Data protection declaration

We take protecting your data seriously

Thank you for visit­ing our website. We are delighted that you are interested in our company and our products / services. We take protecting your personal data very seriously, and we want you to feel secure with regard to the information you give us when you visit our website.

Despite careful translation, we shall not be held liable for the accuracy of the English version of this website. In case of doubt, the German version shall prevail.

Therefore we would like to inform you as below:

Personal information

Personal information refers to all information that can be used to identify you personally. We process your personal information (e.g. form of address, first name, second name, postal address, e-mail address, phone number) only in accordance with the provisions of German data protection law and the European Union’s (EU) data protection law. The following is to inform you about the methods, scope and purpose of collecting, processing and using personal information.

We herewith advise you that the transmission of data via the Internet (i.e. through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third party access.

Contact information for the entity responsible for data protection

The entity responsible for data protection according to the General Data Protection Regulation (controller) and other, national data protection regulations applicable in the member states as well as any other provisions concerning data protection law is:

Eckelmann AG
Berliner Straße 161
65205 Wiesbaden, Germany
Phone +49 611 7103-0
Fax +49 611 7103-133
E-Mail info@eckelmann.de
Website: www.eckelmann.de

Contact information for the data protection officer:

datenschutz@eckelmann.de
Website: www.eckelmann.de

Information on data transfer to the USA

Our website uses, in particular, tools from companies based in the USA. When these tools are active, your personal information may be transferred to the US servers of these companies. We must point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are required to release personal data to security authorities without you as the data subject being able to take legal action against this. The possibility cannot therefore be excluded that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.

SSL/TLS encryption

For security reasons and in order to protect the transmission of personal information and other confident content (e.g. requests directed at the controller), this website uses SSL encryption or TLS encryption. Encrypted connections can be identified by the character sequence “https://” and the padlock icon in your browser’s address bar.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Server log files

This website is hosted by an external service provider (host). The following data is transmitted from your browser to the host (so-called server log files) in order to display our website correctly: information on the user’s browser type and version, operating system, internet service provider and IP address as well as the date and time of access, websites from which the user has accessed our website and websites accessed by the user via our website.

The web servers’ access logs track which pages were accessed at what time. They contain the following information: IP, directory protection user, date, time, pages accessed, logs, status code, data volume, referrer, user agent, host name accessed.

IP addresses are anonymized for storage by removing the final three digits, which means that 127.0.0.1 will become 127.0.0.*. IPv6 addresses will be anonymized as well. Anonymized IP addresses will be stored for 60 days. The information on the directory protection user used will be anonymized after one day.

Error logs tracking page access errors will be deleted after seven days. Beside the error messages, they contain the accessing IP address and, depending on the error, the website accessed.

The legal basis for processing information is art. 6, par. 1f, of the GDPR, pertaining to our legitimate interest in improving our website’s stability and functionality.

In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our host.

Cookies

This website uses cookies that are a technical requirement. These are small text files saved temporarily in or by your internet browser to your computer system for purposes of website functionality only. Other cookies are persistent and used to recognize your browser on your next visit to improve the website’s usability. The legal basis for processing information is art. 6, par. 1f, of the GDPR, pertaining to our legitimate interest in our website’s functionality and usability. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6 Sect. 1 lit. a GDPR); lit. a GDPR); this consent may be revoked at any time.

The technically required cookies will usually be deleted once the browser is closed. Persistent cookies have lifespans varying from several minutes to several years.

You can set up your browser to inform you when cookies are saved, authorize cookies on a case-by-case basis, prevent the saving of cookies in specific cases or in general and activate automatic cookie deletion on closing the browser. Cookie management varies across browsers. Please note that our website’s functionally may be impaired if cookies are not accepted.

The saving of other cookies (e.g. cookies designed to analyze your surfing behavior) is regulated separately in this privacy statement.

Cookie Consent with Usercentrics

Our website uses the Usercentrics cookie consent technology to obtain your consent to the storage of certain cookies on your device and data protection legislation compliant documentation of the former. The party offering this technology is Usercentrics GmbH, Rosental 4, 80331 München, Germany, website: usercentrics.com (hereinafter referred to as “Usercentrics”).

Whenever you visit our website, the following personal data will be transferred to Usercentrics:

  • Your declaration(s) of consent or your revocation of your declaration(s) of consent
  • Your IP address
  • Information about your browser
  • Information about your device
  • The date and time you visited our website

Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any revocations of the former. The data that are recorded in this manner shall be stored until you ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer exists. This shall be without prejudice to any mandatory legal retention periods.

Usercentrics uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use of such cookies is Art. 6 Sect. 1 Sentence 1 lit. c GDPR.

Our company has executed a Contract Data Processing Agreement with Usercentrics. This is an Agreement mandated by data privacy protection legislation that warrants that Usercentrics processes all personal data of our website visitors exclusively in compliance with our instructions and in compliance with the GDPR.

Contact form

If you contact us (e.g. by contact form or e-mail), personal information will be collected. What information is collected is clear from the contact form used. That information is only stored and used for the purpose of responding to your request, that is for establishing contact and performing the technical administration required for that purpose. The legal basis for processing data is our legitimate interest in responding to your request in accordance with art. 6, par. 1f, of the GDPR. If your contacting us has the object of concluding a contract, this constitutes an additional legal basis for processing under art. 6, par. 1b, of the GDPR or on your agreement art. 6, par. 1a GDPR if this has been requested. The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g. after we have concluded our response to your inquiry). This shall be without
prejudice to any mandatory legal provisions – in particular retention periods.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Art. 6 Sect. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6 Sect. 1 lit. f GDPR) or on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR) if it has been obtained.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Newsletter

If you elect to subscribe to any of our e-mail newsletters, we will regularly send you information on our offerings. For this purpose, we collect, process and use the information entered into the subscription form’s input boxes. For the newsletter, we use a so-called double opt-in process. That means that we will only send you an e-mail newsletter after you have given your express consent to receiving it. For this purpose, you will receive a confirmation e-mail where you can complete your newsletter subscription by clicking a link. After that, we will be glad to send you our newsletter.

By activating the confirmation link, you give us permission to collect, process and use your personal information in accordance with art. 6, par. 1a, of the GDPR. You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

This website uses CleverReach for sending newsletters. This service is provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. Our company has executed a Contract Data Processing Agreement with CleverReach. CleverReach is a service that allows its users to manage and analyze newsletter distribution. The information you have entered for the purpose of receiving a newsletter (e.g. your e-mail address) will be stored on CleverReach servers in Germany or Ireland. Sending out newsletters by CleverReach allows us to perform an analysis of newsletter recipients’ behavior. Among other things, such an analysis can indicate how many recipients have opened the newsletter message and how often each link in the newsletter has been clicked. You can find out more about CleverReach newsletter data analysis from: https://www.cleverreach.com/en/features/reporting-tracking/

The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

If you do not want to permit an analysis by CleverReach, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

You can find more details in CleverReach’s privacy policy at: https://www.cleverreach.com/en/privacy-policy/

Job applications

We offer website visitors the opportunity to submit job applications to us (e.g. via e-mail, via postal services or by submitting the online job application form). Below, we will brief you on the scope, purpose and use of the personal data collected from you in conjunction with the application process. We assure you that the collection, processing and use of your data will occur in compliance with the applicable data privacy rights and all other statutory provisions and that your data will always be treated as strictly confidential.

If you submit a job application to us, we will process any affiliated personal data (e.g. contact and communications data, application documents, notes taken during job interviews, etc.), if they are required to make a decision concerning the establishment or an employment relationship. The legal grounds for the aforementioned are § 26 New GDPR according to German Law (Negotiation of an Employment Relationship), Art. 6 Sect. 1 lit. b GDPR (General Contract Negotiations) and – provided you have given us your consent – Art. 6 Sect. 1 lit. a GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be shared with individuals who are involved in the processing of your job application.

If your job application should result in your recruitment, the data you have submitted will be archived on the grounds of § 26 New GDPR and Art. 6 Sect. 1 lit. b GDPR for the purpose of implementing the employment relationship in our data processing system.

If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your agreement (Article 6 para.1 lit. a GDPR) or if statutory data retention requirements preclude the deletion.

If we do not make you a job offer, you may be able to join our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.

Admission to the applicant pool is based exclusively on your express agreement (Art. 6 para. 1 lit. a GDPR). The submission agreement is voluntary and has no relation to the ongoing application procedure. The affected person can revoke his agreement at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal reasons for storage.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.

We use the job advertisement and applicant management software of On-apply GmbH, Lindleystraße 8a, 60314 Frankfurt am Main, Germany to optimize our recruiting processes. With On-apply we have concluded an order data processing contract.

Google Analytics web analytics service

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. Google may consolidate these data in a profile that is allocated to the respective user or the user’s device.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g. cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

This analysis tool is used on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.

This website uses Google Analytics only with the _anonymizeIp() extension, which ensures the IP address is anonymized by shortening. With the extension, Google shortens your IP address within member states of the European Union or other states participating in the Agreement on the European Economic Area before transfer. Only in some cases will the full IP address be transmitted to US Google servers and shortened there. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Google will use that information on our behalf to evaluate your website usage, compile reports on website activity and provide other services concerning website and internet usage to us.

The information associated with cookies, user IDs, e.g. ad IDs, transmitted by us will be anonymized or deleted after 14 months. For detailsplease click the following link: https://support.google.com/analytics/answer/7667196?hl=en

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

As an alternative to the browser plugin, or in case you are using a browser on a mobile device, please click the following link to create an opt-out cookie preventing Google Analytics tracking on this website in the future (this opt-out cookie only works for this browser and this domain, if you delete your cookies in this browser, you will have to click the link again): Deactivate Google Analytics.

You can find more information on how Google Analytics handles user data in the Google privacy statement: https://support.google.com/analytics/answer/6004245?hl=en

We have executed a contract data processing agreement with Google.

This website uses the “demographic characteristics” function of Google Analytics, to be able to display to the website visitor compatible ads within the Google advertising network. This allows reports to be created that contain information about the age, gender and interests of the website visitors. The sources of this information are interest-related advertising by Google as well as visitor data obtained from third party providers. This data cannot be allocated to a specific individual. You have the option to deactivate this function at any time by making pertinent settings changes for advertising in your Google account or you can generally prohibit the recording of your data by Google Analytics as explained in section “Objection to the recording of data”.

YouTube with expanded data protection integration

Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.

As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.

Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.

Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 Sect. 1 lit. f GDPR, this is a legitimate interest. If a corresponding agreement has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.

Google Web Fonts (local embedding)

This website uses so-called Web Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.

For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

Rights as data subject

If your personal information is processed, you are a data subject according to the GDPR and have the following rights vis-à-vis the controller:

Right of access in accordance with art. 15 of the GDPR: You have the right of access to the personal information processed by us as well as the purpose of processing, the categories of personal information processed, the recipients or recipient categories your information is or has been disclosed to, the planned storage period or the criteria for determining the storage period, to the existence of a right to rectification, erasure, restriction of processing, objection to processing and lodging a complaint with a supervisory authority, to the source of your personal information if it was not collected by us, to information on the existence of automated decision-making, including profiling, and, where applicable, meaningful information on the logic involved and the intended consequences of such processing as well as to information on your right of access to information on what safeguards exist pursuant to art. 46 of the GDPR relating to the passing on of your information to a third country.

Right to rectification in accordance with art. 16 of the GDPR: You have the right to rectification of your personal information if it is incorrect and/or incomplete.

Right to erasure in accordance with art. 17 of the GDPR: You have the right to have your personal information deleted if one of the conditions of art. 17, par. 1, of the GDPR is met. However, this right does not apply if processing is required for the exercise of the right of freedom of expression or information, for fulfilling legal obligations, for reasons of public interest or for the establishment, exercise or defense of legal claims.

Right to restriction of processing in accordance with art. 18 of the GDPR: You have the right to have the processing of your personal information restricted for the period during which they are being verified if you demand, instead of their deletion, a restriction of the processing of your information due to inadmissible data processing, if we no longer require your information for processing purposes but you require them for establishing, exercising or defending legal claims or if you have objected to processing and no final determination has been reached whether our legitimate grounds override yours.

Right to notification in accordance with art. 19 of the GDPR: If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, they have an obligation to notify all recipients to whom your personal information has been disclosed of that rectification, erasure or restriction of processing of data unless this proves impossible or requires unreasonable effort. You are entitled to be informed about the recipients.

Right to data portability in accordance with art. 20 of the GDPR: You have the right to obtain or have transferred to another controller the personal information you have provided in a structured, commonly used and machine-readable format, wherever technically feasible.

Right to withdraw consent in accordance with art. 7, par. 3, of the GDPR: You have the right to withdraw your consent to data processing, once given, at any time with effect for the future. If you withdraw it, we will delete the information concerned immediately unless there is a legal basis for further processing without consent. Withdrawing your consent does not affect the lawfulness of any processing having taken place with consent prior to withdrawal.

Right to lodge a complaint in accordance with art. 77 of the GDPR: Irrespective of other administrative or judicial remedies, you are entitled to lodge a complaint with a supervisory authority, particularly in the member state where you reside, work or where the alleged violation has taken place if you deem the processing of your personal information to violate the GDPR.

The supervisory authority with which the complaint is lodged will inform the complainant of the status and the outcome of the complaint including the option of judicial remedies in accordance with art. 78 of the GDPR.

Right of objection

Art. 21 GDPR

If the processing of personal data concerning you is carried out in order to safeguard our overriding legitimate interest based on art. 6 par. 1 f GDPR or in the public interest based on art. 6 par. 1 e GDPR, you have the right to object at any time to the processing of your personal information for reasons relating to your individual situation.

If you exercise your right of objection, we will cease to process the information concerned unless we can demonstrate that there are compelling legitimate grounds for processing overriding your interests, rights and freedoms or unless the processing serves the establishment, exercise or defense of legal claims.

If your personal information is processed for the purpose of direct advertising, you have the right to object to the processing of your personal information for such advertising at any time and without indication of reasons. This includes profiling if it takes place in the context of such direct advertising.

If you object to processing for purposes of direct advertising, your personal information will no longer be processed for those purposes.

Storage period for personal information

How long personal information will be stored depends on the applicable legal retention period (e.g. retention periods under commercial and fiscal law). Once the period expires, the information concerned will be routinely deleted wherever it is no longer required for contract fulfilment or initiation and/or there is no longer any continued legitimate interest on our part for retention.

Contact