DATA PROTECTION DECLARATION

 

The following Data Protection Declaration applies for the use of our website www.eefholding.de (hereinafter “Website”).

 

For us, your privacy is a matter of utmost importance. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR).

 

1) Data Controller

 

The data controller for the collection, processing and use of your personal data within the meaning of Art. 4 (7) GDPR is:

 

EEF Holding GmbH

Özgür Ergül

Kurfürstendamm 11

10719 Berlin

 

If you wish to object to the collection, processing or use of your data by us in accordance with this Data Protection Declaration as a whole or within the scope of individual measures, you may address your objection to the the data controller.

 

You may save or print out this Data Protection Declaration at any time.

 

2) General Purposes of Processing

 

We use personal data for the purpose of operating the Website and sending newsletters. Data entered during registration will not be transmitted to third parties. More information on how we send our newsletter is given in 3.6.

 

3) The Data We Use and Why

 

3.1) Hosting

 

The hosting services we engage provide the following services: infrastructure and platform services, computing capacity, storage and database services, security services and the technical maintenance services we use to operate this Website.

 

As part of our engagement of these services, we and/or our hosting provider process personal data, contact data, content data, contract data, usage data and meta/communication data pertaining to our customers, prospective customers and visitors to this Website on the basis of our legitimate interests in the efficient and secure provision of our Website pursuant to Art. 6 (1) f) GDPR in conjunction with Art. 28 GDPR.

 

3.2) Access Data

 

We collect information about you when you use this Website. We automatically gather information about your usage behaviour and interactions with us and register information about your computer or mobile device. We collect, store and use data about every instance of access to our Website (“server log files”). Access data includes:

 

Name and URL of the accessed file

Date and time of access

Volume of data transmitted

Report regarding successful access (HTTP response code)

Browser type and version

Operating system

Referrer URL (previously visited page)

Websites accessed by the user’s system via our Website

User’s internet service provider

IP address and provider issuing the request

 

We use this log data without assigning it to you or otherwise creating user profiles. Instead, we carry out statistical evaluations for the purpose of operating, securing and optimising our Website as well as for the anonymised recording of visitor numbers to our Website (traffic) and the extent and nature of use of our Website and services. The data is also used for billing purposes – that is, to measure the number of clicks received from partners. This information enables us to provide personalised, location-based content as well as to analyse traffic, troubleshoot and improve our services.

 

This also falls within our legitimate interest in accordance with Article 6 (1) f) GDPR.

 

We reserve the right to review log data at a later date if, on the basis of concrete evidence, there is a legitimate suspicion of unlawful use. We store IP addresses in the log files for a limited period of time where it is necessary to do so for security purposes, the provision of services or the billing of a service (e.g. if you make use of one of our offers). If the order process is terminated, or once payment has been received, we will delete the IP address, so long as it is no longer required for security purposes. We also store IP addresses if we have specific reason to suspect a crime in connection with the use of our Website. As part of your account, we also save date pertaining to your last visit (e.g. registration, logging in, clicking of links, etc.).

 

3.3) Cookies

 

We use a type of cookies known as “session cookies” to optimise our Website. A session cookie is a small text file that is sent by the Website’s servers when you visit a Website and stored on your hard disk. This file contains a “session ID” with which different requests from your browser can be assigned to a single session. This will allow your computer to be recognised when you return to our Website. These cookies are deleted after you close your browser. They enable you to do things like use the shopping cart feature across multiple pages.

 

We also use a small number of persistent cookies (which, like session cookies, are small text files that are stored on your device) that remain on your device and allow us to recognise your browser on your next visit. These cookies are stored on your hard drive and delete themselves after a set amount of time. Their lifespan ranges from 1 month to 10 years. They enable us to display our Website in a more user-friendly, effective and secure way, and, among other things, to display information tailored to your specific interests.

 

Our legitimate interest in the use of cookies in accordance with Article 6 (1) f) of the GDPR lies in making our Website more user-friendly, effective and secure.

 

The cookies store data and information including the following:

Login information

Language settings

Search terms entered

Information about the number of visits to our Website and use of individual functions of our Website.

If the cookie is activated, it will be assigned an identification number. Your personal data will not be assigned to this identification number. Your name, IP address and/or other similar data that would allow the cookie to be linked with you will not be stored in the cookie. The cookie technology only gives us access to pseudonymous information such as which pages of our shop were visited, which products were viewed, etc.

You can set your browser to inform you in advance about the setting of cookies and allow you to decide whether or accept cookies on a case-by-case basis or to object to them them completely. However, please keep in mind that objecting to cookies may limit the functionality of the Website.

 

3.4) Data for Fulfilling Our Contractual Obligations

We process the personal data that is required to fulfil our contractual obligations, such as name, address, email address, products ordered and billing and payment data. The collection of this data is required for the purpose of concluding a contract.

The deletion of the data will occur upon expiry of the warranty periods and statutory retention periods. Any data associated with a user account (see below) will always be retained for as long as this account is maintained.

The legal basis for the processing of this data is Art. 6 (1) b) GDPR, since this data is required to enable us to fulfil our contractual obligations to you.

 

3.5) User Account

You have the opportunity to create a user account on our Website. If you wish to do this, we will need the personal data requested during the signup process. Subsequent logins will only require your email or username and the password you have chosen.

During the registration process, we collect master data (e.g. name, address), communication data (e.g. email address), payment data (bank details) and access data (username and password).

In order to ensure proper registration and to prevent unauthorised logins by third parties, you will be sent an activation link by email to enable you to activate your account. Only once your account has been activated will we store the transmitted data in our system on a permanent basis.

You may request to have a user account deleted by us at any time without costs other than transmission costs according to the basic rates. A written message to the contact details given in Section 1 (e.g. email, fax, letter) will suffice. We will then delete your stored personal data, so long as we are not required to save it for the processing of orders or due to legal storage requirements.

The legal basis for the processing of this data is your consent in accordance with Art. 6 (1) a) GDPR.

 

3.6) Newsletter

To subscribe to the newsletter, you will need to provide the data requested during the signup process. The signup process for the newsletter will be logged. After signup, you will receive a message to the email address you entered requesting confirmation of your signup (“Double Opt-in”). This is to ensure that third parties are not able to register with your email address.

You can revoke your consent to receive the newsletter and thus unsubscribe from the newsletter at any time.

We save the registration details for as long as they are needed for sending the newsletter. The record of the signup and the delivery address are stored for as long as we have an interest in retaining proof of the originally issued consent. As a rule, this for the period of limitation for civil claims and therefore a maximum of three years.

The legal basis for the sending of the newsletter is your consent pursuant to Art. 6 (1) a) in conjunction with Art. 7 GDPR and § 7 (2) No. 3 UWG (German Unfair Competition Act). The legal basis for logging the signup is our legitimate interest in proving that the sending of the newsletter is carried out with your consent.

You can cancel your subscription at any time without incurring any costs other than transmission costs according to the basic rates. A message in text form to the contact details given in Section 1 (e.g. email, fax, letter) will be sufficient. You will also find an unsubscribe link in every newsletter.

 

3.8) Email Contact

When you contact us (e.g. via contact form or email), we process your details for the purpose of handling the request and in case follow-up queries arise.

If this data processing takes place for the execution of pre-contractual measures occurring at your request (or, if you are already a customer, for the performance of a contract), the legal basis for processing this data is Art. 6 (1) b) GDPR.

We process other personal data only if you have consented to this (Article 6 (1) a) GDPR) or if we have a legitimate interest in doing so (Article 6 (1) f) GDPR. A legitimate interest consists in (e.g.) responding to your email.

 

4) Google Analytics

We use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”: text files that are stored on your computer and allow your use of the Website to be analysed. Cookie-generated information about use of this Website by visitors is usually transmitted to a Google server in the USA and stored there.

This is also our legitimate interest in accordance with Article 6 (1) f) GDPR.

Google has obligated itself to the Privacy Shield Agreement between the European Union and the United States and certified. This means that Google agrees to comply with the standards and regulations of European data protection law. You can find further information under the following link.

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

IP anonymization has been activated on this Website (anonymizeIp). This means that your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area prior to being transmitted. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there. Google will use this information, on our behalf, to evaluate your use of the Website, compile reports on Website activity and provide us with other services related to Website activity and internet usage.

The IP address provided by Google Analytics as part of Google Analytics will not be held in connection with other Google data. You can prevent the storage of cookies by adjusting the corresponding setting in your browser software; however, please note that if you do this, you may not be able to use all the features of this Website fully.

In addition, you can prevent cookie-generated data and data related to your use of this Website (including your IP address) being transmitted to and processed by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser plug-in, or within browsers on mobile devices, you can click on the following link. This sets an opt-out cookie that will prevent Google Analytics from collecting information within this Website in the future (please note that the opt-out cookie only works in the respective browser and for this domain; if your delete cookies in your browser, you will need to click this link again).

 

5) Duration of Storage

Unless specifically stated, we store personal data only as long as is necessary to fulfil the respective purposes.

In some cases, the legislator makes allowances for the retention of personal data, e.g. under tax or commercial law. In these cases, the data will be stored by us solely for these legal purposes. It will not be otherwise processed and will be deleted after the expiry of the statutory retention period.

 

6) Your Rights as a Data Subject

Under applicable law, you have various rights pertaining to your personal information. If you wish to assert these rights, please send a request by email or by post, clearly indicating your identity, to the address given in Section 1.

Below is an overview of your rights.

 

6.1) Right to Confirmation and to Obtain Information

You have the right to obtain clear information about the processing of your personal data.

More specifically:

You have the right, at any time, to obtain confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to request free information about stored personal data and to receive a copy of this data. Furthermore, you have a right to the following information:

  1. The process of processing;
  2. The categories of personal data being processed;
  3. The recipients or categories of recipients to whom the personal data have been disclosed or are being disclosed, in particular recipients in third countries or international organisations;
  4. If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration;
  5. The existence of a right to rectification or deletion of the personal data concerning you, the restriction of processing by the controller, or the right to object to such processing;
  6. The existence of a right of appeal to a supervisory authority;
  7. If the personal information is not collected from you, all available information about the source of the data;
  8. The existence of automated decision-making procedures, including profiling, according to § 22 (1) (4) GDPR and – at least in these cases – meaningful information about the logical basis, as well as the implications and intended effects of such processing for you.

If personal data is transmitted to a third country or an international organisation, you have the right to be informed about the guarantees invoked under Art. 46 GDPR in connection with the transfer.

 

6.2) Right to Rectification

You have the right to demand that we rectify and, where necessary, complete your personal data.

More specifically:

You have the right to demand immediate rectification of incorrect personal data concerning you. Taking into account the purpose of processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

 

6.3) Right to Deletion (“Right to be Forgotten”)

There are a number of cases in which we are required to delete your personal information.

More specifically:

According to Art. 17 (1) GDPR, you have the right to ask us to delete your personal data without delay. We are obliged to delete your personal data immediately if one of the following reasons exists:

  1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke the consent upon which processing is carried out according to Art. 6 (1 a) GDPR or Art. 9 (2 a) GDPR and no other legal basis for the processing exists.
  3. You object to processing according to Art. 21 (1) GDPR and there are no legitimate grounds for processing that take precedence, or you object to processing according to Art. 21 (2) GDPR.
  4. The personal data was processed unlawfully.
  5. The deletion of personal data is required to fulfil a legal obligation to which we are subject under European Union or national law.
  6. The personal data has been provided in relation to information society services rendered in accordance with Art. 8 (1) GDPR.

If we have made the personal data publicly available and are obliged to delete it in accordance with Art. 17 (1) GDPR, we shall, taking into account the available technology and implementation costs, take appropriate measures, including technical ones, to inform the data controllers responsible for data processing that you have requested the deletion of any links to this personal data and/or copies and replications of this personal data.

 

6.4) Right to Restriction of Processing

There are a number of cases in which you are entitled to request that we restrict the processing of your personal information.

More specifically:

You have the right to request us to restrict processing if any of the following conditions apply:

  1. The accuracy of your personal information is contested by you, in which case processing may be restricted for a period of time that enables us to verify the accuracy of your personal information.
  2. Processing is unlawful, but you have declined the deletion of your personal data and have instead requested that the use of your personal data be restricted;
  3. We no longer need your personal information for processing purposes, but you require the information to assert, exercise or defend your rights, or
  4. You have filed an objection to processing according to Art. 21 (1) GDPR, so long as it is not the case that the legitimate reasons of our company for processing outweigh yours.

 

6.5) Right to Data Portability

You have the right to receive, transmit or transmit personal data concerning you in a machine-readable format.

More specifically:

You have the right to obtain, in a structured, commonly used and machine-readable format, the personal information you have provided to us. You have the right to request that this information is transmitted directly to another controller without hindrance, provided that

  1. The processing is based on consent according to Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR or on a contract pursuant to Art. 6 (1) b) GDPR, and
  2. The processing is carried out using automated procedures.

In exercising your right to data portability in accordance with the above paragraph, you have the right to have personal data transmitted directly by us to another data controller, insofar as this is technically feasible.

 

6.6) Right to Object

You have the right to object to the lawful processing of your personal data by us if there are reasons arising from your particular situation and if our interests in processing do not take precedence.

More specifically:

You have the right to object, at any time, to the processing of personal data concerning you pursuant to Article 6 (1) e) or f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions. We will cease the processing of personal information, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purposes of asserting, exercising or defending legal claims.

If personal data is processed by for the purpose of sending direct mailings, you have the right to object, at any time, to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct mailings.

You have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes under Article 89 (1) of the GDPR, unless the processing is necessary to fulfil a task in the public interest.

 

6.7) Automated Decision-Making, Incl. Profiling

You have the right not to be subject to a decision based solely on automated processing (including profiling) that will have legal validity or will otherwise affect you significantly in a similar manner.

No automated decision-making is carried out based on the personal data collected.

 

6.8) Right to Revoke Consent Given Under Data Protection Law

You have the right to revoke your consent to the processing of personal data at any time.

 

6.9) Right to Complain to a Supervisory Authority

You have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is unlawful.

 

7) Data Security

We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical feasibilities.

Your personal data will be transmitted by us using encrypted methods. This applies to any orders you place and also to your customer login. We use the SSL (Secure Socket Layer) coding system; however, please note that any data transmission over the Internet (e.g. when communicating by e-mail) may be subject security vulnerabilities. It is not possible to completely protect the data from access by third parties.

To safeguard your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR. These are adjusted in accordance with the state of the art on an ongoing basis.

We also do not warrant that our offer will be available at specific times; Disruptions, interruptions and failures cannot be ruled out. The servers we use are backed up carefully on a regular basis.

 

8) Disclosure of Data to Third Parties, No Data Transfer to non-EU countries

As a general use, we only use your personal data within our company.

If and to the extent that we engage third parties in the performance of contracts (e.g. logistics service providers), they will only receive personal data to the extent that the transmission is required for the corresponding service.

In the event that we outsource certain aspects of our data processing (“contract data processing”), we contractually obligate any joint processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the data subject’s rights.

Data transmission to agencies or persons outside the EU outside of the case referred to in paragraph 4 does not and is not planned to take place.

 

9) Data Protection Officer

If you have any questions or concerns about privacy, please contact EEF’s Data Protection Officer:

Özgür Ergül

info@eefholding.de