Data protection

heristo aktiengesellschaft
Parkstr. 44-46
49214 Bad Rothenfelde

Tel. 05424 299 0
Fax: 05424 299 333


Board of Directors:
Oliver H. W. Risken, Chairman
Theodor Determann
Marc Sodeikat
Christian Schröder

Supervisory Board:
Heinrich W. Risken (Chairman)

Register court:
Amtsgericht Osnabrück, HRB 110855

Sales tax identification number:

heristo holding GmbH, Bad Rothenfelde

Register court:
Amtsgericht Osnabrück, HRB 110932

Managing Director:
Oliver H. W. Risken

Responsible for the content according to § 18 Abs. 2 MStV:
Marc Schriever

heristo aktiengesellschaft
Parkstr. 44-46
49214 Bad Rothenfelde

We are pleased that you are visiting our website and thank you for your interest in our company, our products and our website. The protection of your privacy when using our websites is important to us. We therefore act in accordance with the applicable legislation on the protection of personal data and data security.

Below you can find out which websites this privacy policy applies to, what data we collect, process and use, what rights to information you have and much more. In order to answer your questions quickly and clearly, we have designed our privacy policy in the form of questions and answers.

Who is responsible for this website?

The entity named in the legal notice is responsible for the data collection and processing described below.

To which websites does this privacy policy apply?

This data protection declaration applies to the use of the websites offered by heristo aktiengesellschaft and/or its subsidiaries (hereinafter referred to as "heristo") (hereinafter referred to as "heristo websites"). This data protection declaration does not apply to the websites of other service providers to which heristo websites merely refer by means of a link.

What is personal data?

Personal data is individual information about the personal or factual circumstances of an identified or identifiable natural person. For example, your name, your address, your account, ID or telephone number, your license plate number, your e-mail address or IP number are personal data. However, data that makes it impossible to determine your actual identity is not personal data. This includes, for example, information about your gender, which browser you use or which make of car you prefer.

Will I remain anonymous when using the heristo websites?

Yes, when using the heristo website you remain anonymous as long as you do not voluntarily provide us with personal data. The only exception to this principle is the temporary automatic collection and storage of your IP number. You can find out more about this below.

Is personal data collected and processed automatically?

Yes, each time you visit our website, we automatically collect information about the IP number assigned to your computer, the browser and operating system you are using and the web pages you have viewed. This data is stored in log files on the web server. Only the IP number is considered personal data. To protect our computer systems from misuse, it is necessary to store the IP number of each visitor for a period of seven days. The legal basis is Art. 6 para. 1 lit. f) GDPR. If we also use the log files to create user profiles, whether for the purposes of advertising, market research or the needs-based design of our websites, the IP numbers are anonymized in advance. Otherwise, the IP numbers are deleted from the log files. As a result, you remain anonymous in any case, even when your IP number is automatically collected and temporarily stored.

Under what other conditions is personal data collected, processed or used?

We only collect, process or use personal data if you provide it to us voluntarily and it is also permitted by law or you have given your consent. This usually happens when you conclude a contract with us online or send us an inquiry.

For what purpose is personal data collected, processed or used?

We use the personal data provided by you exclusively for the purposes communicated or agreed, i.e. usually in accordance with Art. 6 para. 1 lit. b) GDPR to prepare or fulfill the contract concluded with you or in accordance with Art. 6 para. 1 lit. f) GDPR to answer your inquiry.

Is personal data used for advertising or market research purposes?

This is not the case without your consent. In order to maintain the customer relationship with you, in some cases we are interested in using your personal data for advertising, market research or other purposes. However, we will of course inform you of this in advance and ask you for your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Is personal data passed on, sold or otherwise transferred to third parties?

Your personal data will not be passed on, sold or otherwise transferred to third parties unless this is necessary for the purpose of contract processing in accordance with Art. 6 para. 1 lit. b) GDPR or you have expressly consented to this in accordance with Art. 6 para. 1 lit. a) GDPR. For example, it may be necessary for us to pass on your address and order data to our suppliers when you order products.

Can I withdraw my consent again?

Yes, you have the option at any time to object to the use of your personal data agreed with your consent for the future. To do so, please contact the office named below.

Are e-mail newsletters offered on heristo websites?

Yes, you can subscribe to an email newsletter on the website The sending of the e-mail newsletter and the associated processing of your e-mail address is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can withdraw your consent at any time without this affecting the lawfulness of the processing carried out to date. If you withdraw your consent, the corresponding data processing will be discontinued.

If you no longer wish to receive the newsletter in future, you can unsubscribe at any time, e.g. by sending an email to or via the unsubscribe link that you will find in every newsletter email. The newsletter is sent via "MailChimp", a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Your email address is stored on the service provider's servers in the USA. MailChimp uses your email address to send the newsletter on behalf of the newsletter provider. An order processing contract has been concluded with the service provider in accordance with Art. 28 GDPR. Furthermore, MailChimp may, according to its own information, use your e-mail address to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. However, MailChimp does not use your e-mail address to write to you itself or to pass it on to third parties.

MailChimp has submitted to the "EU-US Privacy Shield" and is therefore obliged to comply with European data protection standards.

Are tracking procedures used on heristo websites?

Yes, on the websites, and, data is collected and stored for marketing and optimization purposes using technologies from etracker GmbH ( The respective website operator can use this data to create user profiles using pseudonyms. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the website visitor's Internet browser. Cookies make it possible to recognize the Internet browser. The data collected using etracker technologies will not be used to personally identify the visitor to this website and will not be merged with personal data about the bearer of the pseudonym without the separately granted consent of the person concerned. Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR and in the legitimate interest of finding out how often our websites are accessed by different users.

You can object to the collection and storage of data at any time with effect for the future.


Are cookies used on the heristo websites?

We generally use so-called session cookies on the heristo websites, which store data for technical session control in the memory of your browser. This data is not personal and is deleted at the latest when you close your browser. If, in exceptional cases, we also wish to store personal data in a cookie, we will obtain your express consent in advance in accordance with Art. 6 para. 1 lit. a) GDPR.

The processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR and in the interest of optimizing or enabling user guidance and adapting the presentation of our website.

How can I generally prevent cookies from being stored on my computer?

Although cookies are only relevant under data protection law if personal data is stored in them, quite a few Internet users are generally skeptical about these small data packets. We would therefore like to point out that you can also protect yourself against the storage of cookies on your computer or view the contents of cookies. Current browsers provide you with various functions for this purpose, which you can find out more about in the help section of your browser. For example, simply set your Internet browser to automatically block all cookies or to warn you before a cookie is stored. However, we would like to point out that this may result in functional restrictions in the use of heristo websites and websites of other service providers.

What do I need to know about the Facebook pages of heristo companies?

Some heristo companies operate an official Facebook page on the basis of Art. 6 para. 1 lit. f) GDPR. We do not collect, store or process personal data of our users on these pages at any time. Furthermore, we do not carry out or initiate any other data processing. The data you enter on our Facebook pages, such as comments, videos or images, will not be used or processed by us for any other purpose at any time.

Facebook uses so-called web tracking methods on these pages. Please be aware that Facebook may use your profile data, for example to analyze your habits, personal relationships, preferences, etc. We have no control over the processing of your data by Facebook. We have no influence whatsoever on the processing of your data by Facebook.

What does heristo do for the security of my personal data?

heristo takes technical and organizational security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment that is not accessible to the public. Should you wish to contact heristo by e-mail, we would like to point out that the confidentiality of the information transmitted is not guaranteed. The content of e-mails - similar to postcards - can be viewed by third parties. We therefore recommend that you only send us confidential information by post.

What rights do I have as a user of the websites?

When processing your personal data, the GDPR grants you certain rights as a website user:

1. right of access (Art. 15 GDPR):
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

2. right to rectification and erasure (Art. 16 and 17 GDPR):
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed. You also have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.

3. right to restriction of processing (Art. 18 GDPR):
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of any review.

4. right to data portability (Art. 20 GDPR):
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

5. right to object (Art. 21 GDPR):
If data is collected on the basis of Art. 6 para. 1 lit. f (data processing to safeguard legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defense of legal claims.

6. right to lodge a complaint with a supervisory authority
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection regulations. The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.

Google Analytics

We use the web analysis tool "Google Analytics" for the needs-based design of our websites. Google Analytics creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognize returning visitors and count them as such.

As part of the Google Analytics service, Google Ireland Limited supports us as a processor in accordance with Art. 28 GDPR. Data processing may also be carried out by Google outside the EU or the EEA (in particular in the USA). With regard to Google, an adequate level of data protection is guaranteed on the basis of the adequacy decision (EU-U.S. Data Privacy Framework). Google also undertakes to conclude standard contractual clauses with other sub-processors.

Data processing is based on your consent, provided that you have given your consent via our banner. You can withdraw your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.

Does this privacy policy change from time to time?

The rapid technological development of the Internet and the changes in the law in the area of data protection make it necessary for us to adapt our data protection declaration to the new requirements from time to time. Please therefore note the current data protection declaration. This privacy policy is valid as of 25.05.2018.

Has a data protection officer been appointed?

You can reach our data protection officer at:

ds² Unternehmensberatung GmbH & Co.KG
Falkenstraße 10
33775 Versmold

Who can I contact?

If you wish to assert your rights to information, have questions about this privacy policy or our data protection behavior on the web, please contact:


The quality group.

heristo aktiengesellschaft
Parkstraße 44 – 46
49214 Bad Rothenfelde