Privacy Policy for EWM GmbH Websites

This Privacy Policy satisfies applicable statutory information obligations for

EWM GmbH
Dr. Günter-Henle-Straße
856271 Mündersbach
Telephone: +49 26 80 / 1 81 - 0
Fax: +49 26 80 / 1 81 - 244
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

(hereinafter also referred to as “EWM”) pursuant to Art. 13 of the General Data Protection Regulation (GDPR) with regard to the processing of personal data on our common home pages (https://www.ewm-group.com, https://products.ewm-group.com, https://www.ewm-sales.com, hereinafter also referred to collectively as “website”). We provide information below about what personal data of yours we process and in what form. Please feel free to contact us should you have any questions. Our contact details can be found above and at the end of this document.

 

Personal data

Personal data comprises all information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes information such as your name, address, telephone number, email address, bank details or date of birth.

 

Processing personal data

Processing personal data means any operation or series of operations carried out with or without the aid of automated procedures relating to personal data. Without limitation, data processing means the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

We process personal data in accordance with the requirements and conditions described below using automated processing means based on the applicable legal bases for authorisation.

We do not use automated individual decision-making, including profiling, in accordance with Art. 22 GDPR.

 

Collection of personal data when you visit our website

When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect personal data that your browser transmits to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website to you and to guarantee stability and security:

– IP address

– Date and time of the request

– Time zone difference to Greenwich Mean Time (GMT)

– Contents of the request (specific page)

– Access status/HTTP status code

– The amount of data transferred in each case

– Website from which the request came (referrer, if applicable)

– Operating system and interface, screen resolution and colour depth

– Type, language and version of the browser software

The legal basis is Art. 6 (1) (1) (f) GDPR (“legitimate interest”).

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. You will generally have to provide additional personal data for such purposes that we will then use to provide the relevant service. We explain this to you in this document.

 

Use of cookies

In addition to the data referred to above, cookies are stored on your computer when you use our website, provided that you have given us your consent to do so.

Cookies are small text files that are saved on the hard drive of your computer according to the web browser you use and send certain information to the party who placed the cookie. Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make our website more user-friendly and functional.

Art. 49 (1) a GDPR (“Consent after previous disclosure of risks”). Only in the case of technically necessary cookies is the legal basis Art. 6 (1) (1) (f) GDPR (“legitimate interest”).

You can decide whether to give us consent for all cookies, only for certain types of cookies (e.g. necessity, preferences, statistics, marketing) or no consent at all.

This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result. However, please note that if you do not give your consent, or withdraw your consent, you may not be able to use all of the functions of our website.

The following sections provide you with additional information on the use of cookies, provided that cookies are in use.

Detailed information can also be found in our cookie policy, which you can find by clicking on the following link.

https://www.ewm-group.com/de/datenschutzerklaerung/cookie-richtlinien.html

 

Information about Matomo Cloud

To further optimise and analyse our website, we use the service “Matomo” provided by InnoCraft Ltd. (150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769). Matomo also uses “cookies” – text files that are stored on your device. The information collected by the cookies are usually sent to a Matomo server in Germany where they are stored. This means that technically no third-country transfer takes place. Where data is transferred to an InnoCraft headquarters outside the EEA, this is protected by an EU adequacy decision for New Zealand.

We have configured Matomo in such a way that IP addresses are processed in truncated form only. This is to restrict any direct references to individuals. The end of your IP address is replaced by zeros directly after collection through IP anonymisation.

Under the agreement on commissioned data processing, which we as a website operator have entered into with Matomo, the latter party creates an evaluation of website usage and activity using the information collected and provides services related to Internet usage.

The data collected by Matomo in our order is used to evaluate the use of our website by individual users, e.g. so that reports on website activity can be compiled in order to improve our online offering. The legal basis for this data processing is your consent according to Art.6 (1) (1) a GDPR.

You can revoke your consent at any time with future effect by calling up the cookie settings and changing your selection there. This will not affect the lawfulness of any processing carried out with consent prior to its withdrawal.

You can also prevent the storage of cookies at the outset by making appropriate settings in your browser software. If you configure your browser in such a way that all cookies are rejected, however, you might not be able to use all the functions on this or other websites.

For more information on data usage by Matomo Cloud, please visit: https://matomo.org/matomo-cloud-privacy-policy/

 

Use of Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies, which are text files placed on your computer that permit an analysis to be made of how you use the website.

Cookies are only set if you give us your consent to do so. Art. 49 (1) a GDPR (“Consent after previous disclosure of risks”).

This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is enabled on this website, your IP address will first be abbreviated by Google within the member states of the European Union and in countries which are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will your complete IP address be transferred to a Google server in the United States and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities and to provide additional services to the website operator related to the use of the website and the Internet.

The IP address transferred by your browser in connection with Google Analytics will not be associated with other data held by Google.

This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are further processed in a shortened form, thus preventing the identification of specific individuals. If the data collected about you is personally identifiable, it will be blocked immediately, and the personal data will be deleted at once.

We use Google Analytics to analyse and regularly improve the use of our website. The statistics gathered in this fashion make it possible to improve our website and make it more attractive for you as a user. Cases in which personal data are transferred to the USA are considered data transfers to a third country without adequate guarantees of data protection according to Art. 49 GDPR.

Information about the third-party service provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy: http://www.google.de/intl/de/policies/privacy.

 

Use of SalesViewer® technology:

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally.

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

 

Searchmetrics

This website uses the web analysis tools of Searchmetrics GmbH, Greifswalder Straße 212, 10405 Berlin, Germany.

The analysis tool helps us to optimise our website and to make us easier to find in search engines (search engine optimisation). Your personal data is not processed.

More information on the topic of data protection is available at: https://www.searchmetrics.com/de/datenschutz/.

 

Establishing contact

We will process any data you provide to us when you contact us by email or via our contact form. The only mandatory information is your name and email address. This information is necessary so that we can respond to your enquiry appropriately. You can provide other personal data on a voluntary basis if you wish (for example, we require you to share your telephone number if you ask us to call you back; we require you to share your address if you want us to send information materials by post to you). We will store your personal data in order to answer your questions and satisfy your requests. We erase data collected in this context after retention is no longer necessary, or limit processing if statutory retention obligations apply.

The legal basis with regard to establishing contact is Art. 6 (1) (1) (f) GDPR (“legitimate interest”); you can give your consent in accordance with Art. 6 (1) (1) (a) GDPR for the use of our contact form.

This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

 

Google Tag Manager

This website uses Google Tag Manager from Google. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, to understand the effect of online advertising and social channels, to set up remarketing and orientation towards target groups, and to test and optimise websites. Companies can use Google Tag Manager to manage website tags via an interface. Google Tag Manager does not process any personal data itself. Google Tag Manager triggers other tags, which for their part collect data under certain circumstances. Google Tag Manager does not access this data. If disabled by the user, this deactivation will remain in effect for all tracking tags implemented with Google Tag Manager.

More information on Google Tag Manager is available at: https://www.google.com/intl/de/tagmanager/use-policy.html.

Cookies are only set if you give us your consent to do so. Art. 49 (1) a GDPR (“Consent after previous disclosure of risks”). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

 

Integration of YouTube videos

We have integrated YouTube videos into our website. These videos are stored at http://www.YouTube.com and can be played directly from our website. These videos are integrated in “extended privacy mode”, i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. The data specified in the “Collecting personal data when visiting our website” section will only be transmitted when you play the videos. We have no influence on this data transmission.

Cookies are only set if you give us your consent to do so. Art. 49 (1) a GDPR (“Consent after previous disclosure of risks”). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

When you visit this website, YouTube is notified that you have accessed the corresponding subpage on our website. This happens regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want this information to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for the purposes of advertising, market research and/or tailoring its website to your needs. Such an evaluation takes place in particular (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of such user profiles. To exercise this right, you have to contact YouTube.

For more information on the purpose and scope of data collection and its processing by YouTube, please refer to their privacy policy. You will find further information on your rights and options for protecting your privacy at: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA. This country does not provide adequate guarantees of data protection according to Art. 49 GDPR.

The legal basis is Art. 6 (1) (1) (f) GDPR (“legitimate interest”). Cookies are only set with your consent. Art. 49 (1) a GDPR (“Consent after previous disclosure of risks”).

 

Use of social media plug-ins

We currently use the following social media plug-ins: Facebook, Twitter, LinkedIn, Instagram, Xing, YouTube. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users, so that we can improve our website and make it more interesting for you as a user.

The provider of the plug-in can be identified by its initial letter or logo on the icon. We enable you to communicate directly with the provider of the plug-in via the button. The data specified in the “Collecting personal data when visiting our website” section is transmitted. In the case of Facebook and Xing, the IP address is anonymised immediately after collection, according to information provided by the respective providers. Otherwise, personal data concerning you is transmitted by the other providers to the respective plug-in provider where it is saved (in the USA in the case of American providers).

We have no influence on collected data or data processing procedures; similarly, we do not know exactly what volume of data is collected, the purposes of the processing or for how long the data is stored. Likewise, we do not have any information about the deletion of collected data by the plug-in provider.

The plug-in provider stores the data collected about you as usage profiles and uses it for the purposes of advertising, market research and/or tailoring its website to your needs. Such an evaluation takes place in particular (even for users who are not logged in) for the purposes of presenting customised advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of such user profiles. To exercise this right, you have to contact the respective plug-in provider.

Data will be shared irrespective of whether you have an account with the plug-in provider and are logged in to it. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click on the activated button and, for example, link the page, the plug-in provider will also store this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as you can thereby avoid being assigned to your profile with the plug-in provider.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the privacy policies of these providers as listed below. Here you will also receive further information on your rights in this regard and options for protecting your privacy.

The legal basis for using the plug-ins is Art. 6 (1) (1) (f) GDPR (“legitimate interest”).

Addresses of the respective plug-in providers and URLs with their privacy policies:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.

Instagram: The operator is Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; http://www.xing.com/privacy.

YouTube: The operator is Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de.

 

Integration of Google Maps

We use the functions of Google Maps, a service provided by Google, on https://www.ewm-group.com. This allows us to display interactive maps directly on our website and enables you to conveniently use the map function.

Cookies are only set if you give us your consent to do so. Art. 49 (1) a GDPR (“Consent after previous disclosure of risks”). This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

When you visit our website, Google is notified that you have accessed the corresponding subpage of our website. In addition, the data referred to in the “Collecting personal data when visiting our website” section will be transmitted. This happens regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want this information to be associated with your Google profile, you must log out before activation. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or tailoring its website to your needs. Such an evaluation takes place in particular (even for users who are not logged in) for the purposes of providing customised advertising and to inform other social network users about your activities on our website. You have the right to object to the creation of such user profiles. To exercise this right, you have to contact Google.

For more information on the purpose and scope of data collection and its processing, please refer to the provider’s privacy policy. You will find further information on your corresponding rights and options for protecting your privacy at: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA. Cases in which personal data are transferred to the USA are considered data transfers to a third country without adequate guarantees of data protection according to Art. 49 GDPR.

Registration for the restricted area of our website

It is not possible for visitors to register for the restricted area of our website, https://www.ewm-group.com, themselves. Access details for the restricted area are created by EWM and sent to the registered business partner. Registration and activation are carried out as part of a contractual business relationship.

We can also process the data specified by you to send you emails with technical information relating to your account.

Where required, personal data, such as name, address, contact and communication details in particular, will be collected and processed when you register for the use of our personalised services. Once you are registered with us, you can access our contents and services which are only available to registered users. If needed, you can also change or erase the data specified during the registration process at any time.

The legal basis for this is Art. 6 (1) (1) (b) GDPR (“necessary for the performance of a contract”).

 

Webshop

We operate a webshop on our site https://www.ewm-sales.com. If you wish to place an order in our webshop, in order to conclude the contract, you will need to specify your personal data that we require to process your order. Required information for the execution of contracts is marked separately; further information is voluntary.

We collect and process the following data in particular in order to process your order: company, title, first name, last name, address, country, department, communication data, industry, VAT ID no.

This data is processed as part of the order and payment process for the following purposes in particular: to identify you as a registered customer and manage your customer data, to carry out the order process and execute the contract, to establish contact in order to clarify any queries or to provide other information about your order, for invoicing, for questions concerning guarantees, warranties and liability, and to assert claims towards you.

Further address details will be collected and processed if a delivery address that differs from the billing address is specified.

In order to fulfil the contract, we share your data with transportation/shipping companies if this is required for the delivery of ordered goods or products. Only data required for the dispatch and delivery of the goods or products will be shared.

In addition, we can also share your payment details with our bank.

The purchase price can be paid in advance or via PayPal. Depending on the payment method you select in the order process, we share the payment data collected for payment processing with the payment service provider via which payment is made. The selected payment service provider PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg/link to PayPal privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full) will also process some of this data itself assuming you create or have created an account there. In this case, you must log in to the payment service provider with your login details during the order process. The data stored by you with the payment service provider is not processed by us. We do not receive any further account-related information from PayPal either, just information confirming payment or negative information. The privacy policy of the payment service provider applies.

You can choose to create a customer account with us at https://www.ewm-sales.com through which we can save your data for future purchases. When you create an account under “My Account”, the data you specify will be revocably stored. You can change or delete all other data, including your user account, in the customer area at any time.

We can also process the data specified by you to send you emails with technical information relating to your account.

We are obliged by commercial and tax laws to store certain information, in particular your address, payment and order data, for a period of ten years.

To prevent unauthorised access to your personal data, especially financial data, the order process is encrypted using TLS technology.

The legal basis for this is Art. 6 (1) (1) (b) GDPR (“necessary for the performance of a contract”).

 

Newsletter

You can subscribe to our newsletter by giving your consent on our sites https://www.ewm-group.com and https://products.ewm-group.com. This newsletter informs you about our latest interesting offers. The goods and services purchased are indicated in the declaration of consent.

We use the double opt-in method for the subscription to our newsletter. This means that, once you subscribe, we will send you an email to the email address provided, in which we ask you to confirm that you wish to receive the newsletter. Furthermore, we also save the IP address you used and the time of your subscription and confirmation. The purpose of this method is to prove your subscription and, if applicable, to be able to clarify any misuse of your personal data. Your email address (and the desired information) is the sole mandatory piece of information required for sending the newsletter. The submission of additional, separately marked data is voluntary and is used for the purpose of personal contact. After receiving your confirmation, we will save your email address for the purpose of sending the newsletter.

The legal basis is Art. 6 (1) (1) (a) GDPR (“consent”).

This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above and unsubscribe from the newsletter without fearing any disadvantage as a result.

We send our newsletter using the following provider: Inxmail GmbH, Wentzingerstraße 17, 79106 Freiburg, Germany, www.inxmail.de. The email addresses of our recipients are stored on our behalf on the servers of Inxmail in Germany. Inxmail uses this information for distribution and evaluation purposes on our behalf. To this end, we have concluded a commissioned data processing contract with Inxmail pursuant to Art. 28 GDPR. Inxmail is required to follow our instructions and is monitored regularly. All of the conditions set out in Art. 28 GDPR are observed.

Events

At https://www.ewm-group.com, we offer events for customers and interested parties on current topics to do with our products and services.

You can make a binding registration for these events via our homepage by mail or email. We process the following mandatory data in this regard: company, attendee name and email address. Without limitation, this serves to enable us to associate your registration to a specific person and to send you relevant information on the date and content of the event as well as a certificate of participation if desired. We also need your address in order to send you an invoice if the event is subject to a fee.

If you do not provide us with the mandatory information referred to above, we cannot grant you access to our events as this information is required for the performance of the contract. In addition, you can provide your telephone number on a voluntary basis should there be any questions.

The legal basis is Art. 6 (1) (1) (b) GDPR (“necessary for the performance of a contract”).

 

Job applications

If you apply for a job with us at https://www.ewm-group.com, we will process data you provide in order to determine whether we would like to establish and maintain an employment relationship with you.

During the application process, customary correspondence data such as postal address, email address and telephone numbers will be stored in addition to title, last name and first name. In addition, application documents such as a cover letter, curriculum vitae, vocational, educational and other training qualifications as well as job references will also be stored.

As a rule, application data sent to us will only be processed until such time as a hiring decision has been made provided that you are not hired. Data will be deleted four months after sending the rejection or after returning the application documents to the applicant.

We will retain your data in an applicant pool only with your express consent. The maximum retention period is two years. This consent is voluntary. You can refuse to provide consent without indicating the grounds and without fearing any disadvantage as a result. You can also withdraw this consent at any time with future effect by sending notice in text form (e.g. letter, email) to the contact details provided above without fearing any disadvantage as a result.

If we enter into an employment relationship with you, the data that you provided to us will be processed in order to establish, maintain and, if necessary, terminate the employment relationship.

Data can be processed for statistical purposes (e.g. reporting). In such cases, it is not possible to identify specific persons.

The legal basis is Section 26 of the German Federal Data Protection Act (“BDSG”) (Sect. 26 (8) (2) BDSG).

 

Length of processing

The maximum length of storage depends on the specific purpose of data processing. The length of storage depends in particular on how long the data needs to be stored to fulfil the purpose in question. Furthermore, the data is processed to comply with legal obligations (e.g. retention obligations under commercial and tax laws in accordance with Sect. 257 of the German Commercial Code (HGB), Sect. 147 of the German Fiscal Code (AO) for up to ten years).

 

Data recipients

We transmit your data to departments within EWM to the extent necessary.

Your personal data may be transmitted to companies within the EWM Group (click on the following link for an overview: https://www.ewm-group.com/de/kontakt/standorte.html) if this is necessary for handling the contractual relationship. The legal basis is Art. 6 (1) (1) (b) GDPR (“necessary for the performance of a contract”). We may also share your personal data with specialist dealers on site (click on the following link for an overview: https://www.ewm-group.com/de/kontakt/fachhaendlersuche.html). The legal basis is Art. 6 (1) (1) (f) GDPR (“legitimate interest”).

Authorisation for any further data transmission within the EWM Group (click on the following link for an overview: https://www.ewm-group.com/de/kontakt/standorte.html) is provided by Art. 6 (1) (1) (f) GDPR (“legitimate interest”). According to this provision, data processing is lawful if the processing is necessary to pursue our legitimate interests, unless the interests or fundamental rights of the data subject outweigh such processing. Recital 48 of the GDPR specifies the legitimate interest in transmission within a group of companies. According to this Recital, transmission within a group of companies for internal administrative purposes with regard to the processing of customer data is deemed to qualify as a legitimate interest on our part within the meaning of Art. 6 (1) (1) (f) GDPR.

In some cases, we use external service providers to process your data. They have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. All of the conditions set out in Art. 28 GDPR are observed.

 

Location of data processing activities

Your personal data is generally processed entirely within Germany or other member states of the European Union. We will only transfer your personal data to countries outside the member states of the European Union (also called third countries) or to other international organisations if the EU Commission has confirmed an adequate level of protection with respect to the relevant third country or there are other appropriate data protection guarantees in place (e.g. binding in-house data protection provisions or EU standard contractual clauses).

 

Security/Technical and organisational measures

Taking into account the provisions of Art. 24, 25 and 32 GDPR, we undertake all necessary technical and organisational measures to protect your personal data against loss, destruction, access, modification and dissemination by unauthorised persons and against misuse.

For example, we comply with legal requirements regarding the pseudonymisation and encryption of personal data, confidentiality, integrity, availability and resilience of systems and services related to data processing, the availability of personal data and the ability to quickly restore such data in the event of a physical or technical incident, and the establishment of procedures for the regular testing, assessment and evaluation of the effectiveness of technical and organisational measures to ensure the security of the processing.

Furthermore, we also observe the requirements of Art. 25 GDPR with regard to the principles of “privacy by design” and “privacy by default”.

 

Your rights

You have a right to free information about your personal data and – subject to the legal conditions – a right to the rectification, blocking and erasure of your data, to the restriction of its processing, to data portability and also a right to object.

Insofar as we process your personal data on the basis of a legitimate interest, you may object to your data being processed. This will be the case if processing in particular is not required to fulfil a contract with you. When exercising your right to raise such an objection, we would ask you to tell us the reasons why your personal data should not be processed by us. In the event of a justified objection, we will review the circumstances and either stop processing your data or change the way in which we process it or highlight our compelling legitimate grounds for why we might continue to process such information.

You also have the right to file a complaint with the competent supervisory authority (e.g. The State Commissioner for Data Protection and the Freedom of Information Rhineland-Palatinate, Hintere Bleiche 34, 55116 Mainz, Germany).

If you have any suggestions or questions regarding the processing of your personal data or questions concerning the aforementioned rights and the assertion of them, please contact us or our external data protection officer:

Mr Jan Morgenstern
MORGENSTERN consecom GmbH
Große Himmelsgasse 1
67346 Speyer
Germany
This email address is being protected from spambots. You need JavaScript enabled to view it.
Tel.: +49 6232-100 119 44


Status: Jan 2024 (Version 6)

The latest version of this document applies.