heiki_steel_logo invertiert
Contact

Privacy Policy

1. Data Protection Overview

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below.

Data Collection on This Website

Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. Their contact details can be found in the section “Notice concerning the responsible party” in this privacy policy.

How do we collect your data?
Some data is collected when you provide it to us. This could, for example, be data you enter in a contact form.

Other data is collected automatically or after your consent when visiting the website by our IT systems. This data is primarily technical data (e.g. internet browser, operating system, or time of the page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze user behavior.

What rights do you have regarding your data?
You have the right to receive information free of charge at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you may revoke this consent at any time in the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time if you have further questions about data protection.

Analysis Tools and Tools from Third-Party Providers

When visiting this website, your surfing behavior may be statistically evaluated. This is done primarily with analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting

External Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include IP addresses, contact requests, metadata and communications, contract data, contact details, names, website access, and other data generated via a website.

External hosting is done for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of providing our online offer securely, quickly, and efficiently by a professional provider (Art. 6 para. 1 lit. f GDPR). If appropriate consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Our host(s) will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions regarding this data.

We use the following host(s):

STARTS Design GmbH
Heckenmühle 2
69483 Wald-Michelbach

Sub-processor:
HostPress GmbH
Bahnhofstraße 34
66571 Eppelborn

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) for the use of the above service. This is a data protection contract required by law that ensures that this service only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

3. General Notes and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission over the Internet (e.g., when communicating by email) can have security gaps. A complete protection of data against access by third parties is not possible.

Note on the Responsible Party

The responsible party for data processing on this website is:

Stefan Hecker
Im Krappenklingen 24
69483 Wald Michelbach
Phone: +49 6207 94 866 42
Email: info@heki-steel.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion takes place after these reasons cease to apply.

General Information on the Legal Basis for Data Processing

If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special data categories pursuant to Art. 9(1) GDPR are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information in your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25(1) TTDSG. The consent can be revoked at any time. If your data is required to fulfill a contract or to carry out pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR. Furthermore, if your data is required to fulfill a legal obligation, we process it based on Art. 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. The relevant legal bases in each individual case are explained in the following paragraphs of this privacy policy.

Data Protection Officer

We have appointed a data protection officer:

Stefan Hecker
Im Krappenklingen 24
69483 Wald Michelbach
Phone: +49 6207 94 866 42
Email: stefan.hecker@heki-steel.de

Note on Data Transfer to Non-Secure Third Countries & the USA

We use tools from companies based in non-secure third countries and the USA, whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. Please note that these countries cannot guarantee a level of data protection comparable to that in the EU.

In general, data transfer to the USA is permissible if the recipient is certified under the EU-US DPF or has suitable additional guarantees. Details on data transfers to third countries, including data recipients, can be found in this privacy policy.

Recipients of Personal Data

As part of our business activities, we work with various external parties. This may involve the transfer of personal data to these parties. We only pass on personal data to external parties if this is necessary for the fulfillment of a contract, if we are legally obliged to do so, if we have a legitimate interest under Art. 6(1)(f) GDPR, or if another legal basis permits data transfer. When using processors, we only pass on personal data on the basis of a valid processing contract. In the case of joint processing, a contract on joint responsibility is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

If data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data; this also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defense of legal claims (objection under Art. 21(1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if it is technically feasible.

Access, Rectification, and Erasure

Within the framework of the applicable legal provisions, you have the right to obtain information at any time about your stored personal data, its origin and recipients, and the purpose of the data processing. You may also have the right to correct or delete this data. If you have any questions about this or other personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time regarding this. The right to restrict processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. During the verification period, you have the right to request the restriction of processing of your personal data.
  • If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you require it for the exercise, defense, or establishment of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have objected pursuant to Art. 21(1) GDPR, a balance must be struck between your and our interests. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data – aside from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the change in the browser’s address line from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Data Collection on This Website

Cookies

Our websites use so-called “cookies.” Cookies are small data packets that do not cause any harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

Cookies can be set by us (first-party cookies) or by third-party companies (third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for processing payment services).

Cookies serve various purposes. Many cookies are technically necessary since certain website functions would not work without them (e.g., the shopping cart function or displaying videos). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for carrying out electronic communications, providing certain functions you have requested (e.g., for the shopping cart function), or optimizing the website (e.g., cookies for measuring web audience) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to store cookies and comparable recognition technologies was requested, processing is based exclusively on this consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); the consent can be revoked at any time.

You can configure your browser to notify you about cookie settings and to allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or generally, and activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

Consent with Borlabs Cookie

This website uses Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies on your device or the use of specific technologies and to document this in a data protection-compliant manner. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter “Borlabs”).

When you enter our website, a Borlabs cookie is stored in your browser, which saves the consents you have given or the withdrawal of these consents. This data is not passed on to the provider of Borlabs Cookie.

The collected data is stored until you request deletion, delete the Borlabs cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

The use of Borlabs Cookie consent technology is to obtain the legally required consents for the use of cookies. The legal basis is Art. 6(1)(c) GDPR.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing the requests sent to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested; the consent is revocable at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after the inquiry has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

Inquiry via Email, Telephone, or Fax

If you contact us by email, telephone, or fax, your inquiry including all personal data (name, inquiry) resulting from it will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

This data is processed based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively handling inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested; the consent is revocable at any time.

The data you send to us via contact inquiries will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after your request has been fully processed). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

Communication via WhatsApp

We use the instant messaging service WhatsApp to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is conducted via end-to-end encryption (peer-to-peer), which ensures that WhatsApp or third parties cannot access message content. However, WhatsApp gains access to metadata created during the communication process (e.g., sender, recipient, and time). WhatsApp states that it shares personal data with its U.S.-based parent company Meta. For more details, please refer to WhatsApp’s privacy policy: https://www.whatsapp.com/legal/#privacy-policy

The use of WhatsApp is based on our legitimate interest in fast and effective communication with customers, prospects, and other business and contractual partners (Art. 6(1)(f) GDPR). If consent has been requested, processing is exclusively based on this consent (Art. 6(1)(a) GDPR); consent can be revoked at any time with future effect.

The communication content exchanged between you and us via WhatsApp will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected.

This company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the EU and the USA that ensures compliance with EU data protection standards. Each DPF-certified company commits to these standards. More information: DPF Participant Detail

Gravatar

We have integrated Gravatar on this website. The provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.

Gravatar allows users to display personal avatars (profile pictures) associated with their email address. When a user interacts with our site and has Gravatar enabled, the hash of their email address (used as an ID) is processed by Gravatar to display the corresponding avatar.

The use of Gravatar is based on our legitimate interest in a visually appealing presentation of our forums and user contributions (Art. 6(1)(f) GDPR). If consent was requested, processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent may be revoked at any time.

More details can be found in Gravatar’s privacy policy: https://automattic.com/privacy/

This company is certified under the EU-US Data Privacy Framework. More information: DPF Participant Detail

5. Analytics and Advertising

Plausible Analytics

We use Plausible Analytics on our website. The provider is Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

Plausible helps us analyze user behavior on our website. The following data is typically collected: page URL, HTTP request, HTTP referrer, browser, operating system, device type, and IP address. HTTP request and IP address are stored in a hash for 24 hours, allowing user recognition within that period without enabling personal identification.

Where consent has been obtained, use of this service is based exclusively on Art. 6(1)(a) GDPR and § 25 TTDSG; consent may be revoked at any time. If no consent was obtained, usage is based on our legitimate interest in meaningful visitor statistics (Art. 6(1)(f) GDPR).

Data Processing Agreement

We have signed a data processing agreement (DPA) with the above provider, as required under data protection law, ensuring that this provider processes personal data in accordance with our instructions and GDPR.

6. Plugins and Tools

Google Fonts (local hosting)

This site uses Google Fonts for the uniform display of fonts. The Google Fonts are installed locally, meaning no connection to Google servers takes place.

More information on Google Fonts: https://developers.google.com/fonts/faq

Google’s privacy policy: https://policies.google.com/privacy?hl=en

Font Awesome

This site uses Font Awesome for the uniform display of fonts and icons. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

When you visit a page, your browser loads the required fonts into its browser cache to display texts, fonts, and icons correctly. For this purpose, your browser must connect to the servers of Font Awesome, which allows Font Awesome to know that your IP address accessed our website.

The use of Font Awesome is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the uniform presentation of the font on our website. If consent was obtained, processing is exclusively based on Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

If your browser does not support Font Awesome, a default font from your computer will be used.

For more details, see Font Awesome’s privacy policy: https://fontawesome.com/privacy

7. Audio and Video Conferencing

Data Processing

We use online conferencing tools to communicate with customers and third parties. The tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data is collected and processed by us and the respective provider of the conferencing tool.

The tools collect data you provide (e.g., email address, phone number), duration of the meeting, start and end times, participant counts, and context information (metadata). Technical data such as IP address, device ID, OS version, microphone and camera types, and more may also be processed.

Any shared content, files, recordings, or whiteboards may be stored on the provider’s servers.

Please note that our influence on the data processing by these providers is limited. Refer to each provider’s privacy policy for details.

Legal Basis

Use of conferencing tools is based on Art. 6(1)(b) GDPR if used for contractual purposes or to initiate such. Otherwise, processing is based on our legitimate interest in effective communication (Art. 6(1)(f) GDPR) or on consent (Art. 6(1)(a) GDPR); consent may be revoked at any time.

Storage Duration

Data collected directly by us will be deleted when no longer needed, or when you request deletion or revoke consent. Retention periods required by law remain unaffected.

We have no control over how long data is stored by the respective conferencing tool providers. Please check their privacy policies.

Microsoft Teams

We use Microsoft Teams, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

More information: https://privacy.microsoft.com/en-us/privacystatement

This provider is certified under the EU-US Data Privacy Framework: DPF Participant Detail

8. Final Notes

Changes to This Privacy Policy

We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to reflect changes in our services, such as the introduction of new functionalities. The new privacy policy will apply on your next visit.

Contact

If you have any questions about data protection or your personal data, you can contact us at:

Stefan Hecker
Im Krappenklingen 24
69483 Wald Michelbach
Phone: +49 6207 94 866 42
Email: info@heki-steel.de

Version: June 2025

en_USEnglish
de_DEGerman en_USEnglish