Introduction
Controller according to Art. 4 para. 7 EU General Data Protection Regulation (GDPR), Erhardt+Leimer GmbH, Albert-Leimer-Platz 1 in 86391 Stadtbergen, e-mail: info@erhardt-leimer.com represented by the Managing Director Dr. Michael Proeller, cf. our imprint at https://www.erhardt-leimer.de/impressum/.
If you have any questions about data protection, please contact our external data protection officer Stefan Haugg at: Phone: 08212435810 Email: datenschutz@erhardt-leimer.com, Post: Erhardt+Leimer GmbH, Data Protection Officer, Albert-Leimer-Platz 1, 86391 Stadtbergen
(hereinafter: "We"), as the operator of this website, is responsible for the personal data of users (hereinafter: "you") of the website within the meaning of the General Data Protection Regulation ("GDPR").
We protect your privacy and your private data. We collect, process and use your personal data in accordance with the content of these data protection regulations and the applicable data protection regulations, in particular the GDPR. These data protection regulations regulate which personal data we collect, process and use about you. We therefore ask you to read the following carefully.
1. Collection of personal data
1.1 Personal data within the meaning of this Privacy Policy means any information relating to an identified or identifiable natural person (hereinafter “data subject”). This includes, in particular, your name, your e-mail address and, if applicable, your address, your telephone number as well as your credit card and account details and your VAT details if you are a registered merchant or customer.
1.2 Personal data also includes information about your use of our website. In this context, we collect personal data from you as follows: Information about your visits to our website, such as Scope of the data transfer, the place from which you retrieve data from our website and other connection data and sources that you retrieve. This is usually done through the use of log files and cookies. Further information on log files and cookies can be found below.
1.3 In principle, your personal data will be stored for the period required to fulfil the request/order. When visiting the website, we generally store the data collected for the duration of the visit and for a further 14 days. If we collect your IP address, it will only be stored for the duration of your use of the website and then deleted immediately or anonymised by shortening it. The remaining data is stored for a limited period of time based on the following criteria
- Order-related personal data: 10 years
- Application documents: between 6 months and the duration of a possible employment relationship, then usually 10 years for relevant documents
- Log files of the web server: 14 days
- Inquiries from interested parties: for the course of the contract initiation, if the request is completed, the data will be deleted immediately
2. Purpose and legal basis
2.1 Intended use
We use your personal data for the following purposes:
2.1.1 To provide the services you have requested online presentation of the E+L Group, online shop, newsletter administration, contact also for support purposes, applicant management, visit to our virtual trade fair stand, participation in competitions as well as order processing;
2.1.2 To ensure that our website, in particular our online shop as well as the virtual trade fair stand, is presented to you in the most effective and interesting way possible; automated tracking of created offers
2.1.3 To perform our obligations under any contracts entered into between you and us;
2.1.4 To enable you to participate in interactive offers, if you so wish;
2.1.5 To inform you about changes to our services.
2.1.6 Provision and tracking of downloads made via online presences and shop
2.1.7 To inform you about other interesting products from our portfolio that match the items you have ordered and to send you e-mails with technical or interesting information.
2.1.8 In order to be able to carry out automated tracking of created offers. For this purpose, we will contact you in periods appropriate to the offer.
2.2 Legal bases
Your personal data is processed on the basis of the following legal bases:
2.2.1 The collection of the data listed in Section 1.2 (the information about your visits to the website, e.g. Scope of the data transfer, the location from which you access data from our website and other connection data) is based on Art. 6 para. 1 sentence 1 lit. b and a GDPR.
2.2.2 The collection of information about your computer as described in sections 1.2 and 3.1 (IP address, status and amount of data of the request) is based on Art. 6 para. 1 sentence 1 lit. f GDPR.
2.2.3 The provision of personal data by you is legally and contractually required by Article 6 (1) sentence 1 lit. b).
2.2.4 If the consent was the legal basis for the data collection/data processing, you can revoke it at any time. The legality of the processing carried out on the basis of consent until revocation remains unaffected. To exercise your right of withdrawal, please contact us at el-privacy@erhardt-leimer.com.
3. Information about your computer, cookies and targeting
3.1 Whenever you access our website, we collect the following information about your computer: the IP address of your computer, the request of your browser and the time of this request. In addition, the status and the amount of data transferred are recorded as part of this request. The IP address of your computer will only be stored for the duration of your use of the website and will then be deleted immediately or anonymised by shortening it. We use this data for the operation of our website, in particular to detect and eliminate errors in the website, to determine the utilization of the website and to make adjustments or improvements.
3.2 We may also collect information about your use of our website through the use of so-called browser cookies. These are small text files that are stored on your data carrier and that store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, as well as information about the age of the cookie and an alphanumeric identifier. Cookies allow our systems to recognize the user's device and make any preferences immediately available. As soon as a user accesses the platform, a cookie is transmitted to the hard drive of the respective user's computer. Cookies help us to improve our website and provide you with a better service tailored to you. They allow us to recognise your computer when you return to our website and thereby:
- To store information about your preferred activities on the website and thus tailor our website to your individual interests. This includes, for example, Advertising that matches your personal interests.
- speed up the processing of your requests.
3.3 The cookies we use only store the data about your use of the website as explained above. This is not done by assigning it to you personally, but by assigning an identification number to the cookie ("cookie ID"). The cookie ID is not merged with your name, IP address or similar data that would allow the cookie to be assigned to you. You can find out how to prevent the use of browser cookies under Section 3.6.
3.4 Our website uses so-called tracking technologies. We use these technologies to make the website more interesting for you. This technique makes it possible to target Internet users who have already been interested in our website with advertising on the websites of our partners. These advertising materials are displayed on the websites of our partners on the basis of cookie technology and an analysis of previous usage behaviour. We only use this technology if you have consented to it, if the use is necessary for the conclusion or performance of a contract with you or if other legal provisions allow this.
3.5 We work with business partners who help us to make the Internet offer and the website more interesting for you. Therefore, when you visit the website, cookies from these partner companies are also stored on your hard drive. These are cookies that automatically delete themselves after the specified time. Even through the cookies of our partner companies, data is only collected under a cookie ID, which enables our advertising partners to address you with advertisements that might actually interest you. The parties using cookies on this website are listed below. Where possible, you can choose to allow certain cookies on this website.
3.6 Sending and editing newsletters via Adobe Marketo Engage
We use Adobe Marketo Engage, a service of Adobe Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA, to conduct and manage email marketing campaigns and for marketing automation.
Adobe Marketo Engage enables us to:
• the sending of personalised newsletters and automated e-mail routes,
• the creation and evaluation of landing pages and forms,
• the segmentation and analysis of target groups,
• the use of CRM and ERP data for targeted contact,
• Interaction with website visitors via chat functions.
In the context of the use, the following personal data in particular are processed:
• Email address and name,
• Usage data (e.g. open rates, click behaviour),
• data from CRM and ERP systems (e.g. order history),
• Information about the use of the website (e.g. visitor behaviour, interests).
The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR (consent) or Art. 6 para. 1 lit. f GDPR (legitimate interest in direct advertising from the customer base via the service provider). The deletion or blocking of the data will take place immediately with the elimination of the legal basis or with your revocation of your consent.
Adobe may transfer data to the United States or other third countries. An adequate level of data protection is ensured by concluding EU standard contractual clauses in accordance with Art. 46 GDPR.
For more information on data protection at Adobe, visit https://www.adobe.com/privacy/policy.html
COOKIE SETTINGS
4. Data security
Any information you submit to us will be stored on servers within the European Union. Unfortunately, the transmission of information over the Internet is not completely secure, which is why we cannot guarantee the security of the data transmitted to our website via the Internet. However, we use technical and organisational measures to protect our website and other systems against the loss, destruction, access, alteration or dissemination of your data by unauthorised persons. In particular, your personal data will be transmitted to us in encrypted form. We use the SSL (Secure Socket Layer) and TLS (Transport Layer Security) coding system.
4.1 Cloudflare
We use the Content Delivery Network (CDN) of Cloudflare Inc. 101 Townsend Street, San Francisco, CA 94107 USA (Cloudflare) to increase the security and delivery speed of our website. The legal basis for this processing activity is our legitimate interest (Art. 6 para. 1 lit. f GDPR) to protect our systems from cyber attacks. The processing takes place on the basis of the closed standard contractual clauses of the EU, Cloudflare works for us as a processor https://www.cloudflare.com/de-de/cloudflare-customer-dpa/.
We only use the Cloudflare DNS service, more information about this service can be found here https://www.cloudflare.com/de-de/application-services/products/dns/
The exact processing of personal data by Cloudflare is available here https://www.cloudflare.com/de-de/privacypolicy/ and https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Your personal data processed by Cloudflare will not be stored, evaluated or used permanently.
5. No disclosure of your personal data
We do not pass on your personal data to third parties unless you have consented to the data being passed on or we are entitled or obliged to pass on data on the basis of legitimate interest, statutory provisions and/or official or judicial orders. This may include, in particular, the provision of information for the purposes of law enforcement, security or the enforcement of intellectual property rights.
6. Data protection and third-party websites
The Website may contain hyperlinks to and from third party websites. If you follow a hyperlink to one of these websites, please note that we cannot assume any responsibility or guarantee for third-party content or data protection conditions. Please check the applicable data protection conditions before submitting personal data to these websites.
7. Our activities on social networks
In the following, we inform you about the handling of your personal data, in particular about the use of our presence in social networks and offers.
Please check carefully what personal data you share with us via social networks. For example, as long as you are logged into your respective account and visit our profile operated by the providers, the provider can assign this directly to your profile. They are thus clearly recognizable to the provider.
Your visit history can thus be used by the provider to create a profile about you. We expressly point out that the providers store the data of their users (e.g. personal information, IP address, etc.) and may also use them for business purposes.
Basically, we operate the pages and profiles in order to be able to get in touch with customers, prospects and employees as well as potential employees in a better and more comfortable way. The past has shown us that our activities beyond the online presence in the form of a website lead to a significantly higher market penetration and thus contact possibility. Therefore, the activities in the social networks are an essential factor for our business success. For the use of the services, we therefore refer to an explicit legitimate interest on our part (Article 6 (1) lit. f). By using our profile pages in the respective social networks, usage data is collected on the personal data that you yourself have provided to the provider when creating your access, and as a rule, the respective provider creates a personalized usage profile. However, this is not within our sphere of influence. Our activity only allows the provider to record that you were interested in our company and that you may like our contributions. In addition to the tracking carried out by the provider outside our sphere of influence, there are therefore no known factors that would restrict your fundamental rights and freedoms and counteract our legitimate interest in using the aforementioned services. In the case of the aforementioned tracking (recording and evaluation of your user behavior by the provider), we naturally also hope for a timely clarification and creation of legal certainty.
Under the following link, you can efficiently configure your browser to counteract the unwanted recording of your user behavior, but probably not in full:
http://www.youronlinechoices.com
Further information on data processing and the responsible body of the provider can be found under the following links.
Facebook
Responsible Body at Facebook: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Facebook pages based on an agreement on joint processing of personal data
Privacy Policy: https://www.facebook.com/about/privacy/,
Opt-Out: https://www.facebook.com/settings?tab=ads
Google/ YouTube
Responsible body at Google: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Privacy Policy: https://policies.google.com/privacy,
Opt-Out: https://adssettings.google.com/authenticated,
Instagram
Data Controller at Instagram: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.
TikTok
Responsible body at TikTok:
TikTok Technology Limited (TikTok Ireland)
TikTok Technology Limited
10 Earlsfort Terrace, Dublin D02 T380, Ireland
TikTok Information Technologies UK Limited (TikTok UK)
TikTok Information Technologies UK Limited
Kaleidoscope
4 Lindsey Street, London EC1A 9HP, United Kingdom
Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/
LinkedIn
Responsible Body at LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Privacy Policy https://www.linkedin.com/legal/privacy-policy,
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
8. Handling of application documents
We process personal data that we receive from you as part of your application on the basis of § 32 BDSG a. F, § 26 BDSG n. F. These are master data such as information on name and address; data on knowledge and skills such as certificates, curriculum vitae, assessments and communication data.
Your data will be used for filling positions, i.e. for the purpose of storing, evaluating, assigning and internally forwarding your application. As part of the application process, your application data will be accessible to the respective HR manager and the management and will be made available to the managers of the searching department. Your data will not be passed on to third parties.
Documents sent by rejected applicants will be deleted from our system 6 months after completion of the application process.
Applications for which storage has been agreed for any positions to be filled later will be stored for a maximum of 12 months and then completely deleted.
9. Hosting
Adobe
Adobe Systems Software Ireland Limited
4-6 Riverwalk
City West Business Campus
Saggart D24, Dublin
Ireland
www.adobe.com/de/privacy/policy.html
§8 Use of Microsoft M365
We use the tools of the Microsoft online package with the Microsoft365 modules, in particular "Microsoft Teams" to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings").
"Microsoft Teams" is a service of Microsoft Corporation, USA
(hereinafter "online meeting provider").
Note: If you access the website of one of the aforementioned online meeting providers, the respective provider is responsible for data processing. However, access to the website is only required for use in order to download the software for use.
If you do not want to or cannot use the app offered by the online meeting providers, you can also participate in the online meetings via your browser. The service will then also be provided via the website to online meeting participants.
(1) When participating in online meetings, various types of data are processed. The scope of the data also depends on what information about data you provide before or when participating in an online meeting.
The following personal data are the subject of the processing:
Information about the user: e.g. display name, email address if applicable, profile picture (optional), preferred language
Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
Text, audio and video data: You may have the option of using the chat function in an "online meeting". In this respect, the text entries you have made will be processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal as well as from any video camera of the terminal will be processed accordingly during the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the online meeting applications.
(2) We use the services of the aforementioned online meeting providers to conduct online meetings. If we want to record online meetings, we will inform you transparently in advance and – if necessary – ask for your consent. As a rule, our online meetings are not recorded and the recording function of the respective online meeting providers is deactivated. However, this does not prevent a participant from recording the online meeting without prior consent through a medium not known to us.
If it is necessary for the purpose of logging results of an online meeting, we will log the chat content. However, this will usually not be the case.
Automated decision-making according to Art. 22 GDPR is not used.
(3) Insofar as personal data are processed by employees of the controller in accordance with point 1 of this data protection notice, § 26 BDSG is the legal basis for data processing. If, in connection with the use of online meetings, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary part of the use of online meetings, Art. 6 para. 1 lit. f) GDPR the legal basis for data processing. In these cases, we are interested in the effective implementation of "online meetings".
Incidentally, the legal basis for data processing when conducting online meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are carried out within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Again, we are interested in the effective conduct of online meetings.
(4) Personal data processed in connection with participation in online meetings will generally not be passed on to third parties unless it is intended to be passed on. Please note that content from online meetings, as well as from face-to-face meetings, is often used to communicate information with customers, prospects or third parties and is therefore intended to be passed on.
Further recipients: The provider of the online meeting necessarily receives knowledge of the above-mentioned Data, insofar as this is provided for in our order processing contract with the online meeting provider.
(5) Data processing outside the European Union (EU) does not take place as we have limited our storage location to data centers in the European Union. However, we cannot rule out the possibility that data may be routed via Internet servers located outside the EU. This may be the case in particular if participants in online meetings are in a third country.
However, the data is encrypted during transport over the Internet and thus secured against unauthorized access by third parties.
10. Changes to this Privacy Policy
We reserve the right to change this Privacy Policy at any time with effect for the future. A current version is available on the website. Please visit the website regularly and find out about the applicable data protection regulations.
11. Your rights and contact
You have extensive rights with regard to the processing of your personal data. First of all, you have an extensive right to information and may request the correction and/or deletion and/or blocking of your personal data. You can also request a restriction of processing and have a right of objection as well as a right to data portability. If you would like to assert any of your rights and/or receive further information about them, please contact us at datenschutz@erhardt-leimer.com.
In addition, you have the right to lodge a complaint with a supervisory authority. If you have any questions, comments or requests regarding the collection, processing and use of your personal data by us, please also contact us using the contact details provided.