Gebr. Heinemann Asia

Data Protection Statement

Contents

  1. General Information
    1. Objective and Responsibility
    2. Legal Bases
    3. Individuals’ Rights
    4. Accuracy and Retention of Personal Data
    5. Security of Processing
    6. Transfer of Data to Third Parties, Subcontractors and Third Party Providers
  2. Concrete Data Processing
    1. Usage of the B2B portal by customer employees
    2. Usage of the B2B portal by Heinemann employees
    3. Collection of Information on the Use of the Online Service
    4. Contact Form and Contacting via E-Mail
  3. Cookies
    1. General Information
    2. Objection Options
    3. Cookie Policy
  4. Changes to the Data Protection Statement
  1. General Information
    1. Objective and Responsibility
      1. This Data Privacy Statement is to inform you about the nature, scope and purpose of the processing of personal data related to our online service https://b2b.heinemann.com.sg and the related websites, features and contents (hereinafter collectively referred to as ‘online service’ or ‘website’) in accordance with the Singapore Personal Data Protection Act ("PDPA").
      2. The online service is provided by Heinemann Asia Pacific Pte Ltd (10 Kallang Avenue, #12-14/18 Aperia Tower 2, Singapore 339510) – hereinafter referred to as 'Heinemann Asia Pacific', 'provider', 'we' or 'us'.
      3. If you, at any time, have any queries on this Data Privacy Statement or any other queries or complaints in relation to how we may manage, protect and/or process your personal data, you can reach out to our Data Protection Officer under the E-Mail address dataprotection@gebr-heinemann.de
      4. The term ‘user’ encompasses all customers, interested people, employees and visitors of our online service.
      5. By using our online service and/or accessing our website, you hereby agree to be bound by the terms of this Data Protection Statement and consent to the collection, use, disclosure and/or processing of your personal data pursuant to this Data Protection Statement. If you do not agree with any terms of this Data Protection Statement, you should not use our online service and/or access our website.
    2. Legal Bases

      We collect and process personal data based on the following legal grounds:

      1. Consent in accordance with Section 13 of the PDPA, where you have given, or is deemed to have given, consent under the PDPA to the collection, use, disclosure and/or processing of your personal data.
      2. Without your consent in accordance with Section 17 of the PDPA, meaning that we may collect, use, disclose and/or process your personal data without your consent in the circumstances or for the purposes, and subject to any condition, in the PDPA (including without limitation where the collection, use and disclosure of your personal data is in our legitimate interests or another person. Some examples include ensuring security, preventing and detecting fraud, managing disputes, and/or preventing the misuse of our online services and/or website).
    3. Individuals’ Rights

      You have the following rights with regards to the collection, use, disclosure and/or processing of your personal data by us:

      1. The right to withdraw any consent given or deemed to be given, in respect of the collection, use, disclosure and/or processing of your personal data by us for any purpose in accordance with Section 16 of the PDPA;
      2. Right of access in accordance with Section 21 of the PDPA.
      3. Right to correction in accordance with Section 22 of the PDPA.

      Notice: Users may withdraw any consent given or deemed to be given, in respect of the collection, use, disclosure and/or processing of your personal data by us for any purpose at any time, by submitting your request to our DPO at the contact details listed above. The withdrawal may in particular be made against collection, use, disclosure and/or processing for the purposes of direct marketing. However, there may be legal consequences of your withdrawal.

    4. Accuracy and Retention of Personal Data

      We will take appropriate measures to keep your personal data accurate, complete and updated. We will also take commercially reasonably efforts to ensure that the personal data in our possession or under our control is destroyed and/or anonymised as soon as it is reasonable to assume that (i) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; and (ii) retention is no longer necessary for any other legal or business purposes.

    5. Security of Processing
      1. We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). Thus, the data that is processed by us is protected against accidental or intentional manipulation, loss, destruction and unauthorized access.
      2. These security measures include in particular the encrypted transfer of data between your browser and our server.
    6. Transfer of Data to Third Parties, Subcontractors and Third Party Providers
      1. A transfer of personal data to third parties only occurs within the framework of legal requirements. We only disclose personal data of users to third parties, if this is required e.g. for billing purposes or other purposes, if the disclosure is necessary to ensure the fulfilment of contractual obligations towards the users.
      2. If we engage subcontractors for our online service, we have made appropriate contractual arrangements as well as adequate technical and organizational measures with these companies.
      3. If we use content, tools or other means from other companies (hereinafter collectively referred to as 'third party providers’) whose registered offices are located in a third country, it is assumed that a transfer of data to the home countries of these third party providers occurs.
      4. Where personal data is transferred by us to any third parties, sub-contractors and/or third party providers outside of Singapore for any of the purposes stated above, we will ensure that such transfers are compliant with the requirements under the PDPA. In this regard, we will take such necessary measures to ensure that such overseas recipients are bound by legally enforceable obligations to ensure that these overseas recipients provide a standard of protection to the personal data so transferred that is comparable to the protection under the PDPA.
      5. In that regard, we will not disclose your personal data to third parties without first obtaining your consent permitting us to do so. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following:
        1. cases in which the disclosure is required or authorised based on the applicable laws and/or regulations;
        2. cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
        3. cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
        4. cases in which the disclosure is necessary for any investigation or proceedings;
        5. cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
        6. cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest; or
        7. where such disclosure without your consent is permitted by the PDPA or by law.
  2. Purposes

    We may collect, use and process your personal data for one or more of the following purposes:

    1. To provide you with the online services and the website;
    2. To manage and administer your account and contact you as may from time to time be necessary in connection with your use of online services and website;
    3. To process any transactions or payments made by you and to maintain payment records.
    4. To respond to, handle, and process queries, requests, applications, complaints, and feedback from you;
    5. To contact you through the contact information provided by you in order to provide you with information or services that you request from us;
    6. To collect information relating to online interactions with us (including, for example, your IP address and the pages you view) so that we can offer you a more consistent and personalised experience in your relationship with us.
    7. To store, host and/or back up (whether for disaster recovery or otherwise) personal data, whether within or outside Singapore.
    8. For record-keeping purposes.
    9. To conduct research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve the online services and website.
    10. To respond to any legal processes, pursue legal rights and remedies, and manage any complaints or claims.
    11. To respond to requests for information from public and governmental / regulatory authorities, statutory boards, related companies, whether in Singapore or abroad, for audit, compliance, investigation and inspection purposes.
    12. To comply with any applicable law, regulation, legal process or government request.
    13. For any other purposes for which you have provided the information.
    14. For any other incidental purposes related to or in connection with the purposes as set out above or otherwise described in this Data Protection Statement.
  3. Concrete Data Processing
    1. Usage of the B2B portal by customer employees
      1. The following data will be processed during use of the B2B portal by customer employees: first name, surname, e-mail address, language, encrypted password, customer assignment in the form of numbers, authorizations, creation date of the account, change date (if something was changed in the account).
      2. The processing of this personal data is necessary for the use of the B2B portal. A withdrawal of consent with regard to the processing of this personal data leads to the fact that the person who withdrew the consent can no longer use the B2B portal.
      3. The personal data will not be retained if they are no longer required for the provision of the service within the statutory retention periods.
    2. Usage of the B2B portal by Heinemann employees
      1. The following data will be processed during use of the B2B portal by Heinemann employees: first name, surname, user name, language, encrypted password, authorizations, creation date of the account, change date (if something was changed in the account).
      2. The processing of this personal data is necessary for the use of the B2B portal. A withdrawal of consent with regard to the processing of this data leads to the fact that the person who withdrew the consent can no longer use the B2B portal.
      3. The personal data will not be retained if they are no longer required for the provision of the service within the statutory retention periods.
    3. Collection of Information on the Use of the Online Service
      1. When using our online service, information may be transferred automatically from the device of the user to us; this information includes the name of the accessed website, file, date and time of the access, amount of data transferred, notification about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
      2. This information will be automatically deleted 90 days after the termination of the connection, unless any other retention periods require otherwise.
      3. The collection of the data and the storage of the data in log files is essential for the provision of the online service.
    4. Contact Form and Contacting via E-Mail
      1. When contacting us (via online form or e-mail), the personal data provided by the user will be processed exclusively for processing the inquiry and its handling.
      2. Any other use of the data will only take place based on the given consent from the user.
      3. The users' personal data will be stored in our Customer Relationship Management System (‘CRM System’) or a comparable software/database. The legal retention periods for business letters apply.
  4. Cookies
    1. General Information
      1. Cookies are information transmitted by our web server or third-party web servers to the users' devices where they are stored for later retrieval. Cookies can be in the form of small files or any other types of information storage.
      2. In the case that users do not want that cookies are stored on their device, they will be asked to disable the corresponding option in their browser's system settings. Saved cookies may be deleted in the system settings of the browser. The exclusion of cookies can lead to functional impairments of this online service.
    2. Cookie Policy

      For more information, please see our cookie policy.

  5. Changes to the Data Protection Statement
    1. We reserve the right to change this Data Privacy Policy with regards to the data processing, in order to adapt it to changed legal situations, to changes of the online service or of the data processing.
    2. Your continued use and access to the online services and/or website following any amendment of this Data Protection Statement will signify your assent to and acceptance of its revised terms.
    3. Notwithstanding the generality of Clause 5.2 above, if users' consents are required or if elements of the Data Protection Statement contain provisions in regards to the contractual relationship with the users, the changes will only be made with the agreement of the users.
    4. Users are requested to keep themselves informed about the content of this Data Privacy Statement on a regular basis.

​​​​​​​
Back to Top
Do you need help?