Go to homepage
€0.00*

Privacy statement

Information on data processing for this website in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR) when collecting personal data from the data subject

(Version: GDPR 2.1 from 01.04.2025)


HEINE Optotechnik GmbH und Co.KG is responsible for this website and, as the provider of a teleservice, must inform you at the beginning of your visit about the type, scope and purpose of the collection and use of personal data in a precise, transparent, comprehensible and easily accessible form in clear and simple language. This content must be available to you at all times. 

We attach great importance to the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of the European and national laws currently in force.

With the following data protection information, we would like to show you how we handle your personal data and how you can contact us:

HEINE Optotechnik GmbH & Co. KG
Dornierstr. 6
82205 Gilching
Germany
Phone: +49 8105 7728 0
E-mail: info@heine.com 

Our data protection officer
Sven Lenz
Data protection law firm Lenz GmbH & Co KG
Bahnhofstrasse 50
87435 Kempten
Germany 

If you have any questions about data protection or other data protection concerns, you are welcome to send an e-mail to the data protection team: dsb@heine.com

A. General 

For the sake of clarity, we do not differentiate between the genders. In the interests of equal treatment, the corresponding terms apply to all genders. The meaning of the terms used, such as "personal data" or their "processing", can be found in Art. 4 GDPR. 

The personal data processed in the context of this website includes
- Inventory data (e.g. names and addresses of customers),
- Contract data (e.g. services used, payment information),
- usage data (e.g. pages visited on our website) and
- Content data (e.g. entries in online forms). 

B. Specific
Data protection information We guarantee that we will only process your data in connection with the handling of your inquiries and for internal purposes as well as to provide the services or content you have requested. 

Basics of data processing
We process your personal data only in compliance with the relevant data protection regulations and on the basis of the following legal bases:

-Processing for the fulfillment of our services and implementation of contractual pursuant to Art. 6 para. 1 lit. b) GDPR (e.g. to process the order in the webshop)
-Processing for the fulfillment of our legal obligations pursuant to Art. 6 para. 1 lit. c) GDPR
-Consent pursuant to Art. 6 para. 1 lit. a) and Art. 7 GDPR (e.g. consent to the sending of our newsletter) -Processing to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR (e.g. sending advertising to existing customers). 

Data transmission to recipients
We would like to point out that data is transferred to third parties. 
Your data will only be passed on to third parties in accordance with legal requirements. We only pass on your data if this is necessary, for example, for contractual purposes or on the basis of legitimate interests in the economic and effective operation of our business. 

If we use subcontractors to provide our services, we take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations. 

The specific transfers are described below and the recipients are named. 

Data transfer to a third country or an international organization
Third countries are countries in which the GDPR is not directly applicable law. This basically includes all countries outside the EU or the European Economic Area. 

Through the use of various services on our website/our web store (see below for a description), data is transferred to a third country or an international organization. 

The adequacy decision of the EU Commission is taken into account here. This states that it is a safe third country or a safe international organization that offers an adequate level of protection. 

The following applies to data transfers to the USA: Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the USA. 

The US services used are certified under the Data Privacy Framework. Details can be found in the individual services. There is a risk that your data may be processed by US authorities for monitoring and surveillance purposes. There are currently no legal remedies against this practice. 

Storage duration of your personal data 

We adhere to the principles of data minimization and data avoidance. This means that we only store your data for as long as necessary to fulfill the aforementioned purposes or for as long as the various storage periods stipulated by law require. If the respective purpose no longer applies or after the corresponding periods have expired, your data will be routinely blocked or deleted in accordance with the statutory provisions. 

We have drawn up an internal company concept to ensure this procedure 

Contact us
Personal data is processed when you contact us electronically (e.g. via contact form or email). The information you provide will be stored exclusively for the purpose of processing your request and for possible follow-up questions 

We would like to give you the legal basis for this:
• Processing for the fulfillment of our services and implementation of contractual measures Art. 6 para. 1 lit. b) GDPR 

We would like to point out that e-mails can be read or changed without authorization or detection during transmission. We would also like to draw your attention to the fact that we use software to filter unwanted emails (spam filter). The spam filter can reject e-mails if they are falsely identified as spam due to certain characteristics. 

What rights do you have?
a) Right to information You have the right to obtain information about your stored data free of charge. On request, we will inform you in writing which of your personal data we have stored. This also includes the origin and recipients of your data as well as the purpose of the data processing.

b) Right to rectification You have the right to have your data stored by us corrected if it is incorrect. You can also request a restriction of processing, e.g. if you dispute the accuracy of your personal data.

c) Right to blocking You can also have your data blocked. To ensure that your data can be blocked at any time, this data must be kept in a lock file for control purposes.

d) Right to erasure You can request the deletion of your personal data, provided there are no statutory retention obligations. If such an obligation exists, we will block your data upon request. If the relevant legal requirements are met, we will delete your personal data even without your request.

e) Right to data portability You are entitled to request that we provide the personal data transmitted to us in a format that allows it to be transmitted to another location. 

f) Right to lodge a complaint with a supervisory authority You have the option of lodging a complaint with one of the data protection supervisory authorities.

The data protection authority responsible for us: 

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27, D-91522 Ansbach
Telephone: +49 981 53-1300
Fax: +49 981 53-981300 

You can open the complaint form of the Bavarian State Office for Data Protection Supervision via the following link: https://www.lda.bayern.de/de/beschwerde.html 

Note: A complaint can also be lodged with any data protection supervisory authority within the EU.

g) Right of objection You have the right to object at any time, on grounds relating to your particular situation, to the processing of your data in accordance with Article 6(1)(e) and (f); this also applies to profiling based on these provisions. 

We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. 

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In the event of such an objection, we will no longer process your personal data for the purposes of direct advertising. All you need to do is send us an email to this effect. 

h) Right of withdrawal
You have the option to revoke your consent to the processing of your data at any time with effect for the future without giving reasons. You will not suffer any disadvantages as a result of the revocation. All you need to do is send us an e-mail to this effect.

However, such a revocation does not affect the legality of the processing carried out up to the time of revocation on the legal basis of Art. 6 para. 1 letter a) GDPR. 

To assert your rights as a data subject, please send us an e-mail to one of the e-mail addresses listed above. 

Protection of your personal data
We take contractual, technical and organizational security measures in accordance with the state of the art to ensure that data protection laws are complied with and to protect the processed data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. 

The security measures include in particular the encrypted transmission of data between your browser and our server. For this purpose, 256-bit SSL (AES 256) encryption technology is used. 

Your personal data is protected within the scope of the following points (excerpt):
a) Safeguarding the confidentiality of your personal data In order to protect the confidentiality of your data stored by us, we have taken various measures to control access. 

b) Safeguarding the integrity of your personal data In order to protect the integrity of your data stored by us, we have taken various measures to control the transfer and input of data. 

c) Maintaining the availability of your personal data In order to ensure the availability of your data stored by us, we have taken various measures for order and availability control. 

The security measures in use are continuously improved in line with technological developments. Despite these precautions, we cannot guarantee the security of your data transmission to our website due to the insecure nature of the Internet. Therefore, any data transmission by you is at your own risk.

Protection of minors
Persons who have not yet reached the age of 16 may only provide us with personal information if they have the express consent of their legal guardians. This data will be processed in accordance with this privacy policy. 

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are 

• Browser type and browser version 
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

This data is not merged with other data sources. 

The basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.

Cookies
Cookies are small text files that are stored locally in the cache of your Internet browser. The cookies make it possible, for example, to recognize the Internet browser. The files are used to help the browser to navigate through the website and to make full use of all functions.

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimal provision of its services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy. 

We can therefore store cookies on your device if they are absolutely necessary for the operation of our website. We need your permission for all other cookie types. Our website uses different types of cookies. Some cookies are placed by third parties that are used on our pages. 

You can change or withdraw your consent at any time on our website. Please provide your consent ID and the date when you contact us regarding your consent. 

Cookie Tool
On our website, we use the Cookiebot service from Usercentrics A/S (Havnegade 39, 1058 Copenhagen, Denmark) to inform you about the use of cookies and to manage your consent in a legally compliant manner. 

Cookies are set to record and store your consent. The following data is processed:
• Your IP address (in anonymized form)
• Date and time of your consent
• Browser information
• An anonymous, random identifier
• The consent status data (which cookies you have accepted or rejected). 

This data is processed on the basis of Art. 6 para. 1 lit. c GDPR (fulfillment of a legal obligation) and Art. 6 para. 1 lit. f GDPR (legitimate interest in user-friendly and legally compliant cookie management). 

Your consent data will be stored for 12 months and then automatically deleted. 

Cookiebot stores your data within the European Union and does not pass it on to third parties. You can change or withdraw your consent to the services used on the website at any time by adjusting your cookie settings here. 

Further information on data processing by Cookiebot can be found in the privacy policy of Usercentrics A/S:https://www.cookiebot.com/de/privacy-policy/.

Website hosting
We use the system of the following provider to host our website and display the page content:
SaSG GmbH & Co KG
Kapplweg 12
D - 86511 Schmiechen 

All data collected on our website is processed on the provider's servers. We have concluded an order processing contract with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties. 

Use of Google services on our site
On our website we use the services of Google Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

All processing described in the context of the use of Google services is carried out exclusively on the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 TDDDG. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate these services using the "cookie consent tool" provided on the website. 

We have concluded a so-called order processing contract with Google, which obliges Google to protect the data of our website users and not to pass it on to third parties. 

To ensure compliance with the European level of data protection, including in the event of any transfer of data from the EU or the EEA to the USA and possible further processing there, Google relies on the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google.

Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as the basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, Google LLC is listed as a certified company. 

Further legal information about Google, including a copy of the aforementioned standard contractual clauses, can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites. 

The following Google services are used on our website: 

Google Marketing Platform 
GMP uses cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. 

In addition, GMP can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a GMP ad and later visits the advertiser's website using the same browser and makes a purchase via this website. According to Google, GMP cookies do not contain any personal information. 

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge as follows: By integrating GMP, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it. When using GMP, personal data may also be transmitted to the servers of Google LLC. in the USA. 

You can obtain further information about the data protection provisions of GMP by Google at the following Internet address: https://www.google.de/policies/privacy/. 

Google Ads conversion tracking
We use the online advertising program "Google Ads" on this website and conversion tracking as part of Google Ads. By using Google Ads, we can draw attention to our offers with the help of advertising material (so-called Google Adwords) on external websites and also measure the success of this advertising campaign. We do this in order to be able to show you advertising that is tailored to you.

If a user clicks on an Ads ad placed by Google, a cookie (small text file) for conversion tracking is placed on their end device. These cookies generally lose their validity after 30 days and are not used for personal identification. The cookie enables us to recognize with the help of Google that the user was redirected to our site by clicking on the ad. 

Cookies can therefore not be tracked beyond the websites of Google Ads customers. The information collected is used to create conversion statistics and provide us with information about the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. 

Google Ads Remarketing
Our website uses the functions of Google Ads Remarketing. This allows us to advertise this website in Google search results and on third-party websites. 

For this purpose, Google sets a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit.

Any further data processing will only take place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize ads you view on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data in order to create target groups. 

Details on the processing triggered by Google Ads Remarketing and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites. 

Google AdSense 
Google AdSense uses so-called cookies. In addition, Google AdSense also uses so-called "web beacons" (small invisible graphics) to collect information, through the use of which simple actions such as visitor traffic on the website can be recorded, collected and analyzed. The information generated by the cookie and/or web beacon (including your IP address) about your use of this website is usually transmitted to a Google server and stored there. This may also involve transmission to the servers of Google LLC. in the USA.

Google uses the information obtained in this way to evaluate your usage behavior with regard to the AdSense ads. The IP address transmitted by your browser as part of Google AdSense will not be merged with other Google data. The information collected by Google may be transferred to third parties if this is required by law and/or if third parties process this data on behalf of Google.

Use of videos from YouTube
We use the YouTube implementation function to display and play videos from the provider "YouTube".

According to information from "YouTube", cookies are used to collect video statistics, improve user-friendliness and prevent abusive behavior, among other things. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. 

Google stores your data (even for users who are not logged in) as user profiles and analyzes them. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. Regardless of whether the embedded videos are played, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations without our influence. Further information on data protection at "YouTube" can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy. 

Google Tag Manager
We use the service called Google Tag Manager. This is an auxiliary service and processes personal data itself only for technically necessary purposes. Google Tag Manager ensures that other components are loaded, which in turn may collect data. Google Tag Manager does not access this data. 

Use of web analysis tools from social media providers:
We use tools from social media service providers on our website for analysis purposes. All processing described below, in particular the setting of cookies for reading information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "cookie consent tool" provided on the website. 

Data may be transferred to the USA as part of the use of the services. For data transfers to the USA, all of the providers we use have signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. 

Meta pixel for the creation of custom audiences with extended data synchronization
The so-called "meta pixel" of the social network Facebook, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Quare, Dublin 2, Ireland ("Facebook"), is used within our online offering in extended data matching mode. 

When a user clicks on an advertisement displayed on Facebook, an addition is added to the URL of our linked page by the meta pixel. This URL parameter is then supplemented by setting a cookie from our website after being forwarded to the user's browser. In addition, this cookie collects specific customer data such as the email address that we collect on our website linked to the Facebook ad during transactions such as purchases, account logins or registrations (extended data synchronization). The cookie is read by the meta pixel and thus enables the data, including the specific customer data, to be forwarded to Meta. 

With the help of the meta pixel with extended data matching, Meta is able to precisely determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). This allows us to display the Facebook ads we place only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Meta (so-called "custom audiences"). 

By using the pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. This also allows us to evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users have been redirected to our website after clicking on a Facebook ad (known as "conversion"). This allows us to better measure the effectiveness of our advertising campaigns by recording more attributed conversions. 

All transmitted data is stored and processed by Meta so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy (https://www.facebook.com/about/privacy/). The data can enable Facebook and its partners to place advertisements on and off Facebook. For this purpose, we have concluded a joint controllership agreement with Meta in accordance with Art. 26 GDPR. 

These processing operations are only carried out if express consent is given in accordance with Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 TDDDG. 

You can object to the storage and analysis of data by Meta at any time. Simply click on Cookie settings and move the slider for the "Marketing" cookie category to the left in the cookie banner. Then click on the "Accept selection" button. 

LinkedIn Insight
This website uses retargeting technology from the following provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. 

This makes it possible to target visitors to our website with personalized, interest-based advertising who have already shown an interest in our store and our products. The advertising material is displayed on the basis of a cookie-based analysis of previous and current usage behavior, but no personal data is stored. In the case of retargeting technology, a cookie is stored on your computer or mobile device in order to collect pseudonymized data about your interests and thus adapt the advertising individually to the stored information. These cookies are small text files that are stored on your computer or mobile device. They are used to display advertising that is highly likely to match your product and information interests. 

Matomo
We use the web analysis service of InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, ("Matomo") on our website. 

To protect site visitors, Matomo uses a so-called "config_id" to enable various analyses of site usage within a short time window of up to 24 hours. The "config_id" is a randomly set, time-limited hash of a limited set of the visitor's settings and attributes. The config_id or config hash is a string that is calculated for a visitor based on their operating system, browser, browser plugins, IP address and browser language. Matomo does not use device fingerprinting and uses an anonymized IP address of the site visitor to create the "config_id". 

If the information processed in this way includes personal user data, the processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. To object to the future processing of your visitor data, we provide you with a separate opt-out option on our website. If data collected using Matomo technology (including your pseudonymized IP address) is transferred to Matomo servers in New Zealand and processed for usage analysis purposes, we hereby inform you that the European Commission has issued a so-called adequacy decision for New Zealand, which certifies compliance with European data protection standards for international data transfers. 

Newsletter/existing customer advertising
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. Personal data is collected for this purpose. The only mandatory information for sending the newsletter is your e-mail address. The provision of any other data is voluntary and is used to address you personally. This data is used by us for our own advertising purposes in the form of the e-mail newsletter if you have expressly consented to this.  

We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you consent to the newsletter being sent. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in future by clicking on the corresponding link. 

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a) GDPR. When you register for the newsletter, we store your IP address entered by the Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. 

You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to us atrequest@heine. com. Once you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list and included in a block file to ensure that you can cancel your subscription. 

We use the contact details of our existing customers (e.g. name, address, email address) to inform them about our products and services by means of email or postal advertising. This processing is carried out on the basis of Article 6 (1) sentence 1 lit. f GDPR (legitimate interest) and - in the case of advertising measures by e-mail - in accordance with the provisions of Section 7 (3) UWG. Our legitimate interest is to provide relevant offers and maintain a long-term customer relationship. 

The personal data will only be stored for as long as it is necessary for the stated purpose (existence of the customer relationship) or you have not objected to its use. 

You have the right to object to the use of your data for advertising purposes at any time. You can do this informally by contacting us using the contact options listed above. After receiving your objection, we will no longer use your data for advertising purposes. 

Our e-mail newsletters are sent both to existing customers and to persons who have given us their consent to do so via the provider "Brevo" of Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. 

On the basis of our legitimate interest in effective and user-friendly newsletter marketing, we pass on the data you provide when registering for the newsletter to this provider in accordance with Art. 6 para. 1 lit. f GDPR so that they can send the newsletter on our behalf. 

The provider also carries out a statistical evaluation of the success of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure opening rates and specific interactions with the content of the newsletter. End device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets. HEINE does not send newsletters without this newsletter tracking. Persons who do not agree to tracking cannot subscribe to the newsletter or, in the case of existing customers, must object to this. 

We have concluded an order processing contract with the provider, which protects the data of our website visitors and prohibits disclosure to third parties. 

Social networks
In addition to this online offer, we also maintain presences in various social media, which you can reach via corresponding buttons on our website. When you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to storing the specific data you enter in this social medium, further information may also be processed by the provider of the social network.

Further information can be found in our social media privacy policy. 

Processing of your data in our online store
Our website uses the Shopware 6 store system from shopware AG (Ebbinghoff 10, 48624 Schöppingen, Germany). In the following, we explain the specific processing of personal data by Shopware 6 when using our online store. 

When you visit our webshop, Shopware 6 automatically processes technical information to ensure the functionality and security of the website:
• IP address (in anonymized form)
• Browser type and version
• Operating system
• Referrer URL (the previously visited page)
• Date and time of the request
• Session IDs and cookies for session management 

The legal basis for this is Art. 6 para. 1 lit. f GDPR (legitimate interest in the security and functionality of the store). 

The following personal data is processed in order to process orders and manage customer accounts:
• Surname, first name
• E-mail address
• Billing and delivery address
• Telephone number (if provided)
• Payment information
• Order history 

Shopware 6 also processes payment data as part of the execution of orders in order to process purchase contracts. For this purpose, your payment information is transmitted to the payment service provider you have selected. Depending on the payment method, this may include the following:

• Bank details (IBAN, BIC) or credit card details
• Transaction data (payment status, reference number, amount)
• Beneficial owner (tax data can be requested for corporate customers). 

Participating payment providers can be (depending on selection and integration):
• PayPal (PayPal (Europe) S.à r.l. et Cie, Luxembourg)
• Klarna (Klarna Bank AB, Sweden)
• Stripe (Stripe Payments Europe Ltd., Ireland) 

The legal basis for this is Art. 6 para. 1 lit. b GDPR (contract fulfillment) and, if applicable, Art. 6 para. 1 lit. f GDPR (interest in fraud protection and abuse detection). 

Shopware 6 stores session information to manage the shopping cart and current user actions. Shopware uses the following types of cookies for this purpose:
• Essential cookies: Saves the login and shopping cart content
• Session IDs: For the identification of recurring sessions 

Data transfer:
• Payment processing: Forwarding to the selected payment provider (see section Payment processing) • Shipping processing: Transmission of shipping data to logistics service providers (e.g. DHL, DPD, UPS) • Taxes and accounting: Legally required disclosure to tax and financial authorities
• Marketing & analysis (only with consent): Forwarding of anonymized/aggregated data for store optimization 
Legal basis: Art. 6 para. 1 lit. b and c GDPR (contract fulfillment and legal obligation).

No data is transferred to third countries without your knowledge and your express consent. 

We only store your data for as long as is necessary for the respective purposes: 
Data type                                       Storage duration 
Order and payment data              6 - 10 years (retention periods under tax and commercial law)
Registered customer accounts    Permanent, until account deletion
Cookies (Essential)                       Until the end of the session / max. 12 months
Contact form requests                 6 months
Log data (e.g. IP addresses)       6 months
After the storage period has expired, your data will be securely deleted or anonymized. 

Forwarding of your data to shipping service providers
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods.

The goods are delivered by the transport service provider (e.g. DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany), DPD or UPS). If you have given us your consent during the ordering process, we will pass on your e-mail address to DHL in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or for delivery notification. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR. The data will only be passed on if this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or notification of delivery is not possible. Consent can be revoked at any time with effect for the future vis-à-vis us or vis-à-vis the transport service provider DHL. 

Customer account
To enable you to use our webshop conveniently, we offer you the option of creating a personal customer account. 

We collect the following personal data during registration:
• First and last name
• E-mail address
• Billing and delivery address
• Telephone number (optional)
• Encrypted access data (password)
• Date of registration 

After registration, we also save your data:
• Order history
• Payment methods (no full payment details unless required)
• Wish lists or bookmarked items (if available)
• Communication history with our customer service 

Purpose of the processing
• To provide and manage your customer account
• To simplify recurring orders
• To view your order history
• To personalize your shopping experience. 

You can delete your customer account at any time, in which case we will no longer store your data.

Product reviews
We offer you the opportunity to rate products or our webshop and leave comments if you are logged into your customer account 

The following data is collected and processed from you:
• Your name
 • Date and time of the assessment
• Content of the rating or commentary
• Rating in the form of stars or points 

However, only the reviews are visible on the website without naming the reviewer. The reviews help other customers with their purchase decision and enable us to improve our offer. 

Please note that your reviews (without names) will be displayed publicly in the webshop. We reserve the right to remove inappropriate or illegal content.

If you would like to remove or change a submitted rating, please contact us using the contact details provided. 

Changes to our privacy policy
We reserve the right to adapt our data protection information at short notice so that it always complies with current legal requirements or to implement changes to our services. This may concern, for example, the introduction of new services. The new data protection information will then apply to your next visit.


Explore HEINE

Follow HEINE on our social media channels for the latest news, updates and exclusive insights.

Heine

We live quality. In everything we do. In every product we manufacture. In every lens we grind. In every screw we tighten. In every fiber optic fiber we bundle. Always. Every day. The durability of our primary diagnostic instruments has become legendary.

Quality Made In Germany