heubach is not legally responsible for these cookies. The content and design of these websites as well as compliance with data protection regulations are the sole responsibility of the respective providers. For more on the use of such cookies and what information they save, please see the data privacy statement of the provider responsible for the content.

7. Further information

If you have further questions on data protection, e.g. the processing of your personal data, please contact us. You can find the individual contact details in sections 2 and 3 of this Statement and in our site notice.

8. Notification in the event of modification

If this Data Protection Statement is modified, the modification will be noted in this Data Protection Statement, on the homepage and in other appropriate places.