Data Protection Information
regarding our duty to provide information when collecting personal data pursuant to Art. 13 GDPR
1. Introduction
Pursuant to Article 13 GDPR, we hereby inform you about the processing of your personal data collected by us (hereinafter referred to as “personal data” or “data”) as well as your rights in this regard. Which data we process in detail depends on the services you request or agree with us.
2. Controller
The controller responsible for processing your data is Wedderhall LLC, 30 N Gould St Suite R, Sheridan, WY 82801, USA.
You can contact us by email at office@heronhel.com.
3. Data Protection Officer
We are not obliged to appoint a data protection officer and have not done so. For any data protection concerns, please contact the controller named above.
4. Principles in the Collection of Data
4.1 Data Collection
Providing your data is generally voluntary. However, for certain processing, your data is required, as we otherwise cannot process our or your requests, e.g. we cannot enter into a contractual relationship.
If the provision of data is mandatory (e.g. for contract or order processing or to provide certain functions of a website or shop), there is consequently no right to object.
Where possible, for example in contact or contract forms, we use optional and mandatory fields. Mandatory fields are marked as such. Data from mandatory fields include information we necessarily need to process your request.
4.2 No Profiling
Profiling (Art. 4 (4) GDPR) describes a type of automated data processing aimed at evaluating, analyzing, or predicting certain personal aspects such as work performance, economic situation, health, or personal preferences. We do not use automated decision-making or profiling.
5. Processing Activities
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The legal bases depend on the specific purpose of the processing. The following general rules always apply additionally to the specific provisions stated for each processing activity:
-
We only pass on your data within our company to departments and individuals who need it to fulfill contractual and legal obligations or to pursue our legitimate interests.
-
We only disclose data outside our company if we are legally or by court decision obliged to do so. Any further disclosure only occurs with your consent or due to our legitimate interests, especially within the framework of commissioned processing by our service providers.
-
We delete data as soon as they are no longer required for the purpose. Storage beyond the stated periods can occur if we are entitled or obliged to do so by contract, law, or court decision.
-
We delete your data if they are no longer required for the purpose, if you withdraw consent, or if other legal permissions cease to exist. If data are still needed to assert, exercise, or defend legal claims, we will delete them as soon as this is no longer the case. If we store data due to statutory retention periods, we will delete the data after these periods expire. We generally check retention periods at the end of each year.
5.1 Processing: Website Use
5.1.1 Content of Processing
Our website is based on the WordPress system, which uses your local storage to deliver the website and stores files such as cookies, images, and texts that are necessary for the technically proper operation of the website. These are technically required contents according to §25 (2) sentence 2 TTDSG.
Apart from explicit communication with you at your request, no data is processed or stored for the purpose of identifying individuals. Data is not evaluated to create personal usage profiles. Your visit to this website is statistically evaluated, but only in aggregated and anonymized form.
To protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, our website uses SSL/TLS encryption. This ensures that the data you transmit to us cannot be read by third parties.
5.1.2 Categories of Data Subjects
All visitors to our website(s)
5.1.3 Categories of Personal Data Processed
Telemetry and statistical data: IP address, browser type/version, operating system, date, time and time zone, language, domain and path of the visited website, consents, UID, location information, user agent, screen resolution, referrer URL, information on downloaded files, clicked links, search terms from used search engines.
5.1.4 Recipients of Data
The processor commissioned for website hosting pursuant to Art. 28 (1) GDPR.
5.1.5 Legal Basis and Purpose
The legal basis is Art. 6 (1) (f) GDPR, our legitimate interest in the technically and visually proper delivery of our website and in anonymous statistical evaluation. We store data on your device pursuant to §25 (2) sentence 2 TTDSG. These data are not used for any other purposes.
5.1.6 Storage Period
The storage period of telemetry data, cookies, and locally stored data is usually one year or until you request deletion or delete the data in your browser.
5.2 Processing: Forms
5.2.1 Content of Processing
We offer you several forms (newsletter sign-up, seminar registration, contact form, etc.) for additional services such as training registrations and downloadable documents.
5.2.2 Categories of Data Subjects
Website visitors, interested parties, suppliers, customers, employees
5.2.3 Categories of Personal Data Processed
Contact information: name, postal address, phone, fax, email, and possibly problem descriptions or other messages.
5.2.4 Recipients of Data
Internal only
5.2.5 Legal Basis and Purpose
Your consent pursuant to Art. 6 (1) (a) GDPR. This can be revoked at any time with effect for the future.
5.2.6 Storage Period
Until the purpose is fulfilled or you request deletion.
5.3 Processing: Contractual Relationship
5.3.1 Content of Processing
We process data in connection with the establishment or performance of contracts. This mainly concerns registration and implementation of training and sessions, the purchase of products, or newsletter subscriptions. The personal data collected relate to information about you or persons in your company (name, address, contact details, etc.) and possibly further data you provide to us when concluding the contract. These data are used exclusively to carry out the mentioned measures.
5.3.2 Categories of Data Subjects
Website visitors, interested parties, suppliers, customers
5.3.3 Categories of Personal Data Processed
Contact information: name, address, phone, email, purchase or training details, possibly problem description or request.
5.3.4 Recipients of Data
Internal only
5.3.5 Legal Basis and Purpose
Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (a) GDPR (your consent). Consent can be revoked at any time with effect for the future.
5.3.6 Storage Period
Until the purpose is fulfilled or you request deletion.
5.4 Use of Third-Party Providers
5.4.1 Processing: Use of Vimeo
Content: For playing videos on our website, we use the service Vimeo from Vimeo LLC, NY, USA. Information about processing at Vimeo can be found here: https://vimeo.com/privacy
Data subjects: All website visitors
Data categories: Telemetry and statistical data: IP address, browser type/version, operating system, date, time and time zone, cookie version and cookie duration, language, domain and path of the visited website, consents, UID, location information, user agent, screen resolution, referrer URL, information about downloaded files, clicked links, search terms from used search engines.
Recipients: Vimeo LLC, NY, USA – Privacy Policy: https://vimeo.com/privacy
Legal basis: Art. 6 (1) (f) GDPR, our legitimate interest in a simple, functionally appropriate display of videos.
Storage period: See Vimeo’s privacy policy.
6. Links to Social Media Channels
We have links on our website to our profiles on social media channels and link to their privacy policies. Use of these services is voluntary. Data collected there are not used by us and we cannot influence how they are processed.
7. Data Transfers to Third Countries or International Organisations
We strive to carry out all processing in the European Union (EU) or in states with an adequacy decision by the European Commission (Art. 45 GDPR). However, data may be transferred to service providers in third countries, for example when engaging external service providers.
We will only process data in a third country if the special requirements of Art. 44 et seq. GDPR are met, i.e. these providers are bound to the same data protection level as we are. Data will then be processed based on appropriate safeguards (Art. 46 GDPR), binding internal data protection rules (Art. 47 GDPR), specific guarantees, or your consent (Art. 49 (1) (a) GDPR).
Currently, none of our processing requires a transfer to a country outside the EEA.
8. Technical and Organisational Measures (TOMs)
We have implemented technical and organisational measures (TOMs) to ensure the security of processing your data, in particular:
-
SSL/TLS encryption – this ensures data we transmit cannot be read by third parties
-
Hosting and processors exclusively within the EU
9. Rights of Data Subjects and Right to Lodge a Complaint
As a data subject, you have the following rights under Articles 7 and 15–22 GDPR:
-
Art. 7: Right to withdraw consent (effective only for the future)
-
Art. 15: Right of access
-
Art. 16: Right to rectification
-
Art. 17: Right to erasure (with exceptions, e.g. retention obligations)
-
Art. 18: Right to restriction of processing
-
Art. 19: Right to be informed about rectification, deletion, or restriction
-
Art. 20: Right to data portability
-
Art. 21: Right to object (for legitimate/public interest processing)
-
Art. 77: Right to lodge a complaint with a supervisory authority
For our company, the competent authority is:
Comissão Nacional de Proteção de Dados (CNPD)
Av. D. Carlos I, 134 – 1.º, P – 1200-651 Lisboa
Phone: +351 21 392 8400
Email: geral@cnpd.pt
https://www.cnpd.pt/
Status: July 2025