Privacy Police

Data protection is an important concern of the company: Herpa Miniaturmodelle GmbH.

Privacy Police

Data protection is an important concern of the company: Herpa Miniaturmodelle GmbH.

Therefore, the processing of our customers' data is carried out exclusively in compliance with the applicable data protection regulations (e.g. DSGVO). We collect and process personal data if you provide us with this data (e.g. by registering on the website, contact inquiries, surveys, etc.) and we are entitled to collect, use and process it on the basis of consent granted by you or on the basis of a statutory provision. If we receive personal data from you from other companies, you will be informed of this as soon as possible, at the latest during the first contact. This data will also only be stored and processed on the basis of legal regulations.

Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). We collect and process the following personal data: Name, first name, home address, telephone number, marital status, date of birth, gender, email address, password. We process the above personal data for the following purposes:

 • Communicating with you about products, complaints, services and projects, e.g. to process your inquiries;

• Planning, implementing and managing the (contractual) business relationship between us and you, e.g. to process orders for products and services, to collect payments, for accounting, billing and debt collection purposes and to carry out deliveries, maintenance activities or repairs;

• To provide individualized quotations or estimates - To conduct customer surveys, marketing campaigns, market analysis, sweepstakes, contests or similar promotions and events;

• Provision of a newsletter and advertising regarding new product

• Maintain and protect the security of our products and services and our websites by preventing and detecting security risks, fraudulent activity, or other criminal or harmful activity;

• Compliance with legal requirements (e.g. tax and commercial law retention obligations) or existing obligations to carry out compliance screenings (to prevent white-collar crime or money laundering)

 • Settlement of legal disputes, enforcement of existing contracts and for the assertion, exercise and defense of legal claims.

The processing of personal data is necessary to achieve the above purposes, including the performance of the (contractual) business relationship with you. The legal basis for the data processing is - unless expressly stated otherwise - Article 6 (1) (b) and (f) of the General Data Protection Regulation or your expressly given consent pursuant to Article 6 (1) (a) of the General Data Protection Regulation. Insofar as the above data is to be further processed for a purpose other than the original purpose of collection, you will be informed of this prior to further processing. In this way, you have the opportunity to object to the processing of your data for another purpose.

Disclosure of data
All data that you provide to us will be treated confidentially. We will neither sell your personal data to third parties nor market it in any other way. As a matter of principle, your data will not be made available to third parties for use unless you have given your consent to this or we are legally entitled and/or obliged to pass on this data.

We will disclose personal data to courts, tax authorities, regulatory authorities to the extent legally permitted and necessary to comply with applicable law or to assert, exercise or defend legal claims. We take all measures to ensure appropriate and adequate safeguards to protect your personal data.

Storage period
If no explicit storage period is specified at the time of collection (e.g. as part of a declaration of consent), the personal data will be deleted insofar as it is no longer required to fulfill the purpose for which it was stored, unless legal retention obligations (e.g. retention obligations under commercial and tax law) prevent deletion.

Data security We take technical and organizational security measures to protect the data we store and process in our company against manipulation, loss of confidentiality, destruction and against access by unauthorized persons.

The security measures of our company are continuously improved according to the technological development.

Data subject rights: right to information, correction, deletion or restriction of the processing of your personal data, right to object and right to data portability
Upon request, we will inform you in writing, in accordance with applicable law, whether and which personal data we store in our company. If you are registered as a user yourself, we offer you the opportunity to view your data yourself and to change and delete it if necessary. If, despite our company's efforts to ensure data security and accuracy, incorrect information has been stored, we will correct it at your request.

You also have the right to request the restriction of the processing of personal data by our company. In addition, you may request to receive the data you have provided to our company in a structured, common and machine-readable format. You may also object to the data processing of personal data by our company. Furthermore, you have the right to request the deletion of your personal data, provided that legal retention periods do not prevent this. We delete the data if we no longer need it for the purpose for which we collected and processed it, or if you revoke the consent you have given, and there is no other legal basis for the further processing of your data. In addition, we delete this data if the processing has been unlawful for reasons unknown to us or if you have objected to the processing and there are no overriding legitimate interests for the processing. Your data will also be deleted if we are legally obliged to do so.

Our company has also implemented technical measures to notify all recipients of your data of your request for deletion or rectification. This applies only in the event that we have disclosed or made public such data. Deleted shall be all links, copies and replications of your personal data. If you have consented to the processing of your personal data, you have the right to revoke your consent at any time with effect for the future. The revocation of consent does not render the data processing unlawful for the past. The transfer of data to our company is voluntary. However, this data is necessary for the further conclusion of the contract or to answer your inquiries. If you do not wish to disclose your data, the contract may not be concluded or your inquiries may not be answered. The provision of the data is necessary for the conclusion of the contract. The contact details of our company's data protection officer are:

datenschutz@herpa.de

Postal: Herpa Miniaturmodelle GmbH
Attn: Data protection officer
Leonrodstraße 46-47
90599 Dietenhofen

You also have the right to complain to the competent supervisory authority about data processing by our company. The data protection authority responsible for our company is:

Bavarian State Office for Data Protection Supervision (BayLDA).

P.O. Box 1349
91504 Ansbach
Germany

Phone: +49 (0) 981 180093-0
E-mail: poststelle@lda.bayern.de
Homepage: https://www.lda.bayern.de/de/index.html

Newsletter; Advertising
When registering to receive our company's newsletter, the data you provide will be used exclusively for this purpose. For an effective registration, name and a valid e-mail address are required. In order to verify that a registration is actually made by the owner of an e-mail address, we use the "double-opt-in" procedure. For this purpose, the order of the newsletter, the sending of a confirmation email and the receipt of the hereby requested response is logged. The data is used exclusively for sending the newsletter and is not passed on to third parties. You can revoke your consent to the storage of your data and its use for the newsletter dispatch at any time. You will find a corresponding link in each newsletter. In addition, you can also unsubscribe at any time directly on our company's homepage or communicate your corresponding wish via the contact options provided at the end of this document. If you no longer wish to receive advertising based on your interests, you can object at any time free of charge and with effect for the future.

Order data processing
On our website we offer you the possibility to check certain entries in address forms of our webshop for input errors in real time. This is to avoid problems with the delivery of the products you have ordered due to incorrect information. Furthermore, we want to make sure that your contact data is valid for sending information about your order or for any necessary queries. For the provision of these functions we use the service provider Endereco, Balthasar-Neumann-Straße 4b, 97236 Randersacker. The service provider processes the data exclusively according to our instructions. The legal basis for the transmission, processing and temporary storage of the data with the service provider is Art. 6 (1) lit. b DS-GVO, as it is absolutely necessary for the fulfillment of the contract or for the implementation of pre-contractual measures that some of the data entered by you in the input mask is checked for accuracy. The following data will be processed by the service provider:
• Address (country, city, postal code, street, house number if applicable)
• Phone number
The data will be processed separately by the service provider and will not be merged. The requests are deleted by the service provider as soon as the status of the entered data has been determined and the storage in the webshop has been completed, at the latest, however, after 30 days.

Log data
When you access our company's homepage, your Internet browser automatically transmits the following data (hereinafter referred to as "log data") to our company's web server for technical reasons, which our company records in log files:

 • Date of access, time of access, URL of the referring website, file accessed, amount of data transferred, browser type and version, operating system, IP address, domain name of your Internet access provider.

This is exclusively information that does not allow any conclusions to be drawn about the natural person. This information is technically necessary in order to correctly display the website content you have requested and is mandatory when using Internet services. The log data is evaluated purely for statistical purposes in order to optimize our company's Internet presence and the technology behind it and is subsequently deleted. The log data is stored separately from other data collected by our company during use.

Cookies
Like many other websites, our company also uses so-called "cookies". Cookies are small text files that are transferred from a website server to your hard drive. Through this, our company automatically receives certain data such as IP address, browser used, operating system about your computer as well as your connection to the Internet. In principle, our company's website can also be visited without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via your browser settings. If cookies are deactivated, individual functions of our company's website may no longer function.

Tracking-based analyses, re-marketing tools
In order to constantly improve and optimize our offer, we use so-called tracking technologies.

Google Analytics
We also use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). Google Analytics uses so-called "cookies", i.e. text files that are stored on the customer's computer and enable an analysis of the customer's use of the website. The information generated by the cookie about the use of the website (including the IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating the customer's use of the website, compiling analyses of website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate the IP addresses of customers with any other data held by Google.

The customer is entitled to prevent the installation of these cookies by setting the browser accordingly; however, the customer is informed that in this case not all functions of this website can be used to their full extent. By using this website, the customer consents to the processing of data collected by Google in the manner and for the purposes set out above.

For more information on Google Analytics and privacy, please visit: https://tools.google.com/dlpage/gaoptout?hl=de

The following Google Analytics advertising features are enabled:
• Re-Marketing with Google Analytics
• Google Impression report for the Display Network
• Google Analytics demographics and interest reports
• Integrated services where Google Analytics collects data via advertising cookies and identifiers.

Using these advertising features, Google Analytics may collect additional user data via Google advertising cookies (more information at: https://www.google.com/policies/technologies/types/) and identifiers, as well as data collected via a standard Google Analytics implementation.

Google Ads (Re-Marketing)
We further use the re-marketing function within the Google Ads service. Google Ads is an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The re-marketing function allows us to present users of our website with advertisements based on their interests on other websites within the Google display network (on Google itself, so-called "Google Ads" or on other websites). For this purpose, the interaction of users on our site is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our website. For this purpose, Google stores a number in the browsers of users who visit certain Google services or websites in the Google display network.

This number, known as a "cookie", is used to record the visits of these users. This number is used to uniquely identify a web browser on a particular computer and not to identify an individual. The information collected by cookie about the use of our website (including your IP address) is usually transmitted to a Google server and stored there. We would like to point out that on this website Google Ads (Re-Marketing) has been extended by the code "gat._anonymizeIp();" to ensure anonymized collection of IP addresses (so-called IP masking). At our instigation, your IP address is therefore only recorded by Google in shortened form, which ensures anonymization and does not allow any conclusions to be drawn about your identity. In the event that IP anonymization is activated on this website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can deactivate the interest-based ads on Google as well as interest-based Google ads on the web (within the Google display network) in your browser by going to:

www.google.de/settings/ads in the sub-item "Deactivation settings" click on the link "deactivate" in each case.

Furthermore, you can also disable interest-based advertising at:

https://www.networkadvertising.org/choices/?partnerId=1/ Cookies via Opt-Out, for this purpose an Opt-Out-Cookie will be set on your computer.

Facebook Custom Audience via the pixel procedure
Within our offer, the so-called "Facebook pixel" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook") is used for these purposes due to our legitimate interests in the analysis, optimization and economic operation of our online offer. This allows the behavior of users to be tracked, e.g. after they have clicked on a Facebook advertisement. This procedure is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can additionally help to optimize future advertising measures.

Within the scope of Facebook Custom Audience, we do not transmit any data records, in particular no e-mail addresses of our users - neither encrypted nor unencrypted - to Facebook. The data collected within the scope of the pixel use are anonymous for us, do not offer us any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/policy.php). You may allow Facebook and its partners to serve ads on and off Facebook. Furthermore, a cookie may be stored on your computer for these purposes. Current information on the General Data Protection Regulation (GDPR) can be found here: https://www.facebook.com/business/gdpr#Wichtige-Rechtsgrundlagen. If you would like to deactivate the use of Facebook Website Custom Audience, you can do so at https://www.facebook.com/adpreferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook. To deactivate the use of cookies on your computer, you can set your internet browser so that no more cookies can be placed on your computer in the future or so that cookies that have already been placed are deleted. However, switching off all cookies may mean that some functions on our Internet pages can no longer be executed. In addition, various applications are available that make it possible to suppress data transmission to Facebook. You can use such applications to suppress data transmission to Facebook. In addition, you have the option with us to select that you do not want tracking by the Facebook pixel in this browser (opt-out). To do so, please click here: Disable Facebook Pixel for this browser. An opt-out cookie will be set in your browser, which prevents the collection of your data during future visits to this website with your current browser.

Instagram
In order to stay in touch with our customers, prospects and applicants, we have also set up our own Instagram page. Instagram is an online service for sharing photos and videos provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Responsible for the operation of the network, as well as for the social network Facebook, is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Facebook") in Ireland. We expressly draw attention to the fact that Facebook stores data (e.g. IP address, likes and personal interests (e.g. through hashtags and groups to which a user is connected), behavior on Instagram pages, any personal information stored on Instagram, etc.) of users and uses them for business purposes. 
We have no influence on the processing and further use of this data, as Facebook alone determines the processing. To what extent, where and for how long the data is stored, to what extent the data is linked and evaluated and to whom the data is passed on is currently not comprehensible to us. Also with regard to deletion periods, i.e. whether and to what extent deletion periods are observed, we have no insight and no influence. Information from Facebook itself about what information is collected can be found in Facebook's Instagram privacy policy, which can be viewed at https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect. 
If you are an Instagram member and logged into your Instagram user account, Facebook can associate your visit to our site with your user account. If you would like to prevent Facebook from linking data about your visit to our Instagram Page with your membership data stored on Instagram, you should
 • log out of Instagram before each visit to our Instagram Page,
• delete the cookies stored on your device,
• and exit and restart your browser. 
However, even after taking these steps, Facebook may still recognize you through so-called unique identifiers, such as device IDs and other identifiers, such as those of games, apps or accounts you use or family device IDs (or other identifiers that are unique to the Facebook companies' products associated with the same device or account). 
To see the content on our Instagram Page, you do not need to be a member of Instagram. However, data is collected, stored and used by Facebook each time you visit our Instagram Page. The moment you visit our Instagram Page, your browser establishes a connection with a Facebook server. In the process, data may be transferred to countries outside the European Union. In any case, whether you are registered with Instagram or not, your IP address will be transmitted and cookies will be set. If you are an Instagram member and logged into your Instagram user account, Facebook can associate your visit to our site with your user account. 
The cookies used by Instagram, according to Facebook, are for authentication, security, website and product integrity, advertising and measurement, website features and services, performance, and analytics and research. For more information, visit the Instagram Help section at the following link: https://help.instagram.com/1896641480634370. 
Unless you have an Instagram account, you can manage interest-based online ads through the European Interactive Digital Advertising Alliance settings and through your mobile device settings. The data collection and storage through the use of the aforementioned cookies by Facebook can additionally, but also at any time with effect for the future, be objected to via the following opt-out link: http://www.youronlinechoices.com/de/praferenzmanagement/. 
Under the aforementioned link, you can manage your preferences regarding usage-based online advertising. If you object to usage-based online advertising with a specific provider using the preference manager, this will only apply to the specific business data collection via the web browser currently in use. The preference management is cookie-based. Deleting all browser cookies will also remove the preferences you have set using the preference manager.
 You can also configure your browser before visiting our Instagram Page so that no cookies are stored by Facebook. Information on how to adjust the settings for cookies in your browser can be found in the help section of the browser you are using. 
We have no influence on whether and which cookies Facebook sets via our Instagram Page and how this data is processed.
 The processing of your data, when contacting or interacting via our Instagram Page, by us is based on our legitimate interest according to Art. 6 para. 1 p. 1 lit. f) DSGVO. Our overriding legitimate interest is to contact and communicate with our interested parties, as well as to respond to their specific requests. If your message is directed towards the conclusion of a contract or concerns the implementation of an existing contractual relationship, the legal basis for the processing is also Art. 6 para. 1 sentence 1 lit. b) DSGVO.

YouTube
The company uses the video platform YouTube, which is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066 in the USA. YouTube is a platform through which the playback of audio and video files is enabled. When the customer calls up a page of the company's website, the YouTube player embedded there establishes a connection to YouTube in order to ensure the technical transmission of the video or audio file.

When the connection to YouTube is established, data is transmitted to YouTube. The purpose and scope of the data collection, the further processing and use of the data by YouTube as well as the related rights and setting options for the protection of the customer's privacy can be found in the data protection information of YouTube: https://support.google.com/youtube/answer/2801895?hl=de Google Maps

Google Maps
As a user of our website, you can view cooperating dealers in your area on a map. We use Google Maps to display the map. Google Maps is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Details on the processing of personal data through the use of Google Maps can be found at the following link: http://www.google.de/intl/de/policies/privacy/ In order to display the cooperating merchants in the vicinity, you must first specify a location. The location can either be entered manually or determined automatically using the localization function of the Internet browser. For manual entry, no personal data is processed unless you enter your home address for display.

For the automatic location determination by means of the localization function of the Internet browser, the processing of your IP address is required. In this case, we base this processing on your consent, which the Internet browser requests when you call up the map. In this context, your IP address is not stored by us.

Google Web Fonts
Our website uses so-called web fonts to display the font. These are provided by Google Inc. (http://www.google.com/webfonts/). The web fonts are transferred to the browser's cache when the page is called up in order to be able to use them for the display. This transmits to the Google server, usually a Google server in the USA, which of our Internet pages you have visited. The IP address of the browser of the end device of the visitor to these Internet pages is also stored by Google. If your browser does not support Google Web Fonts or prevents access, the text will be displayed in a standard font. You can set your browser so that the fonts are not loaded from Google servers (for example, by installing add-ons such as NoScript or Ghostery for Firefox). Information on the privacy policy of Google Web Fonts is available at: https://developers.google.com/fonts/faq# Privacy General information on data protection is available in the Google Privacy Center at: http://www.google.com/intl/de-DE/privacy/.


Hotjar

This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool used to analyze your user patterns on this website. Hotjar allows us to for instance record your mouse and scroll movements as well as your click. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called Heatmaps, that make possible to determine which parts of the website the website visitor reviews with preference.

We are also able to determine how long you have stayed on a page of this website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels).

Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator.

Hotjar uses technologies that make it possible to recognize the user for the purpose of analyzing the user patterns (e.g., cookies or the deployment of device fingerprinting).

If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6(1)(a) GDPR and § 25 TTDSG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of Art. 6(1)(f) GDPR; the website operator has a legitimate interest in the analysis of user patterns to optimize both, the web presentation and the operator’s advertising activities.

Deactivation of Hotjar

If you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link: https://www.hotjar.com/policies/do-not-track/. 

Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device. For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link: https://www.hotjar.com/privacy. 

Data processing 

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.