Privacy

Table of contents

Heading 2
Heading 3

1. General information

Our IT systems automatically collect personal data when you visit this website. Personal data is any data that can personally identify you. This privacy policy explains what data we collect, to what extent, how we collect this data, and for what purpose we do it.

Please note that the content of this privacy policy may change at any time. For example, if we make changes to the data processing we perform, we will promptly amend this privacy policy. If these changes require an action on your part or an individual notification, then we will inform you.

The website operator takes the protection of your personal data very seriously. We always treat your personal data confidentially and respect legal data protection regulations. However, we point out that data transmission on the internet can have security gaps. Therefore, complete protection of data against access by third parties is not possible.‍

2. Web hosting

Webflow hosts this website. Webflow is a service provided by Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.

In addition to hosting, Webflow provides us with technical infrastructures such as storage space, computing capacity, and databases, as well as security and maintenance services. Server log files collect technical and personal data that your browser automatically transmits to Webflow's servers each time you visit this website. These are:‍

  • anonymized IP address (internet protocol address)
  • browser type and browser version
  • browser language and browser time zone
  • installed browser plugins
  • operating system
  • installed fonts
  • screen resolution
  • HTTP header information
  • forwarding URL (referrer)
  • accessed URL
  • internet service provider
  • host name of the accessing computer
  • date and time of the server request
  • MIME types of the sent data
  • Silverlight data
  • HTTP status code

Webflow's servers store your anonymized IP address for 24 hours to prevent possible brute-force attacks. Webflow anonymizes by encrypting the IP address using a unique hashing algorithm. Webflow will never store a full IP address that makes you personally identifiable as a website visitor in server log files. Webflow only uses your IP address for technical analysis of access and error logs after prior anonymization by removing the last character block of your IP address.

A consolidation of the collected data with other data sources, as well as conclusions about the data subject, are not made. Instead, Webflow collects the data to monitor the volume of visitor traffic on the website and to ensure error-free provision of the website. Based on the volume monitoring of visitor traffic, Webflow controls the utilization of the website to avoid overloading the servers and to ensure its stability. In addition, Webflow determines the hosting fees for the website operator based on volume monitoring.

We use Webflow based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the fast, secure, and efficient provision of the website by a professional hosting provider.

To ensure the data protection-compliant processing of personal data, we have concluded a data processing agreement (DPA) with Webflow based on Art. 28 GDPR.

To ensure the data protection-compliant transfer of personal data to the USA, we have concluded the EU standard contractual clauses with Webflow based on Directive 95/46/EG.

Webflow's EU-specific privacy policy

Webflow's global privacy policy‍

3. Content delivery network (CDN)

This website uses the content delivery network (CDN) Amazon CloudFront. Amazon CloudFront is a service provided by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109, USA.

We use Amazon CloudFront to deliver the static content of our website to the end devices of our website visitors faster, more securely, and more efficiently with the help of servers distributed worldwide and connected via the internet. In addition, we achieve greater resilience and protection against data loss by using Amazon CloudFront.

When you visit the site, your browser automatically transmits the following data to Amazon CloudFront's servers:‍

  • IP address (internet protocol address)
  • user-agent
  • browser type and version
  • browser language and browser time zone
  • operating system
  • HTTP header information
  • forwarding URL (referrer)
  • accessed URL
  • internet service provider
  • host name of the accessing computer
  • date and time of the server request
  • total time of the server request
  • turnaround time of the server request
  • edge location of the server request
  • requested object of the server request
  • total size of the requested object
  • total number of bytes transferred
  • HTTP status code

The website operator has disabled server access logging for Amazon CloudFront. As a result, Amazon CloudFront will not store your access requests and IP address in server log files, will not combine collected data with other data sources, and will not make conclusions about the subject. Instead, Amazon CloudFront collects the data to monitor the volume of server access and ensure error-free delivery of static content. Based on the volume monitoring, Amazon CloudFront controls the server utilization to avoid overloading and ensure the servers' stability. In addition, Amazon CloudFront determines the usage fees for the website operator based on volume monitoring.

We use Amazon CloudFront based on Art. 6 (1) lit. f GDPR. The website operator is interested in the fast, secure, and efficient delivery of static website content, higher fail-safety, and higher protection against data loss.

To ensure the data protection-compliant processing of personal data, we have concluded a data processing agreement (DPA) with Amazon Web Services based on Art. 28 GDPR.

To ensure the data protection-compliant transfer of personal data to the USA, we have concluded the EU standard contractual clauses with Amazon Web Services based on Directive 95/46/EG.

Amazon Web Services' data protection measures

Amazon Web Services' privacy policy‍

4. Web analysis

This website uses Plausible to analyze usage data. Plausible is a service provided by Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

By default, Plausible does not use cookies for web analytics and performs all measurements of usage data anonymously. Plausible generates a random string of letters and numbers and uses that string to determine unique visitors to a website. This string is automatically reset once per day. Plausible does not collect or store any personal data. All data processed by Plausible is aggregated and does not allow conclusions about individual persons. The creation of user profiles does not take place.

The data collected with Plausible is securely encrypted and hosted, processed, and stored on servers in Germany. The data does not leave the EU and is subject to strict European data protection laws and standards.

When you access the page, the following data is processed by Plausible:‍

  • anonymized IP address (internet protocol address)
  • information on the terminal device, operating system, and browser used
  • geo-information up to a maximum of country level
  • forwarding URL (referrer)
  • URL called up
  • subsequent pages called up within the website
  • length of stay on the website

The data processing takes place based on the legal provisions of Art. 6 (1) lit. f GDPR. Our legitimate interest in terms of the GDPR is the optimization of our online offer and our web presence. Since the privacy of our visitors is important to us, the IP address is anonymized as soon as possible. It is not used in any other way, merged with other data, or passed on to third parties.

To ensure the processing of personal data in compliance with data protection, we have concluded a data processing agreement (DPA) with Plausible based on Art. 28 GDPR.

Plausible's privacy policy‍

5. Social networks

We operate publicly accessible profiles on the social networks Facebook and Instagram to regularly publish content, share offers and communicate with active users. Facebook and Instagram are services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When you interact with our Facebook or Instagram profiles, we generally collect all content that you share with us there. In addition, Facebook Ireland Ltd. collects the usage data of your interactions, processes it in so-called "page insights" and makes it available to us as operators of the profiles. Facebook Ireland Ltd. and we are jointly responsible for the page insights data processing under Art. 26 GDPR.

Using page insights, we can view anonymized statistics on our profile visitors' interests and demographic characteristics. This information does not enable us to identify a profile visitor personally. Instead, the page insights help us understand how visitors use our Facebook and Instagram profiles, what interests our profile visitors have, and what content is popular. As a result, we use page insights to provide more relevant content to our profile visitors and better target our profile visitors' interests and usage habits.

Please view our agreement with Facebook Ireland Ltd. on the joint responsibility of page insights.

Facebook Ireland Ltd. has summarized the main contents of this agreement and the data collected as part of page insights for you.

If you have given Facebook Ireland Ltd. your consent to process personal data, then the processing is based on Art. 6 (1) lit. a GDPR. In addition, the processing is carried out based on Art. 6 (1) lit. f GDPR, whereby our legitimate interests lie in the purposes mentioned above.

You can assert your right to information, deletion, rectification, restriction of processing, data portability, complaint, and notification against Facebook Ireland Ltd. and us. Please note that we, as operators of the profiles, do not really influence the data processing at Facebook and Instagram despite the joint responsibility. Facebook and Instagram also process your usage data for their purposes, which are outside our control and which we will not explain in more detail in this privacy policy. Facebook and Instagram will delete the data collected directly by us if the purpose for storing the data no longer applies, if you request us to delete it, or if you revoke your consent to store it. We do not influence the storage period of your data at Facebook and Instagram.

For more information about the type, scope, and purpose of the processing as well as the storage period of your personal data at Facebook, please refer to the Facebook privacy policy.

For more information about the type, scope, and purpose of the processing as well as the storage period of your personal data at Instagram, please refer to the Instagram privacy policy.

6. Contacting us

Suppose you contact us via the website, email, or telephone and provide us with personal data such as your name, email address, telephone number, or other personal information. In that case, we will process and store this data exclusively to respond to your inquiry.

If you make your inquiry in contractual or pre-contractual measures, then the data processing is based on Art. 6 (1) lit. b GDPR. If the question is not related to contractual or pre-contractual measures, then our legitimate interest, according to Art. 6 (1) lit. f GDPR is to answer your inquiry correctly and in your interest.

We will delete the personal data collected by contacting us as soon as we no longer require it for the purposes mentioned above. We review the necessity of data processing and storage every two years. You can object to storing your personal data anytime when contacting us via website, email, or telephone.‍

7. Mandatory information

A) Note on the responsible entity

The responsible entity for data processing on this website is:

Jan Göhmann
Norderholm 25
24955 Harrislee
Germany

Email: info@heywork.com
Phone: +49 15228088188
Imprint: https://www.heywork.com/imprint

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data. If you have any questions about data protection, you can contact the responsible body at any time using the contact details provided.‍

B) Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke the consent you have already given at any time. The legality of processing your personal data until the revocation remains unaffected by the revocation.‍

C) Right to object to data collection in exceptional cases and to direct marketing (Art. 21 GDPR)

If we base the data processing on Art. 6 (1) lit. e or lit. f GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. This also applies to profiling based on these provisions. You can find the respective legal bases of the data processing in this data protection declaration. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or the processing serves the purpose of asserting, exercising, or defending legal claims (objection under Art. 21 (1) GDPR).

Suppose we process your personal data for direct marketing. In that case, you have the right to object at any time to processing personal data concerning you for the purpose of such marketing. This also applies to profiling as it is related to direct advertising. Therefore, if you object, we will no longer use your personal data for direct marketing (according to Art. 21 (2) GDPR).‍

D) Right of appeal to the competent supervisory authority

In the event of violations of the GDPR, data subjects shall have a right of appeal to a supervisory authority, particularly in the member state of their habitual residence, their place of work, or the location of the alleged violation. The right of appeal is without prejudice to any other administrative or judicial remedy. This link provides the contact details of the data protection officers in the individual German states.‍

E) Right to data portability

You have the right to have all personal data that we process automatically based on your consent or in the performance of a contract handed over to you or a third party in a structured, standardized, and machine-readable format. If you request the direct transfer of the data to another controller, we will only do this insofar as it is technically feasible.‍

F) SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the lock symbol in your browser line and by the fact that the browser's address line changes from "http://" to "https://".

If SSL or TLS encryption is activated, third parties cannot read the data you transmit to us.‍

G) Right to information

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient, and the purpose of data processing. For this purpose and further questions on personal data, you can contact us at any time via the contact details given in the imprint.‍

H) Right to rectification

Within the framework of the applicable legal provisions, you have the right at any time to complete or correct the personal data concerning you. For this purpose and further questions on personal data, you can contact us at any time via the contact details provided in the imprint.‍

I) Right to deletion

Within the framework of the applicable legal provisions, you have the right to delete the personal data concerning you at any time. For this purpose and further questions on personal data, you can contact us at any time using the contact details provided in the imprint.‍

J) Right to restriction of processing

You have the right to request the restriction of processing your personal data. To do this, you can contact us at any time at the address in the imprint. The right to restriction of processing exists in the following cases:‍

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. Therefore, for the duration of the review, you have the right to request the restriction of processing your personal data.
  • If the processing of your personal data has happened or is happening unlawfully, you can request the restriction of data processing instead of deletion.
  • If we no longer need your personal data but require it to exercise, defend or assert legal claims, you have the right to request the restriction of processing your personal data instead of erasure.
  • According to Art. 21 (1) GDPR, we must balance both sides' interests if you object. Therefore, as long as it has not yet been determined whose interests prevail, you have the right to request the restriction of processing your personal data.

Suppose you have restricted the processing of your personal data. In that case, this data may - apart from being stored - only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or reasons of significant public interest of the European Union or a member state.‍

K) Right to instruction

Suppose you exercise the right to rectification, deletion, or restriction of processing of your personal data. In that case, we must inform all recipients of your personal data of any rectification, deletion, or restriction of processing unless this proves impossible or involves a disproportionate effort. You have the right to be informed by us about the recipients.