Data Privacy
Privacy Policy for the Website of heyconnect GmbH
Thank you very much for visiting our website. Below, we provide information on what personal data we process in connection with the use of our website, for what purposes this is done and on what legal basis the processing takes place. The legal basis is, in particular, the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications and Digital Services Data Protection Act (TDDDG).
The information below relates to the currently reviewed version of this website. Should we expand any features, external services or forms, we will amend this privacy policy accordingly.
1. Contact details of the data controller and data protection officer
The data controller within the meaning of Article 4(7) of the GDPR is:
heyconnect GmbH
Herrengraben 1
20459 Hamburg
Germany
Telephone: +49 (0)40 69207680
Email: kontakt@heyconnect.de
For data protection-related enquiries, you may also contact the FIEGE Group’s internal data protection officer:
Mr Werner Wendt
FIEGE Logistik Stiftung & Co. KG
Joan-Joseph-Fiege-Straße 1
48268 Greven
Email: dataprotection@fiege.com
2. General information on data processing
Legal basis
The data protection term ‘personal data’ refers to any information relating to an identified or identifiable natural person. We process personal data only where there is a legal basis for doing so, in particular on the basis of your consent pursuant to Article 6(1), first sentence, point (a) of the GDPR or Section 25(1) of the TDDDG, to fulfil a contract or to take pre-contractual measures pursuant to Article 6(1), first sentence, point (b) of the GDPR, to comply with a legal obligation pursuant to Article 6(1), first sentence, point (c) of the GDPR, or to safeguard our legitimate interests pursuant to Article 6(1), first sentence, point (f) of the GDPR, provided that this does not conflict with your overriding interests or fundamental rights.
Duration of storage
Unless otherwise stated in the information below, we retain personal data only for as long as is necessary to fulfil the relevant purpose or to comply with legal obligations. Statutory retention obligations may arise, in particular, from commercial and tax law provisions. We generally retain personal data contained in accounting-related documents for ten years and in business correspondence for six years. In addition, we retain evidence of consent given, as well as data relating to the assertion, exercise or defence of legal claims, for the duration of the statutory limitation periods.
Categories of recipients
We use data processors in the course of data processing, in particular for hosting, content delivery, IT operations, maintenance, communication and support. In addition, data may be transferred to external parties such as tax advisers, banks, public authorities or other recipients, insofar as this is permitted by law or necessary for the performance of a contract. Further recipients are set out in the information below.
Data transfers to third countries
In the context of certain services, personal data may be transferred to third countries, i.e. countries outside the European Union or the European Economic Area, where a level of data protection comparable to that of the GDPR is not necessarily guaranteed. Such transfers will only take place if the conditions set out in Articles 44 et seq. of the GDPR are met, in particular on the basis of an adequacy decision, appropriate safeguards such as standard contractual clauses, or your explicit consent.
Processing in connection with the exercise of your rights
When you exercise your rights under Articles 15 to 22 of the GDPR, we process the personal data you provide for the purpose of handling your request and documenting its proper implementation. The legal basis is Article 6(1), first sentence, point (c) of the GDPR in conjunction with Articles 15 to 22 of the GDPR and the relevant provisions of the BDSG.
3. Provision of the website and server log files
When you visit our website, the hosting and delivery system automatically processes technically necessary information to ensure that the website can be displayed on your device, operated reliably and protected against attacks. In particular, the following data may be processed:
- IP address of the requesting device
- Date and time of access
- Page or file accessed
- Referrer URL
- Browser type and version
- Operating system used
- HTTP status code
- Amount of data transferred
Legal basis and purpose
Processing is carried out on the basis of Article 6(1), first sentence, point (f) of the GDPR. Our legitimate interest lies in the technical provision of the website, ensuring its stability and security, and analysing errors.
Retention period
The retention period for server log files is determined by the technical requirements and the deletion periods set by our hosting and infrastructure service provider. We do not intend to carry out any long-term analysis relating to you personally.
Recipients
The recipients of the data are our hosting and website service providers, as well as the infrastructure and delivery providers involved in the technical provision of the service.
4. Webflow Services
Webflow Hosting, CDN and Asset Delivery
This website is powered by Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. For hosting, page delivery, content delivery and the provision of static resources, we use Webflow as well as the associated infrastructure and CDN components. In the current project, this applies in particular to resources via the domains cdn.prod.website-files.com and d3e54v103j8qbb.cloudfront.net.
When our pages are accessed, connection and usage data such as IP address, browser information, referrer, time of access and requested files are therefore processed. This is necessary to reliably deliver HTML, CSS, JavaScript, image and media files.
Legal basis and purpose
Processing is carried out on the basis of Article 6(1), first sentence, point (f) of the GDPR. Our legitimate interest lies in ensuring that our website is provided in a high-performance, secure and fail-safe manner.
Recipients and third-country transfers
The recipients of the data are Webflow, Inc. and the sub-processors engaged by Webflow. According to Webflow’s current information, these include, in particular, infrastructure and CDN providers such as Amazon Web Services and Cloudflare. Processing in third countries, in particular the USA, cannot be ruled out. According to Webflow, appropriate safeguards, in particular standard contractual clauses, are used for such transfers. Furthermore, Webflow states that it holds certification under the EU-US Data Privacy Framework.
Webflow cookies and forms
According to Webflow, technically necessary cookies or similar recognition technologies may be used as part of the hosting service; these are required for the display of the website, certain website functions and security. Based on our review of the current project, we are also not currently using any active Webflow forms to receive contact enquiries. Should Webflow forms, CMS functions involving the input of personal data or other technologies requiring consent be added in future, we will update this privacy notice accordingly.
Data processing on behalf of the controller and further information
We have entered into a data processing agreement with Webflow. Further information on data protection at Webflow can be found at https://webflow.com/legal/eu-privacy-policy.
5. Cookies and similar technologies
We use cookies and similar technologies on our website. These are small text files, entries in local storage or similar storage mechanisms that can be stored on or read from your device. Some of these technologies are technically necessary, whilst others are used for analytical, convenience or marketing purposes.
Legal basis and purpose
We use technically necessary cookies and storage technologies on the basis of Section 25(2) of the TDDDG and Article 6(1), first sentence, point (f) of the GDPR, insofar as they are necessary for the provision, security and user-friendly presentation of our website. We only use cookies and similar technologies that are not technically necessary with your consent, in accordance with Section 25(1) of the TDDDG and Article 6(1), first sentence, point (a) of the GDPR.
Storage period and control
The specific retention period for individual cookies and storage objects depends on the service in question and the information stored in the consent management tool. You can adjust or withdraw your consent at any time, with effect for the future, via the privacy settings or the consent banner. You can also delete or block cookies via your browser settings.
6. Consent management with Usercentrics
To manage your consents, we use the Usercentrics consent management tool provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany. Usercentrics helps us to obtain, manage and document consents for services requiring consent in a manner that complies with data protection regulations.
Data processed, legal basis and purpose
In particular, consent data such as the time of your decision, your choice to consent or decline, information about the device used and the banner version are processed. The processing is carried out to fulfil our legal obligation to provide evidence of consent granted in accordance with Article 6(1), first sentence, point (c) of the GDPR in conjunction with Article 7(1) of the GDPR. Technically necessary storage technologies are used to store the decision.
Retention period and recipients
According to Usercentrics, consent data is stored for one year. The recipient of the data is Usercentrics, acting as a data processor. Data processing takes place within the European Union.
7. Google Analytics
We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and similar technologies to analyse the use of our website and to generate reports on website activity.
Data processed, legal basis and purpose
In particular, this may involve the processing of pseudonymous identifiers, details of your browser and device, usage data, page views, scrolling, clicks, time spent on the site, referrer information and approximate location data. Processing takes place exclusively on the basis of your consent in accordance with Article 6(1), first sentence, point (a) of the GDPR and Section 25(1) of the TDDDG. We use Google Analytics to analyse the use of our website, improve our offering and evaluate marketing measures.
IP address processing, retention period and third-country transfers
According to the latest information from Google Analytics 4, individual IP addresses are not logged or stored. For visits from the EU, IP-based information is used for geolocation prior to logging and is subsequently discarded. The retention period for user- and event-related data is determined by the retention period configured in our Google Analytics account. A transfer to Google LLC in the USA cannot be ruled out.
8. External fonts and font services
Google Fonts and WebFont Loader
To display fonts, our website uses external font and font-loading services via the domains fonts.googleapis.com, fonts.gstatic.com and ajax.googleapis.com. In particular, when the fonts and the WebFont Loader are loaded, your IP address, browser and device information, referrer, as well as the time and content of the request are transmitted to Google’s servers.
Legal basis and purpose
This integration is based on Article 6(1), first sentence, point (f) of the GDPR. Our legitimate interest lies in ensuring a consistent, high-performance and visually controlled presentation of our website.
Recipients and retention period
The recipient is Google Ireland Limited or Google LLC. Data transfer to the USA cannot be ruled out. The retention period is governed by Google’s guidelines. Irrespective of this, for data protection reasons we generally recommend embedding fonts locally, provided this can be implemented from a technical and organisational perspective.
9. External JavaScript libraries and CDNs
GSAP, Plugins, jQuery and SplitType
External JavaScript libraries and CDN services are integrated to ensure the technical and design functionality of our website. In the project currently under review, this applies in particular to:
- GSAP and associated plugins via
cdn.jsdelivr.netandcdn.prod.website-files.com - jQuery via
d3e54v103j8qbb.cloudfront.net - the SplitType library via
unpkg.comon the homepage
When these libraries are accessed, technically necessary connection data such as IP address, browser information, referrer, date and time, and the requested resource are transmitted to the respective providers.
Legal basis and purpose
unpkg.com on the homepageWhen these libraries are accessed, technically necessary connection data such as IP address, browser information, referrer, date and time, and the requested resource are transmitted to the respective providers.
Legal basis and purpose
Unsplash
On certain subpages, particularly in the ‘Services’ section, images are loaded directly from images.unsplash.com. When you access this content, your IP address and other technically necessary connection data are transmitted to the relevant image service.
Legal basis and purpose
The integration is based on Article 6(1), first sentence, point (f) of the GDPR. Our legitimate interest lies in the high-quality visual presentation of our content.
Recipients and retention period
The recipient is the relevant image service provider. The retention period is determined by the provider’s specifications. A transfer to a third country cannot be ruled out.
11. Contact and document and form workflows via Monday
If you contact us by email, telephone, post, via ‘mailto’ links or via forms provided on our website or in linked processes, we will process the data you provide solely for the purpose of handling your enquiry and for further communication. This may include, in particular, your name, email address, telephone number, subject line, company details and the content of your message.
Legal basis and purpose
The legal basis is Article 6(1), first sentence, point (b) of the GDPR, provided that your enquiry relates to the conclusion or performance of a contract; otherwise, it is Article 6(1), first sentence, point (f) of the GDPR. Our legitimate interest lies in the proper processing of your enquiry.
Monday for contact, document and form channels
For individual contact forms and document and form workflows, we use Monday, a service provided by monday.com Ltd., Israel. When you use these forms or submit documents, the personal data you enter is processed in Monday’s systems. The provision of further data is voluntary; mandatory fields are marked as such.
Depending on the nature of your enquiry, processing is carried out on the basis of Article 6(1), first sentence, point (b) of the GDPR or Article 6(1), first sentence, point (f) of the GDPR. An adequacy decision has been issued by the European Commission for Israel pursuant to Article 45 of the GDPR.
Retention period and recipients
We will delete your data as soon as your enquiry has been fully processed and there are no statutory retention obligations or other legitimate reasons for further storage. Recipients may include internal IT and communications service providers, as well as Monday as the service provider used.
12. Support via Freshdesk
For support enquiries, particularly in connection with our partner portal or other service processes, we use Freshdesk, a service provided by Freshworks Inc., USA. When you open a support ticket or communicate with our support team, the data you enter and the content of your communications are transmitted to Freshdesk and processed there to deal with your enquiry.
Legal basis and purpose
Processing is carried out on the basis of Article 6(1), first sentence, point (b) of the GDPR, provided your enquiry relates to contractual services; otherwise, it is carried out on the basis of Article 6(1), first sentence, point (f) of the GDPR, based on our legitimate interest in structured and efficient support handling.
Recipients, retention period and third-country transfers
The recipient is Freshworks or Freshdesk, as the service provider used. The data is stored only for as long as is necessary to process and document the support case, or for as long as statutory retention obligations apply. Data transfers to the USA or other third countries cannot be ruled out.
13. ‘heynews’ newsletter via Mailchimp
We offer the option to subscribe to our ‘heynews’ newsletter via the partner portal, during the onboarding process and, where applicable, via other registration channels. For this purpose, we process, in particular, your email address and, where provided, your name.
Legal basis and purpose
Processing is carried out on the basis of your consent in accordance with Article 6(1), first sentence, point (a) of the GDPR. When you subscribe to the newsletter, we also store the time of registration and technical audit logs in order to document the consent given. This processing is carried out on the basis of Article 6(1), first sentence, point (c) of the GDPR in conjunction with Article 7(1) of the GDPR.
Newsletter distribution and performance measurement via Mailchimp
We use Mailchimp, a service provided by The Rocket Science Group LLC d/b/a Mailchimp, USA, which is part of the Intuit group of companies, to manage subscribers, send out the newsletter and, where applicable, measure its effectiveness. Where opens, clicks or other interactions with the newsletter are analysed, this is also carried out only to the extent permitted by law.
Withdrawal of consent, retention period and third-country transfers
You may withdraw your consent at any time with future effect, in particular via the unsubscribe link in the newsletter or via the contact channels mentioned above. Data transfers to the USA cannot be ruled out. According to Mailchimp, such transfers are safeguarded, amongst other things, by the EU-US Data Privacy Framework and supplementary data protection safeguards.
14. Social media presence and links
We maintain company pages on Instagram, LinkedIn and XING, and provide links to these profiles from our website. If you click on one of these links, you will leave our website and the privacy policy of the respective platform operator will apply.
- Instagram: Meta Platforms Ireland Limited, privacy policy available at https://privacycenter.instagram.com/policy/
- LinkedIn: LinkedIn Ireland Unlimited Company, privacy policy available at https://www.linkedin.com/legal/privacy-policy
- XING: New Work SE, privacy policy available at https://privacy.xing.com/de/datenschutzerklaerung
Legal basis and purpose
Where aggregated page insights or statistics are made available to us, or where you communicate with us via these platforms, processing is carried out on the basis of our legitimate interest in communication, public image and optimising our online presence, in accordance with Article 6(1), first sentence, point (f) of the GDPR.
Recipients and third countries
The recipient of the data is, in each case, the platform operator. When using these platforms, processing in third countries, in particular the USA, cannot be ruled out.
15. Links to other websites
Our website contains links to external websites. The operators of these linked sites are solely responsible for the processing of personal data on those sites. We have no influence over the data protection measures or content on those sites.
16. Security
We take appropriate technical and organisational measures to protect your data against loss, manipulation, unauthorised access and other unauthorised processing. Our security measures are continuously adapted in line with technological developments.
17. Your rights and your right to object
In accordance with the statutory requirements, you have the following rights in particular:
- Right of access under Article 15 of the GDPR
- Right to rectification under Article 16 of the GDPR
- Right to erasure under Article 17 of the GDPR
- Right to restriction of processing under Article 18 of the GDPR
- Right to data portability under Article 20 of the GDPR
- Right to withdraw consent with effect for the future
- Right to object to processing carried out on the basis of Article 6(1), first sentence, point (f) of the GDPR, in accordance with Article 21 of the GDPR
- Right to lodge a complaint with a data protection supervisory authority
Right to object
In accordance with Article 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to processing based on Article 6(1), first sentence, point (e) or (f) of the GDPR. If we process personal data for the purposes of direct marketing, you may object to such processing at any time with effect for the future.
To exercise your rights, simply send an informal notification to the contact details provided above.
18. Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for heyconnect GmbH is, in particular:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22
20459 Hamburg
Telephone: +49 (0)40 428 54-4040
Email: mailbox@datenschutz.hamburg.de
19. Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy should this become necessary due to technical, legal or organisational changes. The version published on this website shall apply at all times.
Last updated: March 2026