Data protection declaration

Contact

Do you have questions?
Please fill out the contact form.

Your inquiry

Personal information

Personal information refers to all information that can be used to identify you personally. We process your personal information (e.g. form of address, first name, second name, postal address, e-mail address, phone number) only in accordance with the provisions of German data protection law and the European Union’s (EU) data protection law. The following is to inform you about the methods, scope and purpose of collecting, processing and using personal information.

We herewith advise you that the transmission of data via the Internet (i.e. through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third party access.

Contact information for the entity responsible for data protection

The entity responsible for data protection according to the General Data Protection Regulation (controller) and other, national data protection regulations applicable in the member states as well as any other provisions concerning data protection law is:

Eckelmann AG
Berliner Straße 161
65205 Wiesbaden, Germany

Phone +49 611 7103-0
Fax +49 611 7103-133

E-Mail: info@eckelmann.de
Website: www.eckelmann.de

Contact information for the data protection officer:

E-Mail: datenschutz@eckelmann.de
Website: www.eckelmann.de

Information on data transfer to the USA

Our website uses, in particular, tools from companies based in the USA. When these tools are active, your personal information may be transferred to the US servers of these companies. We must point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to release personal data to security authorities without you as the data subject being able to take legal action against this. The possibility cannot therefore be excluded that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of objection

Art. 21 GDPR

If the processing of personal data concerning you is carried out in order to safeguard our overriding legitimate interest based on art. 6 par. 1 f GDPR or in the public interest based on art. 6 par. 1 e GDPR, you have the right to object at any time to the processing of your personal information for reasons relating to your individual situation.

If you exercise your right of objection, we will cease to process the information concerned unless we can demonstrate that there are compelling legitimate grounds for processing overriding your interests, rights and freedoms or unless the processing serves the establishment, exercise or defense of legal claims.

If your personal information is processed for the purpose of direct advertising, you have the right to object to the processing of your personal information for such advertising at any time and without indication of reasons. This includes profiling if it takes place in the context of such direct advertising.

If you object to processing for purposes of direct advertising, your personal information will no longer be processed for those purposes.

SSL/TLS encryption

For security reasons and in order to protect the transmission of personal information and other confident content (e.g. requests directed at the controller), this website uses SSL encryption or TLS encryption. Encrypted connections can be identified by the character sequence “https://” and the padlock icon in your browser’s address bar.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Hosting

We are hosting the content of our website at the following provider:
Mittwald

The provider is the Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp,
Germany (hereinafter referred to as Mittwald).

For details, please view the data privacy policy of Mittwald:
https://www.mittwald.de/datenschutz

We use Mittwald on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable
depiction of our website possible. If appropriate consent has been obtained, the processing is carried out
exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

 

 

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server
log files, which your browser communicates to us automatically. The information comprises:

  • The type and version of browser used
  • The used operating system
  • Referrer URL
  • The hostname of the accessing computer
  • The time of the server inquiry
  • The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest
in the technically error free depiction and the optimization of the operator’s website. In order to achieve this,
server log files must be recorded.

Cookies

This website uses cookies that are a technical requirement. These are small text files saved temporarily in or by your internet browser to your computer system for purposes of website functionality only. Other cookies are persistent and used to recognize your browser on your next visit to improve the website’s usability. The legal basis for processing information is art. 6, par. 1f, of the GDPR, pertaining to our legitimate interest in our website’s functionality and usability. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6 Sect. 1 lit. a GDPR); lit. a GDPR); this consent may be revoked at any time.

The technically required cookies will usually be deleted once the browser is closed. Persistent cookies have lifespans varying from several minutes to several years.

You can set up your browser to inform you when cookies are saved, authorize cookies on a case-by-case basis, prevent the saving of cookies in specific cases or in general and activate automatic cookie deletion on closing the browser. Cookie management varies across browsers. Please note that our website’s functionally may be impaired if cookies are not accepted.

The saving of other cookies (e.g. cookies designed to analyze your surfing behavior) is regulated separately in this privacy statement.

Consent with Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain
cookies on your device or for the use of specific technologies, and to document the former in a data
protection compliant manner. The party offering this technology is Usercentrics GmbH, Sendlinger Straße 7,
80331 München, Germany, website:
https://usercentrics.com/ (hereinafter referred to as “Usercentrics”).

Whenever you visit our website, the following personal data will be transferred to Usercentrics:

  • Your declaration(s) of consent or your revocation of your declaration(s) of consent
  • Your IP address
  • Information about your browser
  • Information about your device
  • The date and time you visited our website

Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of
consent or any revocations of the former. The data that are recorded in this manner shall be stored until you
ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer
exists. This shall be without prejudice to any mandatory legal retention periods.

Usercentrics uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use of specific technologies is Art. 6(1)(c) GDPR.

Contact form

If you contact us (e.g. by contact form or e-mail), personal information will be collected. What information is collected is clear from the contact form used. That information is only stored and used for the purpose of responding to your request, that is for establishing contact and performing the technical administration required for that purpose. The legal basis for processing data is our legitimate interest in responding to your request in accordance with art. 6, par. 1f, of the GDPR. If your contacting us has the object of concluding a contract, this constitutes an additional legal basis for processing under art. 6, par. 1b, of the GDPR or on your agreement art. 6, par. 1a GDPR if this has been requested. The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g. after we have concluded our response to your inquiry). This shall be without
prejudice to any mandatory legal provisions – in particular retention periods.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Art. 6 Sect. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6 Sect. 1 lit. f GDPR) or on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR) if it has been obtainedobtained; the consent can be revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Newsletter

If you elect to subscribe to any of our e-mail newsletters, we will regularly send you information on our offerings. For this purpose, we collect, process and use the information entered into the subscription form’s input boxes. For the newsletter, we use a so-called double opt-in process. That means that we will only send you an e-mail newsletter after you have given your express consent to receiving it. For this purpose, you will receive a confirmation e-mail where you can complete your newsletter subscription by clicking a link. After that, we will be glad to send you our newsletter.

By activating the confirmation link, you give us permission to collect, process and use your personal information in accordance with art. 6, par. 1a, of the GDPR. You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

This website uses CleverReach for sending newsletters. This service is provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. Our company has executed a Contract Data Processing Agreement with CleverReach. CleverReach is a service that allows its users to manage and analyze newsletter distribution. The information you have entered for the purpose of receiving a newsletter (e.g. your e-mail address) will be stored on CleverReach servers in Germany or Ireland. Sending out newsletters by CleverReach allows us to perform an analysis of newsletter recipients’ behavior. Among other things, such an analysis can indicate how many recipients have opened the newsletter message and how often each link in the newsletter has been clicked. You can find out more about CleverReach newsletter data analysis from: https://www.cleverreach.com/en/features/reporting-tracking/

The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

If you do not want to permit an analysis by CleverReach, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

You can find more details in CleverReach’s privacy policy at: https://www.cleverreach.com/en/privacy-policy/

Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Job applications

We offer website visitors the opportunity to submit job applications to us (e.g. via e-mail, via postal services or by submitting the online job application form). Below, we will brief you on the scope, purpose and use of the personal data collected from you in conjunction with the application process. We assure you that the collection, processing and use of your data will occur in compliance with the applicable data privacy rights and all other statutory provisions and that your data will always be treated as strictly confidential.

If you submit a job application to us, we will process any affiliated personal data (e.g. contact and communications data, application documents, notes taken during job interviews, etc.), if they are required to make a decision concerning the establishment or an employment relationship. The legal grounds for the aforementioned are § 26 GDPR according to German Law (Negotiation of an Employment Relationship), Art. 6 Sect. 1 lit. b GDPR (General Contract Negotiations) and – provided you have given us your consent – Art. 6 Sect. 1 lit. a GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be shared with individuals who are involved in the processing of your job application.

If your job application should result in your recruitment, the data you have submitted will be archived on the grounds of § 26 GDPR and Art. 6 Sect. 1 lit. b GDPR for the purpose of implementing the employment relationship in our data processing system.

If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your agreement (Article 6 para.1 lit. a GDPR) or if statutory data retention requirements preclude the deletion.

If we do not make you a job offer, you may be able to join our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.

Admission to the applicant pool is based exclusively on your express agreement (Art. 6 para. 1 lit. a GDPR). The submission agreement is voluntary and has no relation to the ongoing application procedure. The affected person can revoke his agreement at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal reasons for storage.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.

We use the job advertisement and applicant management software of On-apply GmbH, Lindleystraße 8a, 60314 Frankfurt am Main, Germany to optimize our recruiting processes. With On-apply we have concluded an order data processing contract.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is
Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a user-ID does not take place.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among
other things. Google Analytics uses various modeling approaches to augment the collected data sets and
uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the
user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by
Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1)
TTDSG. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European
Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.

Browser plug-in
You can prevent the recording and processing of your data by Google by downloading and installing the
browser plugin available under the following link:
https://tools.google.com/dlpage/gaoptout?hl=en

For more information about the handling of user data by Google Analytics, please consult Google’s Data
Privacy Declaration at:
https://support.google.com/analytics/answer/6004245?hl=en

YouTube with expanded data protection integration

Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.

As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.

Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.

Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.

Google Fonts (local embedding)

This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.

For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Rights as data subject

If your personal information is processed, you are a data subject according to the GDPR and have the following rights vis-à-vis the controller:

Right of access in accordance with art. 15 of the GDPR: You have the right of access to the personal information processed by us as well as the purpose of processing, the categories of personal information processed, the recipients or recipient categories your information is or has been disclosed to, the planned storage period or the criteria for determining the storage period, to the existence of a right to rectification, erasure, restriction of processing, objection to processing and lodging a complaint with a supervisory authority, to the source of your personal information if it was not collected by us, to information on the existence of automated decision-making, including profiling, and, where applicable, meaningful information on the logic involved and the intended consequences of such processing as well as to information on your right of access to information on what safeguards exist pursuant to art. 46 of the GDPR relating to the passing on of your information to a third country.

Right to rectification in accordance with art. 16 of the GDPR: You have the right to rectification of your personal information if it is incorrect and/or incomplete.

Right to erasure in accordance with art. 17 of the GDPR: You have the right to have your personal information deleted if one of the conditions of art. 17, par. 1, of the GDPR is met. However, this right does not apply if processing is required for the exercise of the right of freedom of expression or information, for fulfilling legal obligations, for reasons of public interest or for the establishment, exercise or defense of legal claims.

Right to restriction of processing in accordance with art. 18 of the GDPR: You have the right to have the processing of your personal information restricted for the period during which they are being verified if you demand, instead of their deletion, a restriction of the processing of your information due to inadmissible data processing, if we no longer require your information for processing purposes but you require them for establishing, exercising or defending legal claims or if you have objected to processing and no final determination has been reached whether our legitimate grounds override yours.

Right to notification in accordance with art. 19 of the GDPR: If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, they have an obligation to notify all recipients to whom your personal information has been disclosed of that rectification, erasure or restriction of processing of data unless this proves impossible or requires unreasonable effort. You are entitled to be informed about the recipients.

Right to data portability in accordance with art. 20 of the GDPR: You have the right to obtain or have transferred to another controller the personal information you have provided in a structured, commonly used and machine-readable format, wherever technically feasible.

Right to withdraw consent in accordance with art. 7, par. 3, of the GDPR: You have the right to withdraw your consent to data processing, once given, at any time with effect for the future. If you withdraw it, we will delete the information concerned immediately unless there is a legal basis for further processing without consent. Withdrawing your consent does not affect the lawfulness of any processing having taken place with consent prior to withdrawal.

Right to lodge a complaint in accordance with art. 77 of the GDPR: Irrespective of other administrative or judicial remedies, you are entitled to lodge a complaint with a supervisory authority, particularly in the member state where you reside, work or where the alleged violation has taken place if you deem the processing of your personal information to violate the GDPR.

The supervisory authority with which the complaint is lodged will inform the complainant of the status and the outcome of the complaint including the option of judicial remedies in accordance with art. 78 of the GDPR.

Storage period for personal information

How long personal information will be stored depends on the applicable legal retention period (e.g. retention periods under commercial and fiscal law). Once the period expires, the information concerned will be routinely deleted wherever it is no longer required for contract fulfilment or initiation and/or there is no longer any continued legitimate interest on our part for retention.