Data Protection Declaration of Gebrüder Heinemann SE & Co. KG
(www.heinemann-dutyfree.com & www.heinemann-shop.com)
Gebr. Heinemann SE & Co. KG (hereinafter referred to as "HEINEMANN") takes the protection of personal data very seriously. In the following we would like to explain which data are collected, saved and used when you visit our Internet pages and use our online offers.
Personal data in the sense of the Federal Data Protection Act (BDSG) are individual items of data about the personal and material circumstances of a specific or identifiable natural person.
When visiting www.heinemann-dutyfree.com and www.heinemann-shop.com personal data are only then collected when you make active contact with HEINEMANN.
By visiting an Internet site, data are generally generated which are saved on a server in a protocol file, and which are evaluated exclusively on an anonymous basis for statistical purposes.
1. Services/Online Offers
On the websites named you can actively submit personal data to us via the following services (in the following also "online offers") - so-called inventory data:
- Orders and advance orders in the online shop
- Registration at Heinemann & Me
- Contact form
- Participation in the competition
- Newsletter Registration
- Online Forums
HEINEMANN will save these personal data to provide the offered online offers.
These data are protected through technical and organisational measures by HEINEMANN and the service providers carefully selected by us pursuant to § 11 BDSG using the provisions of the BDSG and the Telemedia Act (TMG).
Special conditions for participation or conditions for use can exist for the respective online offers, providing information on the intended purpose of the personal data.
HEINEMANN uses personal data for its own marketing purposes only when the person involved has been informed in detail about the intended use and has expressly granted his consent.
Persons under 18 years of age should not use online offers without the approval of their parents or guardians and therefore not send personal data to us.
2. Right of Revocation and Deletion of Personal Data
In accordance with § 34 BDSG every person involved has the right to free information on his data stored at HEINEMANN as well as, pursuant to § 35 BDSG, the right at any time to correct, delete or block these personal data.
If you have given us these personal data, you can have them deleted again at any time. Unless you have given us express consent for the collection and usage (possibly including storage and disclosure) of personal data, you can withdraw such consent at any time with effect for the future. Deletion of stored personal data takes place if you revoke your consent to storage, if knowledge about the data to fulfil the purpose intended by storage is no longer required, or if the storage is inadmissible for other legal reasons. Data for the purposes of accounting and bookkeeping are not affected by termination or deletion.
3. Transfer of Personal Data
If you are using our online offer, we use your personal data only at HEINEMANN as well as at affiliated companies. We do not further your data to third parties without your explicit consent. We will transfer your data to the authorities entitled to receive information only in case this is required by the law or court order. Should data be furthered to service providers or partner companies in exceptional cases during order processing, these are bound by the BDSG and other legal regulations and by the terms of the data protection declaration in the contract with HEINEMANN.
Transfer of your data is made to the despatch company authorised to make the delivery, if this is necessary for the delivery of the goods. For the settlement of payments, your payment data shall be forwarded to the credit agency responsible for bank payment. Credit card data will not be saved, but will be collected directly and processed by our payment service provider ConCardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany. For the purpose of address validation, we transmit data to AZ Direct GmbH, Carl-Bertelsmann-Straße 161 S, 33311 Gütersloh, Germany. In the direct debit process, we reduce our default risk through the account check 4safe® (plausibility check of the bank connection as well as the checking of different blocking lists, movement profiles and turnover limit). For this purpose, data are transferred to creditPass GmbH, Mehlbeerenstraße 2, 82024 Taufkirchen, Germany.
Flight Data Check
You must have a valid flight ticket to be able to make purchases from us. We will request your travel data during the purchasing process in our webshop. These will be used exclusively for checking your entitlement to make purchases by a comparison in the Amadeus reservation system or with FlightStats data .
Validation with frequent flyer number
Insofar as you provide your explicit consent, your frequent flyer number will be used for flight ticket verification. This reduces your input effort during a purchase. We do not use of your frequent flyer number for anything else. You can store the frequent flyer number at any time in your user account, as well as during a purchase. You can withdraw consent at any time in your user account.
4. Mandatory Periods for Deletion of the Data
Legislators have passed laws on diverse retention periods and obligations. When these periods elapse, the corresponding data are routinely deleted. Data not subject to retention periods and obligations will be deleted if their retention is no longer required to maintain the business relationship agreed upon.
5. Data Security
When entering advance orders and application data, HEINEMANN protects this personal information with the greatest care and most modern technology. You can be sure that the personal data entrusted to us are protected with SSL. SSL stands for "Secure Socket Layer", an encryption method which is successfully used in the entire World Wide Web. All personal data are encrypted and secure during transmission through the Internet. You can recognise a symbol (closed padlock) in the address bar of your browser, which means that you are in the secure area. Alternatively, you can also select an unencrypted transmission, if, for example, this is not possible for technical reasons.
You should always treat your access information as confidential and close the browser window when you have finished communicating with us, especially when you have used the computer jointly with others.
Cookies are used on these websites so that visitors do not have to repeatedly select the desired departure airport and are always informed about the range of offers at the Heinemann branch at this departure airport. Cookies are also needed to register for the newsletter and to use the shopping cart.
Most browser settings automatically accept cookies. The storage of cookies can be deactivated or the browser can be set in such a way that it sends a notification when cookies are sent.
We would like to point out that you will not be able to use all functions of this website completely if the storage of cookies is deactivated.
7. Server Protocol Files
Irrespective of whether you actively use an online offer or not, certain data will be saved on our servers by default each time our Internet sites are accessed, which possibly allow identification of your person (so-called usage and traffic data).
These data are used to enable usage of the Internet sites and to guarantee stability and operational security of our system. No personal utilisation of these data will be made.
These data will be deleted from the log files after 30 days.
8. Use of Web Analysis Tools
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider.
In certain circumstances Google will associate your IP address with any other data held by Google.
Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under http://tools.google.com/dlpage/gaoptout?hl=de
Further information can be found under http://www.google.com/intl/en_uk/analytics/tos.html
. (Google Analytics Terms of Service & Privacy).
Please note that on this website, Google Analytics code is supplemented by “gat._anonymizeIp();” to ensure an anonymized collection of IP addresses (so called IP-masking).
Our website uses the etracker analysis service. This service is provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.
The data can be used to create user profiles under a pseudonym. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of your web browser. These cookies enable your browser to be recognised. The data collected using etracker technologies are not used to personally identify visitors to our website without the express consent of the people involved, nor are they combined with personal data concerning the bearer of the pseudonym.
You may withdraw consent at any time to the future collection and storage of data. To withdraw consent to the future collection and storage of your visitor data, you can follow the link below to obtain an opt-out cookie from etracker. This prevents any visitor data from your browser being collected and stored by etracker in future:
etracker has set up an opt-out cookie with the name “cntcookie” for this purpose. Please do not delete this cookie if you want your withdrawal of consent to remain valid. Further information concerning etracker’s data protection regulations is available at:
Use of the Google Inc. remarketing or “similar audiences” function
and implementing the further information for opting out that is provided there. Further information on Google remarketing and Google’s data protection policy can be found at:
Use of Google AdWords conversion tracking
We use the online advertising program “Google AdWords” and conversion tracking within the context of Google AdWords. Google conversion tracking is an analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). If you click on an advertisement activated by Google, a cookie for conversion tracking is stored on your computer. These cookies only remain valid for 30 days and do not contain any personal data; therefore, they do not personally identify you or your computer.
If you visit particular pages on our website and the cookie is still valid, we and Google know that you have clicked on the advertisement and were forwarded to this page. Every Google AdWords customer receives a different cookie. Consequently, there is no possibility that cookies can be tracked via the websites of AdWords customers.
The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Here, customers find out the total number of users who have clicked on their advertisement and have been forwarded to a page provided by a conversion tracking tag. However, no information is received with which users can be personally identified.
If you do not wish to participate in tracking, you can object to this use by obstructing the installation of cookies by means of a corresponding setting in your browser software (deactivation option). From then on, you will not be included in any conversion tracking statistics. Further information on Google’s data protection policy can be found at:
Use of systems for the distribution of advertising material and ad campaign analysis:
The provider uses what are known as Adserver systems for Internet advertising and thus for the distribution of advertisements to desktop computers and mobile devices (e.g. tablets, computers and smartphones). These systems control the distribution of advertisements using cookies. The cookies are stored for advertising contacts and by clicking on the provider’s advertisements, as well as by visiting the provider’s website on your computer or mobile device. The Adserver systems and cookies enable the provider to review the success of their advertising and to address website visitors with targeted advertising by activating advertisements that are personalised and related to the interests of the provider’s website visitors.
You can use the following links to deactivate Adserver system cookies:
Provider: Adform Germany GmbH, Gr. Burstah 50-52, 20457 Hamburg, Germany
Double click: https://www.google.com/settings/ads/plugin
Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
9. Information on the Use of Social Plugins
and the FAQ. If you are a Google Plus member and do not want Google to collect data about you through our website and link it with your member data stored at Google, you must log out of Google Plus before you visit our website.
On some websites of our online range of offers we use Social Plugins of the social network www.facebook.com (“Plugin”), which is operated by Facebook Inc., 1601 S.California Ave, Palo Alto, CA 94304, USA (“Facebook”).
The websites of our online offer which contain a plugin are marked with a clearly visible Facebook logo (e.g. white “f” on a blue tile or a "thumbs-up" sign) or the addition "Facebook Social Plugin".
If you access a website like this containing such a plugin, your browser will establish a direct connection with the Facebook servers and Facebook will transmit the content of the plugin directly to your browser.
If you are registered with Facebook and are logged into your Facebook user account, Facebook will receive the information that you accessed the respective website by the integration of the plugin. If you use the plugin actively by for example activating the "like" button or the "share" button or placing a commentary on the respective website, the corresponding information will be transmitted from your browser directly to Facebook and used there.
In order to avoid Facebook collecting the above information about you when you access such a website, please find information on this on the Facebook website and/or log out of Facebook before visiting the respective website. Furthermore, you should delete any Facebook cookies present from your browser.
In this respect, please note that Facebook is continually developing the social network and informs about the data usage associated with it. You can, for example, find information about the opportunities that Facebook offers about protection of your privacy on the following pages: Data Use Policy
Conversion tracking with the Facebook pixel
We use the "Facebook pixel" from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") on our website.
We use this to track the behaviour of users after they have viewed or clicked on a Facebook ad. We can thus track the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we do not see the personal data of individual users.
By using our site you consent to conversion tracking.
This consent may only be given by users over the age of 13. If you are younger, you must consult a parent or guardian.
Please click here if you wish to revoke your consent: https://www.facebook.com/settings/?tab=ads#_=_
However, the data will continue to be stored and processed by Facebook, which we inform you about according to our current information status. Facebook can link this data to your Facebook account and use it for its own advertising purposes in accordance with the Facebook Data Policy (https://www.facebook.com/about/privacy/) . You can allow Facebook and its partners to show ads on and outside of Facebook. A cookie may also be placed on your device for this purpose.
Our website uses plug-ins from the YouTube website, which is owned and operated by Google. The provider of YouTube services is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our web pages that features a YouTube plug-in then a link will be generated to YouTube servers. In this way the YouTube server is notified about the pages you have visited. If you are logged onto your YouTube account, YouTube will be able to directly link your surfing behaviour to your personal profile. You can prevent this by logging out of your YouTube account. More details on the handling of user data can be found in YouTube’s own data protection policy under https://www.spotify.com/uk/legal/privacy-policy/
If you do not want Spotify to be able to assign your visit on our website to your Spotify account, please log out of your Spotify user account.
10. Localisation Function
When using our website we offer a localisation function for which your consent is required for use. If you agree with the localisation function, we determine necessary location information and you get location-based offers from us. In order to determine the location data, depending on availability, we use your IP address, GPS data or wireless networks data (WLAN). Location data are neither stored nor transmitted to third parties.
11. Links to Other Internet Sites
Our online range of offers includes links to other Internet sites. We have no influence on the compliance of their operators with the data protection regulations. Despite careful control of the content, we cannot assume any liability for external links to third party content.
12. Push messages
When you use our website, we offer a push message feature, which requires your consent. If you agree to the push message feature, we can provide information on promotions, special offers and novelties on your device (e.g. PC or laptop). Our push messages are displayed in the bottom right corner of your Internet browser, and you do not need to visit our websites to receive the push messages. You can always withdraw your consent from the settings in your customer account. From this time you will receive no push messages from us anymore.
13. Right of Access and Queries
Upon written request, you will receive information from us as to which of your personal data we have stored (e.g. name, address).
For queries, suggestions or comments on the topic of data protection, please contact the HEINEMANN Data Protection Supervisor:
Gebr. Heinemann SE und Co. KG
Data Protection Supervisor
Hamburg, September 2017