Hero21 Security and Privacy Policy

Version from 2019-07-02. The latest version of our Security and Privacy Policy is available on www.hero21.app.

Protecting Your Personal Information Is Paramount to Us

We know how important the appropriate use of your personal information is to you. This is why we take the protection of our customers’ personal information very seriously. We store the details you provide when completing one of our online customer forms on one of our service partners (see below). We only use the information to process your request and to enhance our products. We shall keep your personal information strictly confidential, and we will not pass on personal information to any third party.

Personal Information

Personal information is any information that renders an individual identifiable. It includes among other things your name, your address, and your email address. You may browse our webpage without providing any personal or otherwise sensitive information. However, in some cases, we may ask you to provide your name, your address and other related details to ensure a timely and smooth delivery of the services requested by you.
This also applies if we send you any information explicitly requested by you, or if we reply to any enquiries made by you. We will, however, notify you accordingly. Moreover, we only store data provided by you voluntarily, or being automatically generated when using our webpage.
Whenever you use one of our services, we only collect the data necessary to deliver the service. We may ask you for further details which you may or may not provide. Also, we shall only process your personal information to deliver our services, or meet our business objectives.

Automated Collection of Non-personal Data


A cookie is a little text file created on your computer when browsing our webpage. Cookies are not software. They cannot be programmed, don’t contain malware and cannot be used to obtain any other personal data. In compliance with § 6(1) GDPR, we use cookies solely to collect your IP address in order to recognise you instantly when you are visiting our website again, to improve the user-friendliness of our site.
If you do not agree with Hero21 using cookies you can usually modify your browser setting to decline cookies. If you wish to do so, go to the Extras menu of your browser and select “Settings” or “Internet Options” and follow the instructions. However, declining cookies means that certain functional aspects of our webpage may no longer be available to you.

Google Tag Manager

We use Google Tag Manager (GTM) for tracking and analytics. GTM does not collect any personal information. It is a tool that automatically updates the code snippets of tags that, in turn, may collect sensitive information. GTM does not use these data. However, even if you decline cookies or deactivate URL-based session tracking, tags managed via GTM will still be enabled. For more details, see https://www.google.com/analytics/tag-manager/use-policy/.

Google AdWords Conversion Tracking

This site uses ad conversion tracking services provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google uses cookies created on your computer to analyse your browsing behaviour. Conversion tracking cookies are created as a result of you clicking on one of the adverts served by Google and remain active for a time period of thirty (30) days. Cookies used for conversion tracking do not collect any personal information. If you do not agree with your browsing activities being tracked by Google, you can change your browser settings in order to block all cookies from googleadservices.com.

If you would like to find out more about how conversion tracking works, and your options when it comes to preventing Google from using cookie-based information, check out https://www.google.com/settings/u/0/ads/authenticated.

Google Remarketing

We use a remarketing tool provided by provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The tool helps personalising adverts based on individual visitor preference within the Google Display Network. We use this automated service to show you products you may be interested in, with the ads chosen on the basis of your clicking behaviour when browsing our website during your most recent visit.  The service uses cookies created on your computer that help recognise you when you re-visit websites that are members of the Google Display Network. A cookie is a little text file created on your computer when browsing our webpage. Google collects your URL request, your IP address, browser type and language  as well as time and date of the visit. This information is used to identify the browser on a computer which, in turn, enables Google Display Network to pick and show ads based on content viewed on websites that also employ the remarketing tool during your previous browser session.

If you have previously agreed to your browser history and your Google account being synchronised (https://www.google.com/settings/u/0/ads/authenticated), and to your Google account details being used to show you personalised ads, Google’s remarketing tool will be enabled across a range of devices. This means that Google uses your Google ID to recognise you on different mobile devices, but does not collect any personal information in the process.

If you object to Google using cookies collecting data related to your use of our website, please adjust your browser settings accordingly. However, this may prevent our site from functioning properly. For more details  about how Google uses cookies, please refer to Google’s Privacy Policy

Google Analytics (Depersonalised)

We use Google Analytics (GA), a web stats service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies, i.e. little text files created on your computer that monitor your browsing behaviour on our website. The cookies collect visitor data including the date and time of your visit, where you are based, the number of times you visited our site, and your IP address, transferring the information to the Google™ mainframe based in the US. However, our site uses Google Analytics with visitor IP address anonymization (i.e. implementing the “_gat._anonymizeIp” function) in compliance with EU regulations. This means that IP addresses located in all member states of the EU will be truncated and, thus, anonymized before being transferred to the Google mainframe. Google uses the collected data to produce web analysis reports for us, and to provide additional services related to the use of websites and browsers. Google does not pass on this information to any third party unless required by law, or for data to be processed by parties contracted by Google. Also, Google stresses that, as a rule, IP addresses will not be correlated in any way to any other data that may be collected by Google. If you object to Google collecting data related to your use of our website, please adjust your browser settings accordingly. However, this may prevent our site from functioning properly.
Moreover, Google offers an Opt-out Add-on for all major browsers that allows you to limit the kind of information Google can collect when you visit a website. Basically, this add-on tells Google Analytics JavaScript (ga.js) not to transfer any visitor data to Google Analytics. However, the add-on does not prevent user data being forwarded to us, or to web stat services other than Google that we may choose to use on our site. More details about the add-on, and how to install it, are available at https://tools.google.com/dlpage/gaoptout.

If you are viewing our site on a mobile device such as a smartphone or a tablet, and if you want to prevent your browsing behaviour from being tracked by Google Analytics you need to use this link. The link also constitutes a working alternative to the above mentioned browser add-on. Clicking the link creates an opt-out cookie that specifically applies to the URL and the browser you use. Deleting the browser history also results in the cookie being deleted, means you need to click the link again to opt out of GA tracking.
If you have agreed to Google synchronising your web and app browser history with your Google account, and  using personal data from your Google account to serve personalised ads, Google will link these data to information collected by Google Analytics in order to set up target groups for cross-device remarketing purposes.  If you visit our website, Google will collect your Google ID and hence your personal information via our Google account, followed by Google Analytics temporarily correlating your Google ID to your Google Analytics data to help us refine our target groups.
If you object to your personal information being used for cross-device marketing, log in to your Google account and change your account settings accordingly.

Facebook Custom Audience Pixel

We use Custom Audience Pixel, a service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, that enables us to show personalised ads to Facebook users that were previously browsing our website. In order to do so, we have added Facebook’s  Pixel code snippet to the source code of our webpage which establishes a link to Facebook’s servers, telling Facebook that you have visited our webpage. Facebook adds this information to your FB account. For more details about how Facebook collects and uses your personal data, and what you can do to protect your sensitive information, please refer to Facebook’s privacy policy available at https://www.facebook.com/about/privacy/.

Hotjar Webanalytics

This Website uses Hotjar, a tool for Web Analytics developed by Hotjar Ltd. Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. It enables measuring and analyzing of user behavior (clicks, mouse movement, scroll depth, etc.) for this website. The information about your visit, collected through tracking code and cookie, get send to Hotjar servers in Ireland and saved there. The tracking code collects information such as: IP address of your device (gathered and saved in an anonymized format), your Email address including your sur and lastname, if you entered it into our website, your geographical location (only country) and log data like the referring domain, visited pages, etc. Hotjar uses this information to analyze the usage of our Website, creation of usage reports and other services related to website usage and Web Analytics of this site.

You can find the data policy of Hotjar here: https://www.hotjar.com/privacy

You can permit Hotjar from collecting data by clicking the following link and following the given instructions: Hotjar Opt-out


When you subscribe to our newsletter or sign up for beta access, we  store your email address together with the subscription date. We use this information to make sure no third party has been subscribing using your email address without your knowledge or consent. If you no longer want to receive our newsletter, you may unsubscribe at any time.
We use MailChimp, a marketing platform owned and operated by Rocket Science Group LLC, 675 Ponce De Leon Ave NE#5000m Atlanta, Georgia 30308, USA, to disseminate our newsletter. If you sign up for our newsletter, your email address and the above mentioned data will be stored on MailChimp’s US-base servers. MailChimp shall only use your information for the purpose of sending out the newsletters on our behalf. Moreover, MailChimp may use the collected data to improve their services, or for internal operational procedures,  e.g. to determine the newsletter recipients’ countries of residence. MailChimp will not use your personal data to contact you, or share your information with any third parties. MailChimp complies with the EU-US Privacy Shield framework, adhering to EU data privacy and protection rules. Read MailChimp’s Privacy Policy here.
Our newsletter code contains a web beacon, means a tiny file that is accessed by the MailChimp servers to create a server log containing information relating to the type and version of browser you use, your IP address, and date and time of the request. MailChimp uses this information to improve their services with regard to service features, target audience, and recipient preferences based only location (detected by the recipient’s IP address). MailChimp also collects data on whether the newsletters are read, when they’ve been read, and which of the embedded links were clicked in the process.  These data may be correlated to individual newsletter subscribers for technical reasons. However, neither we nor MailChimp will track individual newsletter readers over time. We collect the information for the sole purpose of identifying the reading preferences of our subscribers in order to serve more personalised content and enhance our products.


The forms we use on our webpage are created with the service Typeform.com. The information you enter in these form such as email address, name, interest, phone number is used only for enhancing our product.
We use Typeform, a form creation platform owned and operated by TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 – Barcelona (Spain) within all forms on our webpage. If you sign up for beta access, your email address and the above mentioned data will be stored on Typeform’s servers. TypeForm shall only use your information for the purpose of storing and analysing data on our behalf. Moreover, TypeForm may use the collected data to improve their services, or for internal operational procedures,  e.g. to determine the newsletter recipients’ countries of residence. TypeForm will not use your personal data to contact you, or share your information with any third parties. Read Typeform’s Privacy Policy here.

Data Protection

We have taken suitable physical and electronic, organizational and technical measures to prevent unauthorized access or disclosure, damage or loss of your personal information. Both, our members of staff and our suppliers are providing services in full compliance with the current data protection laws. We encrypt all personal information we collect and process prior to the transfer, thereby ensuring that no third party can access your data. Moreover, we are continually improving our safety measures aimed at protection your details, regularly updating our Privacy Policy in the process. Please make sure you are always referring to the latest version.

Privacy and Security Policy

Your Rights

You have the right to be notified if your personal data are collected, to request the personal data we hold about you to be disclosed to you, to request your personal data to be amended, deleted or their use by us to be limited, to data portability and the right to make a complaint to the respective data protection authority of your country. Your principal rights under data protection law are

Right to Access

You may request to be informed as to whether we collect your personal information, and if we do, how we use your data.

Right to Rectification

If we process personal data that are incomplete or incorrect, you may request the respective information to be supplemented/amended at any time.

Right to Erasure

You may request personal information we hold on you to be deleted if our use of your data is against the law, or constitutes an infringement of your interest deemed unacceptable. We will delete your personal information immediately unless required otherwise by law.

Right to Restrict Processing

You may request limited processing of your personal information if:

  • you contest the accuracy of the data we hold on you. In this case, we limit the use to an absolute minimum until we have ascertained whether your personal detail is correct;
  • our use of your data does not conform with the law, however, you do not want your data to be deleted but requesting limited use instead;
  • we do no longer require your data for the purpose they were collected for but you still need the information to exercise your rights or make a complaint;
  • you objected to your personal information being processed by our company.
Right to Portability

You have the right to receive your personal data from us in a structured, commonly used and machine-readable format that enables you to transfer the information to another party without the necessity of our involvement if:

  • the data processed with your consent or for the purpose of fulfilling a contractual agreement entered into by you and us, and
  • such processing is carried out by automated means.

You may request your personal data being transferred directly from us to a party of your choice subject to the technical requirements being in place.

Right to Withdraw Consent

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. If you withdraw your consent we will stop collecting and using your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise or defense of legal claims. However, you withdraw your consent to us processing your personal information for marketing purposes without giving a reason.

Right to Complain to Supervisory Authority

If you believe our processing of your personal information infringes German or EU data protection laws, please get in touch immediately. It goes without saying that you may also contact the respective supervisory data protection authority in your country. If you would lodge a complaint please call or email our data protection officer. N.B. We are entitled to ask for proof of identity.

Policy Amendments

We reserve the right to amend this policy at any time, particularly if new information technology should require us to do so. Please make sure you always refer to our latest policy version. All significant changes to our Privacy Policy will be announced on our webpage.

Enquiries and Notifications

If you have any questions about the protection of your personal information at Hero21, please contact
mHero21 e.U
Owner: Christian Elbe
Kastellfeldgasse 10
8010 Graz