Data Protection Statement in accordance with the GDP

I. Name and address of the responsible body

The responsible body in accordance with the General Data Protection Regulation and other national data protection laws of the Member States as well as any other data protection regulations:

Heartbeat Investments GmbH
Köhlerstrasse 45
12205 Berlin
Germany

Phone: +49 (0)172 7479566
E-mail: hello@hbi-now.com
Website: www.hbi-now.com

II. Name and address of the data protection officer

The data protection officer for the responsible body is:
Dr. Rainer Hönig
Köhlerstrasse 45
12205 Berlin
Germany

Phone: +49 (0)172 7479566
E-mail: rainer.hoenig@hbi-now.com
Website: www.hbi-now.com

III. General information on data processing

1. Scope of the processing of personal data

We process our users' personal data only to the extent necessary for the provision of a functioning website and of our content and services. The processing of our users' personal data shall only regularly take place once the user has consented to such. An exception shall apply in such cases where prior obtaining of consent is not possible for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain consent for processing operations of personal data of the person concerned, Art. 6 (1) a) of the EU Data Protection Regulation (GDPR) shall serve as the legal basis.

With regard to the processing of personal data, which is necessary for the fulfilment of a contract whose contractual party is the person concerned, Art. 6 (1) b) GDPR shall serve as the legal basis. This shall also apply for processing operations, which are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for compliance with a legal obligation, to which our company is subject, Art. 6 (1) c) GDPS shall serve as the legal basis.

In the event that the vital interests of the person concerned or another natural person render processing of personal data necessary, Art. 6 (1) d) shall serve as the legal basis.

Should the processing be necessary to ensure a legitimate interest of our company or of a third party and the interests, fundamental rights and freedoms of the person concerned do not outweigh the first interest, Art. 6 (1) f) GDPR shall serve as the legal basis for the processing.

3. Data deletion and storage duration

The personal data of the person concerned shall be deleted or blocked as soon as the purpose of storage expires. Further storage may take place, if provided for by the European or national legislators in union-legal regulations, laws or other provisions to which the responsible body is subject. A blocking or deletion of data shall then take place even if the storage period prescribed by the standards referred to expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of the data processing

Every time our web page is retrieved, our system automatically captures data and information from the computer system of the retrieving computer.

In this, the following data is collected:

  1. Information about the browser type and version being used
  2. The user's operating system
  3. The user's internet service provider
  4. The user's IP address
  5. Date and time of access
  6. Websites from which the user's system accessed our website
  7. Websites retrieved by the user's system via our website

The data is also stored in our system's log files. This data is not stored together with other personal data of the user.

2. Legal basis for the data processing

The legal basis for the temporary storage of the data and log files is Art. 6 (1) f) GDPR.

3. Purpose of the data processing

The system must store the IP address temporarily in order to allow the website to be delivered to the user's computer. To this end, the user's IP address must remain stored for the duration of the session.

The storage in log files is carried out to ensure the functionality of the website. The data also allows us to optimise the website and to ensure the security of our information technology systems. In this context, the data is not evaluated for marketing purposes.

We also have a legitimate interest in the data processing for these purposes as per Art. 6 (1) f) GDPR.

4. Duration of storage

The data shall be deleted as soon as it is no longer required for the achievement of the purpose of their collection. In the case of the collection of data for the provision of the website, this shall be the case once the session is finished.

In the case of the data being stored in log files, this shall be the case after seven days at the latest. Further storage is possible. In this case, the users' IP addresses shall be deleted or altered, so that an assignment of the retrieving client is no longer possible.

5. Option for objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection on the part of the user.

V. Use of cookies

a) Description and scope of the data processing

Our site uses cookies. Cookies are text files which are stored in the internet browser or by the internet browser on the user's computer system. When a user retrieves a website, a cookie is stored on the user's operating system. This cookie contains a characteristic character string, which allows unique identification of the browser should the website be revisited.

We use cookies to make our website more user-friendly. Some elements of our website require that the retrieving browser can be identified even after a page change.

The following data is stored in the cookies and is transmitted:

  1. Language settings
  2. We also use cookies on our website to allow analysis of the surfing behaviour of the users.
    In this, the following data may be transmitted:
    1. Search terms entered
    2. Number of page views
    3. Use of website functions

    When retrieving our website, the user is informed about the use of cookies for the purposes of analysis and his/her consent is obtained for the processing of personal data used in this context. In this context, a reference is also made to this data protection statement.

b) Legal basis for the data processing

The legal basis for the processing of personal data using cookies technically necessary cookies is Art. 6 (1) f) GDPR.

The legal basis for the processing of personal data using cookies for the purposes of analysis is, in the presence of pertinent consent from the user, Art. 6(1) a) GDPR.

c) Purpose of the data processing

Analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies show us how the website is used, meaning that we are able to constantly optimise our offer.

We also have a legitimate interest in the processing of personal data for these purposes as per Art. 6 (1) f) GDPR.

e) Duration of the storage, options for objection and elimination

Cookies are stored on the user's computer and transmitted by this to our site. Therefore, you as a user have full control over the use of cookies. Modifying the settings in your internet browser allows you to disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. This can also be automated. If cookies are disabled for our website, it is possible that not all of the features of the website will be usable to their full extent.

VI. Web analytics by Matomo (formerly PIWIK)

1. Scope of the processing of personal data

On our website, we use the Matomo open source software tool (formerly PIWIK) to analyse our users' surfing behaviour. The software places a cookie on the user's computer (see above with regard to cookies). When individual pages of our website are retrieved, the following data is stored:

  1. Two bytes of the IP address of the user's retrieving system
  2. The retrieving website
  3. The website from which the user accessed the retrieved web page (referrer)
  4. The subpages retrieved from the retrieving web page.
  5. The tine spent on the website
  6. The number of page views of the website

The software runs exclusively on the servers of our website. Storage of personal data of the user can only take place there. No data is forwarded to third parties.

The software is set up in such a way that the IP addresses are not stored in full, but rather with 2 bytes of the IP address being masked (e.g.: 192.168.xxx.xxx). In this way, an assignment of the abbreviated IP address to the retrieving computer is no longer possible. More information can be found here: https://matomo.org/docs/privacy/ .

2. Legal basis for the processing of personal data

The legal basis for the processing of the personal data is Art. 6 (1) f) GDPR.

3. Purpose of the data processing

The processing of the users' personal data allows us to analyse our users' surfing behaviour. By means of the evaluation of the obtained data, we are able to compile information about the use of the individual components of our website. This helps us to continually improve our website and its user friendliness. We also have a legitimate interest in the processing of the data for these purposes as per Art. 6 (1) f) GDPR. By means of the anonymisation of the IP address, the interest of the users in the protection of their personal data is sufficiently taken into account.

4. Duration of storage

The data is deleted as soon as it is no longer needed for our record-keeping purposes.

In our case, this is after 7 days of the event.

5. Option for objection and elimination

Cookies are stored on the user's computer and transmitted by this to our site. Therefore, you as a user have full control over the use of cookies. Modifying the settings in your internet browser allows you to disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. This can also be automated. If cookies are disabled for our website, it is possible that not all of the features of the website will be usable to their full extent.

On our website, we offer our users the option of an opt-out from the analysis procedure. To do this, you must follow the corresponding link. In this way, another cookie is placed on your system, which tells our system not to save the user's data. If, in the meantime, the user deletes the corresponding cookie from his/her own system, s/he must re-set the opt-out cookie.

Further information concerning the privacy settings of the Matomo software can be found at the following link: https://matomo.org/docs/privacy/.

VII. Rights of the person concerned

The following list includes all rights of the persons concerned as per the GDPR. Rights of no relevance to the particular website need not need be mentioned. In this respect, the list may be shortened.

If your personal data is processed, you are a person concerned within the meaning of the GDPR and you have the following rights vis-à-vis the responsible body:

1. Right to information

You can request confirmation from the responsible body as to whether personal data relating to you is processed by us.

Should such processing exist, you may request the following information from the responsible body:

  1. the purposes for which the personal data is processed;
  2. the categories of personal data which are processed;
  3. the recipients or categories of recipients to whom the personal data has been disclosed or is still being disclosed;
  4. the planned duration of the storage of personal data relating to you or if specific details are not possible for this, criteria for determining the duration of storage;
  5. the existence of a right to rectification or deletion of the personal data relating to you, of a right to limitation of processing by the responsible body or of a right to object to this processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information about the origin of the data, if the personal data was not collected from the person concerned;
  8. the existence of an automated decision-making process including profiling in accordance with Art. 22 (1 & 4) GDPR and - at least in these cases - meaningful information concerning the logic involved and the scope and desired impact of such processing for the person concerned.

You have the right to demand information as to whether personal data relating to you is transmitted to a third country or an international organisation. In this context, you may request to be informed about the appropriate guarantees in according with Art. 46 GDPR in connection with the transmission.

This right to information may be restricted to the extent that it is expected to render the achievement of the research or statistical purposes impossible or to seriously impair such and the restriction is necessary for the fulfilment of the research or statistical purposes.

2. Right to rectification

You have a right to rectification and/or completion vis-à-vis the responsible party insofar as the processed personal data relating to you is inaccurate or incomplete. The responsible body shall make the rectification without delay.

Your right to rectification may be restricted to the extent that it is expected to render the achievement of the research or statistical purposes impossible or to seriously impair such and the restriction is necessary for the fulfilment of the research or statistical purposes.

3. Right to limitation of the processing

Subject to the following conditions, you may demand the limitation of the processing of the personal data relating to you:

  1. if you dispute the accuracy of the personal data relating to you for a period of time which allows the responsible body to check the accuracy of the personal data;
  2. the processing is unlawful yet you reject the deletion of the personal data and instead demand the limitation of the use of the personal data;
  3. the responsible body no longer requires the personal data for the purposes of the processing, but you require such for the assertion, exercise or defence of legal claims, or
  4. if you have lodged an objection to the processing in accordance with Art. 2 (1) GDPR and it has not yet been established whether the legitimate grounds of the responsible body should prevail vis-à-vis your grounds.

If the processing of the personal data relating to you has been limited, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or of a Member State.

Should the limitation of the processing according to the aforementioned conditions have been limited, you shall be informed by the responsible body before the limitation is lifted.

Your right to limitation of the processing may be restricted to the extent that it is expected to render the achievement of the research or statistical purposes impossible or to seriously impair such and the restriction is necessary for the fulfilment of the research or statistical purposes.

4. Right to deletion

a) Deletion obligation

You may demand of the responsible body that it deletes personal data relating to you without delay, and the responsible body shall be obliged to delete this data, insofar as one of the following reasons applies:

  1. the personal data relating to you is no longer required for the purposes for which it was collected or processed in any other way.
  2. you revoke your consent, upon which the processing was based, in accordance with Art. 6 (1) a) or Art. 9 (2) a) GDPR, and there is a lack of any other legal basis for the processing.
  3. you lodge an objection to the processing in accordance with Art. 21 (1) GDPR, there are no overriding legitimate reasons for the processing, or you lodge an objection to the processing in accordance with Art. 21 (2) GDPR.
  4. the personal data has been processed unlawfully.
  5. the deletion of the personal data relating to you is required for the fulfilment of a legal obligation in accordance with Union law or the law of the Member States, to which the responsible body is subject.
  6. the personal data relating to you was collected in relation to the offered services of the information society in accordance with Art. 8 (1) GDPR.

b) Information to any third party

Should the responsible body make public the personal data relating to you and is thus obliged to delete such in accordance with Art. 17 (1) GDPR, it shall, taking into account the available technology and the implementation costs, take appropriate measures, including of a technical manner, to inform all persons responsible for the data processing of the personal data relating to you that you, as a person concerned, have demanded the deletion of all links to this personal data or copies or replicas of this personal data.

c) Exceptions

The right to deletion shall not apply if the processing is required

  1. for the exercise of the right to freedom of expression and information;
  2. for the fulfilment of a legal obligation, which the law of the Union or the Member States requires and to which the responsible body is subject, or the performance of a task lying in the public interest or in the exercise of public authority, which has been transferred to the responsible body;
  3. on grounds of public interest in the field of public health in accordance with Art. 9 (2) h) and i) and Art. 9 (3) GDPR;
  4. for archive purposes lying in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, to the extent that the right named under a) is expected to render the achievement of the objectives of this processing impossible or to seriously impair such, or
  5. for the assertion, exercise or defence of legal claims.

5. Right to information

Should you have asserted a right to rectification, deletion or limitation of the processing vis-à-vis the responsible body, this shall be obliged to inform all recipients to whom the personal data relating to you has been disclosed, of this rectification or deletion of the data or limitation of the processing, unless this should prove impossible or would involve disproportionate expense.

You have the right to vis-à-vis the responsible body, to be informed about these recipients.

6. Right to data portability

You have the right to obtain the personal data relating to you, which you have made available to the responsible body, in a structured, common and machine-readable format. You also have the right to transfer this data to another responsible body without interference from the responsible body to which the personal data was provided, insofar as

  1. the processing is based on consent in accordance with Art. 6(1) a) GDPR or Art. 9 (2) a) GDPR or on a contract in accordance with Art. 6 (1) b) GDPR and
  2. the processing is carried using automated procedures.

In exercising this right, you also have the right to effect that personal data relating to you is transmitted directly from one responsible body to another responsible body, insofar as this is technically feasible. The freedoms and rights of other persons may not be impaired by this.

The right to data portability shall not apply to the processing of personal data required for the performance of a task lying in the public interest or in the exercise of a public authority, which has been transferred to the responsible body.

7. Right of objection

You have the right, based on reasons arising from your specific situation, to submit an objection at any time to the processing of personal data relating to you, which takes place based on Art. 6 (1) e) or f) GDPR; this shall also apply for profiling supported by these provisions.

The responsible body shall no longer process the personal data relating to you, unless it can prove compelling protection-worthy reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

The personal data relating to you shall be processed in order to operate direct marketing, you have the right at any time to submit an objection to the processing of personal data relating to you for the purposes of such marketing; this shall also apply to profiling, insofar as such is connected with such direct marketing.

Should you object to the processing for purposes of direct marketing, the personal data relating to you shall no longer be processed for these purposes.

You have the option, in connection with the use of information services of the information society - regardless of Directive 2002/58/EC - to exercise your right of objection by means of automated processes in which technical specifications are used.

You also have the right, based on reasons arising from your specific situation, with regard to the processing of personal data relating you, which is carried out for the scientific and historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, to object to such.

Your right of objection may be restricted to the extent that it is expected to render the achievement of the research or statistical purposes impossible or to seriously impair such and the restriction is necessary for the fulfilment of the research or statistical purposes.

8. Right to revoke the declaration of consent under data protection law

You have a right of revoke your declaration of consent under data protection law at any time. With the withdrawal of consent, the legality of the processing carried out on the basis of the consent until the time of the revocation shall not be affected.

9. Automated decision-making on a case-by-case basis including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - from which legal effects develop vis-à-vis you or by which you are significantly impacted in any similar manner. This shall not apply if the decision

  1. is required for the conclusion or fulfilment of a contract between you and the responsible body,
  2. is permitted on the basis of the laws of the Union or the Member States to which the responsible body is subject and this legislation contains appropriate measures for the safeguarding of your rights and freedoms and your legitimate interests or
  3. is made with your explicit consent.

However, these decisions may not be based on special categories of personal data in accordance with Art. 9 (1) GDPR insofar as Art. 9 (2) a) or g) GDPR do not apply and adequate measures have been taken for the protection of the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the responsible body shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to the effecting of the intervention of a person on the part of the responsible body, to the explanation of its own standpoint and to the challenge of the decision.

10. Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge an appeal with a supervisory authority, in particular in the Member State of your place of residence or work or the location of the alleged infringement, if you are of the opinion that the processing of personal data relating to you has violated the GDPR.

The supervisory authority to which the appeal was submitted shall inform the appellants concerning the status and the results of the appeal, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

This website uses cookies. Cookies improve the user experience and help make this website better. More details here: Data Security