Data protection declaration

1. Introduction

With the following information we would like to provide you, as the 'data subject', with an overview of the processing of your personal data by us and your rights under the data protection laws. Basically, it is possible to use our web pages without entering any personal data. However, if you wish to avail yourself of particular services provided by our company via our website, it could become necessary to process personal data. If the processing of personal data is necessary and if there is no legal basis for such processing, we will as a general rule obtain your consent.

Personal data, for example your name, address or e-mail address, are always processed in harmony with the General Data Protection Regulation (GDPR) and in harmony with the country-specific data protection provisions that apply to eurodata AG. By issuing this data protection declaration, we would like to inform you about the scope and purpose of the personal data that we gather, use and process.

As the controller, we have implemented numerous technical and organisational measures in order to ensure the most complete protection possible of the personal data processed via this website. Having said that, Internet-based data transmissions can as a matter of basic principle have security gaps, so that absolute protection cannot be guaranteed. For this reason you are at liberty to send us personal data by other means, for example by telephone or post.


2. Controller

Controller within the meaning of the GDPR is:

eurodata AG
Grossblittersdorfer Str. 257-259, 66119 Saarbrücken

Telephone: +4968188080
Telefax: +496818808300
E-mail: info@eurodata.de
Director: Dieter Leinen


3.  Data protection officer

You can contact the data protection officer as follows:

Mario Arndt, DEUDAT GmbH, Zehntenhofstrasse 5b, D-65201 Wiesbaden,
+49 611 950008-32

E-mail: datenschutzbeauftragter@eurodata.de

You can consult our data protection officer directly at any time if you have any questions or ideas about data protection.
.

4. Definitions

The data protection declaration is based on the concepts used in the enactment of the General Data Protection Regulation (GDPR) by the European bodies that issue directives and regulations. Our data protection declaration should be easy to read and easy to understand, both for the general public and for our customers and business partners. To ensure that, we would first like to explain the terms we use.

The terms we use in this data protection declaration include the following:

  1. Personal data
    Personal data are all information which relates to an identified or identifiable natural person. A natural person is considered identifiable if he or she can be directly or indirectly identified, in particular by means of allocation to some means of identification such as a name, an identification number, location data, an on-line ID or one or more special features which are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. Data subject
    A data subject is any identified or identifiable natural person whose personal data are processed by the controller (our company).
  3. Processing
    Processing is any procedure carried out with or without the aid of automated methods or any such series of procedures in connection with personal data, such as gathering, recording, organisation, putting in order, storage, adaptation or alteration, readout, search, use, disclosure by transmission, dissemination or other form of provision, comparison or combination, restriction, deletion or destruction.
  4. Restriction of processing
    Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
  5. Profiling
    Profiling is any kind of automated processing of personal data which consists in using those personal data to assess certain personal aspects relating to a natural person, in particular to analyse or forecast aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of that natural person.
  6. Pseudonymisation
    Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be allocated to a specific data subject without adding further information, provided that that further information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not allocated to an identified or identifiable natural person.
  7. Processor
    Processor is any natural person or legal entity, authority, institution or other body which processes personal data on behalf of the controller.
  8. Recipient
    Recipient is any natural person or legal entity, authority, institution or other body to whom or which personal data are disclosed, regardless of whether that person, entity, authority, institution or body is a third party or not. However, authorities which may receive personal data in the context of a particular inquiry under EU law or the law of the Member States are not regarded as recipients.
  9. Third party
    A third party is any natural person or legal entity, authority, institution or other body who or which is not the data subject, the controller, the processor or the persons authorised to process the personal data under the direct responsibility of the controller or processor.
  10. Consent
    Consent is any informed statement of intent made voluntarily and unambiguously by the data subject for the particular case and in the form of a statement or other clear affirmative action by which the data subject indicates that he or she is in agreement with the processing of the personal data that relate to him or her.

5. Legal basis of processing

Art. 6 1. a) of the GDPR serves our company as a legal basis for processing in respect of which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is for example the case with processing which is necessary for the delivery of goods or the rendering of some other service or consideration, the processing is based on Art. 6 1. b) of the GDPR. The same applies to processing which is required for carrying out measures preceding the conclusion of a contract, for example in cases where enquiries are made about our products or services.

If our company is subject to a legal obligation which renders the processing of personal data necessary, for example the fulfilment of fiscal obligations, the processing is based on Art. 6 1. c) of the GDPR.

In rare cases it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would for example be the case if a visitor were to be injured on our company premises, following which his or her name, age and health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 1. d) of the GDPR.

Finally, processing could be based on Art. 6 1. f) of the GDPR. This is the legal basis for processing which is not covered by any of the above-mentioned legal bases, if the processing is necessary for safeguarding a legitimate interest of our company or a third party, provided that that interest is not outweighed by the interests and / or fundamental rights and freedoms of the data subject. We are in particular permitted to carry out processing of this kind because special mention of it has been made by the European legislators. They, for example, took the view that a legitimate interest could be presumed to exist if you were a customer of our company (Recital 47 Sentence 2 of the GDPR).

6 Technology

6.1 SSL / TLS encryption

This site makes use of SSL or TLS encryption to ensure security in data processing and to protect the transmission of confidential content such as orders, log-in data or contact enquiries that you send to us as the provider. You can recognise an encrypted connection by the fact that there is an "https://" instead of an "http://" in the address bar of the browser and a padlock symbol in your browser bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

6.2 Data gathered when you visit the website

When you use our website for information purposes only, i.e. if you do not register or send information to us in any other way, we only gather the data that your browser transmits to our server (in so-called 'server logfiles'). Each time a page is accessed by you or by an automated system, our website gathers a set of general data and information. These general data and information are stored in the logfiles of the server and may include

  1. the browser types and versions used
  2. the operating system used by the accessing system
  3. the web page from which an accessing system is referred to our website (so-called referrer)
  4. the sub-sites targeted on our website by an accessing system
  5. the date and time of access to the website
  6. a truncated Internet Protocol address (anonymised IP address)
  7. the Internet service provider of the accessing system
  8. the quantity of data sent in bytes.

When utilising these general data and information we do not draw any conclusions as regards your person. On the contrary, the information is required for

  1. the correct delivery of the content of our website
  2. the optimisation of the content of our website and the advertising thereof
  3. ensuring the continuing functionality of our IT systems and the technology of our website and
  4. providing the authorities with the information they require for prosecution in the case of a cyber attack.

These data and information, having been gathered, are thus analysed by us, on the one hand statistically, and also with the aim of improving data protection and data security in our company, so that we can ultimately ensure an optimum level of protection for the personal data we process. The anonymous data from the server logfiles are stored separately from all the personal data made available by a data subject.

The legal basis for the data processing is Art. 6 1. f) of the GDPR. Our legitimate interest follows from the purposes of data gathering listed above.

7 Cookies

7.1 General information on cookies

We deploy cookies on our website. Cookies are small files which are generated by your browser automatically and stored in your IT system (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage on your device, and they do not contain any viruses, Trojans or other malware.

Information that arises in connection with the device specifically deployed is stored in the cookie. However, this does not mean that we directly gain knowledge of your identity as a result.

On the one hand, the deployment of cookies serves the purpose of making it more agreeable for you to use our amenities. For example, we deploy so-called session cookies which enable us to recognise that you have already visited individual pages on our website. These are deleted automatically when you leave the site.

We also deploy temporary cookies to optimise user-friendliness. These are saved on your device for a certain fixed period. If you revisit our site to take advantage of the services we offer, the cookie automatically recognises both the fact that you have been there before and the entries you made and the settings you had, so that you do not need to enter them again.

Furthermore, we deploy cookies so as to be able to record the use of our website statistically and analyse it for the purpose of optimising our amenities. These cookies enable us to recognise automatically that you have been there before when you revisit our site, and are deleted automatically after a defined period of time.

The data processed by the cookies are necessary for the above-mentioned purposes of safeguarding our legitimate interests and those of third parties in accordance with Art. 6 1. f) of the GDPR.

Most browsers accept cookies automatically. Having said that, you can configure your browser in such a way that no cookies are saved on your computer, or in such a way that a notice always appears before a new cookie is generated. Complete deactivation of cookies, however, can lead to a status in which you cannot take advantage of all the functions of our website.

8 Content of our website

8.1 Contact / contact form

Personal data are gathered when you make contact with us (e.g. by contact form or e-mail). Which data are actually gathered when a contact form is used can be seen in the contact form itself. These data are stored and used exclusively for the purpose of replying to your enquiry and / or making contact and the technical administration associated with it. The legal basis for the processing of the data is our legitimate interest in replying to your enquiry in accordance with Art. 6 1. f) of the GDPR. If you make contact with us aiming to conclude a contract, a further legal basis for the processing is Art. 6 1. b) of the GDPR. Your data will be deleted when your enquiry has finally been dealt with. This is the case when the circumstances indicate that the matter concerned has been finally resolved and there are no statutory obligations to preserve business records such as would contradict the deletion.

9 Distribution of newsletter

9.1 Distribution of the newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers regarding goods and / or services similar to the ones you have already purchased from our product range by e-mail. For this, in accordance with Section 7 (3) of the German Unfair Competition Act (UWG), we are not under any obligation to obtain separate consent from you. To that extent, the data are processed solely on the basis of our legitimate interest in personalised direct advertising as in Art. 6 1. f) of the GDPR. If you objected to the use of your e-mail address for this purpose at the outset, no mails will be sent by us. You have the right to object to the use of your e-mail address for the above-mentioned advertising purposes at any time with future effect by notifying the controller named at the beginning. If you do so, you only incur transmission costs at the basic rates. When your objection has been received, the use of your e-mail address for advertising purposes will be discontinued immediately.

9.2 Promotional newsletter

On our website you have the option of subscribing to our company newsletter. The personal data that are transmitted to us when you order the newsletter can be seen in the template you use for that purpose.

We inform our customers and business partners at regular intervals via a newsletter about our product range. As a matter of basic principle, you can only receive the newsletter of our company if

  1. you have a valid e-mail address and
  2. you have registered for the newsletter.

For legal reasons, a confirmation mail in the double opt-in procedure will be sent to the e-mail address you entered when you first signed up for the newsletter. This confirmation mail serves the purpose of enabling us to verify that you, as the holder of the e-mail address, have actually authorised us to send you the newsletter.

When you register for the newsletter we also save the IP address of the IT system you were using at the time when you registered, allocated by your Internet service provider (ISP), and the date and time of registration. The gathering of these data is necessary in order to be able to trace the (possible) abuse of your e-mail address at a later point in time and thus serves to protect us from a legal point of view.

The personal data gathered in the context of registration for the newsletter are used exclusively for its distribution. Moreover, subscribers to the newsletter can be informed by e-mail if this is necessary to the running of the newsletter service or registration in respect of it, such as could be the case if changes were made to the newsletter service or modifications to the technical facilities. Personal data gathered in the context of the newsletter service will not be passed on or otherwise disclosed to third parties. You can give notice to terminate your subscription to our newsletter at any time. The consent to the storage of personal data that you have given us for distribution of the newsletter can be revoked at any time. For the purpose of revoking that consent, there is an appropriate link in each newsletter. Furthermore, you have the possibility to deregister from the newsletter at any time by sending an appropriate message to the controller referred to at the beginning.

The legal basis for data processing for the purpose of newsletter distribution is Art. 6 1. a) of the GDPR.

9.3 Newsletter tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic which is embedded in e-mails sent in HTML format so as to enable logfile recording and logfile analysis. This makes it possible to carry out a statistical analysis of the success or failure of on-line marketing campaigns. With the aid of the embedded tracking pixel, the company can recognise whether an e-mail has been opened by you, if so when, and which of the links in the e-mail you accessed.

Personal data gathered via the tracking pixels contained in the newsletters are stored and analysed by us in order to optimise distribution of the newsletter and adapt the content of future newsletters to suit your interests even better. These personal data are not passed on to third parties. Data subjects have the right to revoke the separate declaration of consent made via the double opt-in procedure at any time. After revocation these personal data will be deleted by us. We interpret deregistration from receipt of the newsletter automatically as revocation.

In particular, an analysis of this kind is carried out in accordance with Art. 6 1. f) of the GDPR on the basis of our legitimate interests in personalised advertising, market research and / or the design of our website as required.

10 Plugins and other services

10.1 Google Maps

On our website we use Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for the depiction of interactive maps with the purpose of providing a visual display of geographical information. Via the use of this service, for example, the location of our premises can be displayed to you, which will make it easier for you to find your way here if you wish to.

As soon as you access the sub-pages in which the map from Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there. This happens regardless of whether Google provides a user account to which you have logged in or not. If you are logged in to Google, your data are allocated to your account directly. If you do not wish the data to be allocated to your profile at Google, you have to log out of your Google user account. Google stores your data (even for users who have not logged in) as a usage profile, and analyses them. In particular, this analysis is carried out in accordance with Art. 6 1. f) of the GDPR on the basis of the legitimate interests of Google in personalised advertising, market research and / or the design of its website as required. You have the right to object to the creation of these usage profiles, but you have to apply to Google itself in order to exercise that right.

Google LLC with its registered office in the USA is certified for the US-European data protection convention 'Privacy Shield', which ensures compliance with the level of data protection currently applicable in the EU.

If you are not in agreement with the future transmission of your data to Google in the context of using Google Maps, you also have the possibility of disabling the web service of Google Maps completely by deactivating the JavaScript application in your browser. If you do that, however, it will not be possible to use Google Maps or the map display on this website.

We use Google Maps in the interests of making an appealing display of our on-line amenities and making it easy for you to find the locations we refer to on the website. This constitutes a legitimate interest within the meaning of Art. 6 1. f) of the GDPR.

You can view Google's terms of use at
https://www.google.de/intl/de/policies/terms/regional.html

For the additional terms of use applying to Google Maps go to
https://www.google.com/intl/de_US/help/terms_maps.html

For comprehensive information on data protection in connection with the use of Google Maps go to the Google website ('Google Privacy Policy'):
https://www.google.de/intl/de/policies/privacy/

10.2 Google Web Fonts

Our website uses so-called web fonts for the uniform depiction of fonts provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access a page, your browser loads the required web fonts into your browser cache to enable texts and fonts to be displayed correctly.

To this end, the browser you use must make connection with the servers at Google. In this way, Google gains knowledge of the fact that our website has been accessed via your IP address. Google web fonts are used in the interests of uniform and appealing depiction on our website.

This constitutes a legitimate interest within the meaning of Art. 6 1. f) of the GDPR.

Google LLC with its registered office in the USA is certified for the US-European data protection convention 'Privacy Shield', which ensures compliance with the level of data protection currently applicable in the EU.

For more information on Google web fonts go to
https://developers.google.com/fonts/faq and
the Google data protection declaration at: https://www.google.com/policies/privacy/

10.3 YouTube (Videos)

This website uses the YouTube embedding function for the depiction and playback of videos by the provider 'YouTube', which is part of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ('Google').

The extended data protection mode is used here. According to information from the provider, user information does not begin to be saved until the video(s) is / are replayed. When the replay of embedded YouTube videos begins, the provider 'YouTube' deploys cookies in order to gather information about the behaviour of the user. According to information furnished by 'YouTube', the purposes this serves include the compilation of video statistics, the improvement of user-friendliness and the prevention of abuse. If you are logged in to Google, your data are allocated directly to your account when you click on a video. If you do not wish the data to be allocated to your profile at YouTube, you need to log out prior to activating the button. Google stores your data (even for users who have not logged in) as usage profiles and analyses them. Analysis of this kind is carried out in particular in accordance with Art. 6 1. f) of the GDPR on the basis of the legitimate interests of Google in personalised advertising, market research and / or the design of its website as required. You have the right to object to the creation of these user profiles, but you have to apply to YouTube itself in order to exercise that right.

Regardless of any replay of embedded videos, each access of this website causes a connection to be made to the Google network 'DoubleClick' , and this in turn may trigger off further data processing sequences which are beyond our influence.

Google LLC with its registered office in the USA is certified for the US-European data protection convention 'Privacy Shield', which ensures compliance with the level of data protection currently applicable in the EU.

You can obtain more information on data protection at 'YouTube' in the provider's data protection declaration at: https://www.google.de/intl/de/policies/privacy

11 Your rights as the data subject

11.1 Right to confirmation

You have the right to request confirmation from us as to whether or not personal data that relate to you are being processed.

11.2 Right of access as in Art. 15 of the GDPR

You have the right to receive free information at any time from us about the personal data stored relating to your person, and a copy of those data.

11.3 Right to rectification as in Art. 16 of the GDPR

You have the right to request the rectification of incorrect personal data that relate to you. Furthermore, the data subject has the right to request that incomplete personal data be completed, taking into account the purposes of the processing.

11.4 Erasure as in Art. 17 of the GDPR

You have the right to request us to delete personal data that relate to you without delay if any of the reasons provided for by law apply and the processing is not necessary.

11.5 Restriction of processing as in Art. 18 of the GDPR

You have the right to request us to restrict processing if any of the statutory prerequisites exist.

11.6 Data portability as in Art. 20 of the GDPR

You have the right to receive the personal data which relate to you and which you made available to us in a structured, commonly used, machine-readable format. Without any hindrance on our part, you also have the right to transmit those data to another controller to whom the personal data have been provided, if the processing is done on the basis of consent as in Art. 6 1. a) of the GDPR or Art. 9 2. a) of the GDPR or a contract as in Art. 6 1. b) of the GDPR and carried out by automated means, provided that the processing is not necessary for the performance of a task or duty which is in the public interest or in the exercising of official authority which has been vested in us.

Apart from that, when exercising your right to data portability in accordance with Art. 20 1. of the GDPR, you have the right to have the personal data transferred directly from one controller to another if this is technically feasible and does not impair the rights and freedoms of others.

11.7 Objection as in Art. 21 of the GDPR

You have the right to lodge an objection to the processing of personal data that relate to you at any time for reasons arising from your particular situation, if said processing is done on the basis of Art. 6 1. e) (data processing in the public interest) or f) (data processing on the basis of a balancing of interests) of the GDPR.

This also applies to profiling based on these provisions as in Art. 4 4. of the GDPR.

If you do lodge an objection, we will not process your personal data any more unless we can produce evidence of compelling legitimate reasons for doing so such as outweigh your interests, rights and freedoms, or unless the processing serves the purpose of asserting, exercising or defending legal claims.

In individual cases we process personal data in order to carry out direct advertising. You can object at any time to the processing of personal data for the purpose of such advertising. The same applies to profiling if it is done in connection with such direct advertising. If you lodge an objection with us to processing for the purposes of direct advertising, we will no longer process personal data for those purposes.

You also have the right, for reasons arising from your particular situation, to lodge an objection to the processing of personal data that relate to you, if such processing is done for scientific or historical research purposes or statistical purposes as in Art. 89 1. of the GDPR, unless such processing is necessary to the performance of a task in the public interest.

In connection with the use of services of the information society, notwithstanding Directive 2002/58/EC, you are free to exercise your right to object by means of automated procedures in which technical specifications are applied.

11.8 Revocation of consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time with future effect.

11.9 Complaining to a supervisory authority

You have the right to complain to a supervisory authority which is competent for data protection about our processing of personal data.

12 Routine storage, deletion and disabling of personal data

We only process and store your personal data for the period which is necessary to the achievement of the purpose of that storage, or if such processing and storage have been provided for in the legal provisions to which our company is subject.

If the purpose of storage ceases to apply or if a prescribed storage deadline expires, the personal data will be disabled or deleted as a matter of routine and in accordance with the statutory regulations.

13 Duration of the storage of personal data

The criterion for the duration of the storage of personal data is the respective statutory retention period for documents and records. After expiry of that period the data concerned will be deleted as a matter of routine provided that they are no longer required for the performance or negotiation of a contract.

14 Current applicability and amendment of the data protection declaration

This data protection declaration is currently applicable and was issued in May 2018.

It may become necessary to modify this data protection declaration on account of the further development of our web pages and amenities or because of altered statutory requirements or specifications from the authorities. You can retrieve and print out the currently applicable data protection declaration at any time on the website under www.eurodata.de/datenschutz

please note - only available in german:
Auftragsverarbeitung bei vom Kunden beauftragten Leistungen (Stand: 06/2018)
Technische und organisatorische Massnahmen (TOM - Stand: 03/2018)
Untervertragsverhältnisse