Select your language

Thank you for visiting our website and for your interest in HERZ GmbH.

This privacy policy is intended to show you what information we collect from you when you visit our website, what parts of your information (personal data), if any, are used in what way, to what extent and for what purpose.

1st principle
We, HERZ GmbH, take data protection and data security very seriously and treat your personal data confidentially, carefully and in accordance with the statutory provisions and these data protection guidelines. Our aim is to collect and process as little personal data as possible.
personal data as possible.

2. responsibility
Responsible in the sense of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions with data protection character:

Franz-Lutz-Straße 18
74391 Erligheim
Telefon +49 (0) 7143 962430

3. purpose
We collect your personal data solely for the purpose of processing your request. This processing is carried out exclusively on the basis of contract performance, consent of the data subject, for the fulfillment of the legal obligation to which HERZ GmbH is subject and/or for the fulfillment of our responsibility or in the exercise of official authority required for this purpose.

4. collection of personal data
Personal data such as name, address or e-mail address are not collected by us unless you provide this information voluntarily. We use the data you have provided exclusively for the purpose for which you have given it to us and where you have given us your consent.

5. transfer of data to third countries
Data processing outside the EU or EEA only takes place if we are active in this country in the context of providing a service.

6. data processing on the website
6.1 Collection of general data and information

In principle, you can call up and access all HERZ GmbH Internet pages without having to disclose or specify any personal data about yourself.

When you access the website, your browser automatically collects data and information.

This data includes the following information:
- Name and version of the browser software,
- the operating system used by the accessing system
- the website from which an accessing system arrives at our website,
- the sub-websites that are accessed via an accessing system on our website,
- the date and time of an access to the Internet page,
- the time spent on the website,
- an Internet protocol address (IP address),
- the Internet service provider of the accessing system,
- other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

The obligation to log is not only a requirement under data protection law, but also arises from IT security. Attention should be paid to this functionality both in self-programmed applications and in the procurement of third-party IT systems. The following chapters explain which aspects of data protection law must be taken into account in system logging.

6.1.1 Logging / log files / logging
When logging, each activity (e.g. reading, changing, copying, deleting) is recorded together with further information such as time and user.

A distinction is made between three types of log:
- Activities of the IT systems themselves (mostly for system monitoring).
- Activities of the administrators (e.g. during installation, configuration, changes to hardware and software)
- Activities of the users

6.1.2 Content and scope of log files
The log files must make it possible to verify who processed which personal data, when and how. The content of the log files is based primarily on the protection requirements of the processed data, the risk assessment and the purpose of the checks. Irrespective of this, however, there is a fundamental requirement that the content should be possible for the verification of system errors and also manipulations or unauthorized activities. In addition, however, the principle of necessity is also observed, i.e., only data that is required to fulfill the logging purpose may be recorded (no logging for storage).

The log files contain the following information:
- who (authentication)
- when (timestamp)
- which activity (data input and modification)
- on which data

6.1.3 Purpose limitation and evaluation
Log data may be recorded for the purpose of data protection control, data backup or to ensure proper operation of a data processing system (Section 31 BDSG). The log data must be able to provide information about who processed which personal data, when and in what manner, in order to be able to detect manipulations, for example. The purpose of logging is to detect and analyze system vulnerabilities and to eliminate them.
Log files are evaluated on a regular monthly basis on a random basis, using an automated evaluation based on filter conditions. In addition, the logs may be evaluated on an ad hoc basis. In particular, the principle of dual control is applied and documented in the event-related evaluation and analysis of personal data.
Our log files are not evaluated for the purpose of monitoring the behavior and performance of our employees.
(§ 31 BDSG).

6.1.4 Deletion of log files
Log files may only be stored as long as they are needed for the intended purpose. For this reason, the deletion periods must also be defined before logging begins. Log files are deleted after 6 months at the latest (analogous to Section 15 (7) TMG).

6.2 Cookies
The website of HERZ GmbH uses cookies. They are text files that are stored on a computer system via an Internet browser. Information about your visit to our website can be stored in cookies. Thanks to this text file, it is possible, for example, for you to receive special information on our site that is tailored to your interests.
The data subject can prevent the setting of cookies by the website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of the website may be fully usable.

6.3 Contact form
A contact form is available on the website for your inquiry. Our contact form is structured according to the: Data economy principle / Purpose limitation principle / Transparency requirement. With your consent, personal data (name, first name and e-mail) are collected. This data is specially transmitted by a recognized encryption method (SSL certificate / TMG §13 para 7 sentence 1 and sentence 2 a) and is therefore protected.
It contains a security query (Captcha) so that the form cannot be automatically "abused" by spam robots.
By using the double opt-in procedure, you confirm that you are aware of our privacy policy (link) and that you agree to the data you provide being collected and stored electronically for the intended purpose.

7. links to other internet pages
The website contains links to external websites. If you follow these links, the external provider may receive information from your browser as to which of our Internet pages you came to. The external provider is responsible for this data. We, like any other provider of Internet pages, are not in a position to influence this process.

8. your rights as a data subject vis-à-vis the data controller
- Right to information (Art. 15 DS-GVO): You have the normative right to information about the personal data processed about you.
- Right to rectification (Art. 16 DS-GVO): You have a right to have your personal data corrected, should we have stored it inaccurately about you.
- Right to erasure (Art. 17 DS-GVO): You have the right to have us delete your data if it may no longer be processed.
- Right to restriction of processing (Art. 18 DS-GVO).
- Right to withdraw consent: if you have consented to the use of your personal data, you may withdraw your consent at any time by sending an e-mail to with effect for the future, without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
- Right to object to processing (only in case of legitimate interest).
- Right to data portability (only in case of contractual relationship or consent).
- Right to lodge a complaint with the competent supervisory authority (Art. 77 DS-GVO):

The address of the supervisory authority responsible for our company:
The State Commissioner of Baden-Württemberg
for data protection and freedom of information
Königstraße 10a
70173 Stuttgart
Telefon: 0711/61 55 41-0

If the processing is based on consent, you have the right to revoke the consent at any time: The withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
Data subjects may exercise all rights by sending an email to or by sending a notification by mail. The data subjects must identify themselves and contribute to the identification in order to ensure that when responding to the exercise of the respective right, the data subject is actually addressed.

9. data security
Please bear in mind that data transmission on the Internet may be subject to security vulnerabilities. Full protection against access by third parties is not feasible.

10. routine erasure and blocking of personal data.
The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.

If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Our privacy policy may change constantly due to changes in our internal process, adjustments due to a legal requirement or further developments.

The current version of our privacy policy is available at any time at

If you have any further questions, please feel free to contact us at

Data Protection Officer HERZ GmbH