1. Data protection overview
The following notes provide a simple overview of what happens to your personal information when you visit our website. Personal information is any information that personally identifies you. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.
Data collection on our website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. Their contact data can be found in the imprint of this website.
How do we collect your data?
On the one hand, your data is collected by you communicating it to us. This may involve data that you enter in a contact form, for example.
Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure that the website operates correctly. Other data can be used to analyze your user behavior and to improve the page content.
What rights do you have with regard to your data?
You have the right at any time and free of charge to obtain information about the origin, recipient and purpose of your stored personal data. You also have the right to demand that this data be corrected, blocked or deleted. You can contact us at any time at the address given in the imprint for this and other questions on the subject of data protection. Furthermore, you have the right to appeal to the responsible supervisory authority.
In addition, you have the right, under certain circumstances, to demand the restriction of the processing of your personal data. For details please refer to the data protection declaration under “Right to limitation of processing”.
Analysis tools and third-party tools
When you visit our website, your surfing behavior can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information on this can be found in the following privacy statement.
You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration.
2. General information and mandatory information
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this data protection explanation.
We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can be subject to security vulnerabilities. A complete protection of the data against access by third parties is not possible.
Name and address of the data controller
The person responsible within the framework of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:
Contact the data protection officer
The designated data protection officer is:
Erich Zimmermann c/o ZiDa-Datenschutz GmbH, Waldhofer Str. 102, 69123 Heidelberg, Germany
The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right of objection against data collection in special cases and against direct advertising (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which a processing is based can be found in this data protection declaration. If you file an objection, we will no longer process your personal data concerned unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims (objection according to Art. 21 para. 1 GDPR).
If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 GDPR).
Right of appeal to the competent supervisory authority
In the event of infringements of the GDPR, the persons concerned have the right to appeal to a supervisory authority, in particular in the Member State of their permanent residence, workplace or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.
Right to data transferability
You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after the conclusion of a contract with costs, there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization), this data is required for payment processing.
Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
With encrypted communication, your payment data, which you transmit to us, cannot be read by third parties.
Information, blocking, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for this and other questions on the subject of personal data.
Right to limitation of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint. The right to restriction of the processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the examination you have the right to demand the restriction of the processing of your personal data.
- If the processing of your personal data has taken place unlawfully, you can demand the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 Para. 1 GDPR, a balance must be struck between your and our interests. As long as it is not yet clear whose interests predominate, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, these data may only be processed – apart from their storage – with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
Opposition to promotional e-mails
We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.
3. Data acquisition on this website
Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser during your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Cookies which are necessary for the electronic communication process or for the provision of certain functions requested by you (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behavior) are stored, these are dealt with separately in this data protection declaration.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- used operating system
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
This data will not be merged with other data sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the technically error-free presentation and optimization of his website – for this purpose, the server log files must be recorded.
If you send us enquiries via the contact form, your details from the enquiry form including the contact data you provided there will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. These data will not be passed on without your consent.
The processing of the data entered in the contact form is therefore carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data entered by you in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent necessary for the establishment, content or modification of the legal relationship (inventory data).
This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data relating to the use of our Internet pages (usage data) only to the extent necessary to enable the user to make use of the service or to bill the user.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmission at contract conclusion for services and digital contents
We transmit personal data to third parties only if this is necessary in the context of contract processing, for example to the bank commissioned with payment processing.
A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 Para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Contact via the website
Due to legal regulations, the website of eccenca GmbH contains information that enables quick electronic contact with our company and direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted voluntarily by a data subject to the data controller will be stored for the purposes of processing or contacting the data subject. This personal data will not be passed on to third parties.
Data protection for applications and in the application process
The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents electronically, for example by e-mail or via a web form on the website, to the data controller. If the data controller concludes an employment contract with an applicant, the data transmitted shall be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude a contract of employment with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interests in this sense include, for example, the duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG).
4. Social media
Data processing through social networks
We maintain publicly accessible profiles on social networks. The social networks we use in detail can be found below.
Social networks such as Facebook, Twitter etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites triggers numerous processing processes relevant to data protection. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed inside and outside the respective social media presence. If you have an account with the respective social network, interest-related advertising can be displayed on all devices on which you are logged in or were logged in.
Our social media sites are designed to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Person responsible and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing processes triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data transferability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).
Please note that despite our joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely based on the corporate policy of the respective provider.
The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete, your consent to storage revoke or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
Our social media appearances
Facebook plugins (Like & Share button)
We have a profile on Facebook. The provider is Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA. Facebook has a certification according to the EU-US-Privacy-Shield.
You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our page. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.
When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate visiting our pages with your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the data transmitted or its use by Facebook.
If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.
The Facebook plug-ins are used on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a justified interest in the widest possible visibility in the social media.
You can adjust your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads
We use the Twitter text messaging service. The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter is certified according to the EU-US Privacy Shield.
By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to Twitter. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the transmitted data or its use by Twitter.
The Twitter plug-in is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the widest possible visibility in the social media.
You can adjust your Twitter data protection settings independently in your user account. Click on the following link and log in: https://twitter.com/personalization
We have a profile at LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield. LinkedIn uses advertising cookies.
Each time you visit one of our pages that contains LinkedIn features, a connection is established to LinkedIn servers. LinkedIn will be informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our site with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.
The LinkedIn plug-in is used on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a justified interest in the widest possible visibility in the social media.
If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Each time you access one of our pages that contains XING functions, a connection is established to XING servers. To the best of our knowledge, personal data is not stored. In particular, no IP addresses are stored or the usage behavior evaluated.
The XING plug-in is used on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a justified interest in the widest possible visibility in the social media.
5. Analysis tools and advertising
This website uses functions of the web analysis service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.
The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
We have activated the IP anonymization function on this website. This will cause Google to shorten your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area before it is transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Objection to data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent your information from being collected on future visits to this website: Disable Google Analytics.
We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics of Google Analytics
This website uses the function “demographic features” of Google Analytics. This allows reports to be generated that contain information about the age, gender and interests of site visitors. This data comes from interest-related advertising by Google and visitor data from third parties. This information cannot be associated with any specific individual. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit Google Analytics from collecting your data as described under “Objection to data collection”.
This website uses Google AdSense, a service for the integration of Google Inc. advertisements. (“Google”). Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google AdSense uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. Google AdSense also uses so-called web beacons (invisible graphics). Through these web beacons, information such as visitor traffic on these pages can be evaluated.
The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information can be passed on by Google to Google’s contractual partners. However, Google will not combine your IP address with other data stored by you.
AdSense cookies are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
Google Analytics Remarketing
Our sites use Google Analytics Remarketing features in conjunction with the cross-device features of Google AdWords and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This feature allows Google Analytics Remarketing to link advertising target groups with the cross-device capabilities of Google AdWords and Google DoubleClick. In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browser history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you log in with your Google Account.
To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising.
You can permanently opt out of cross-device remarketing/targeting by opting out of personalized advertising in your Google Account by following this link: https://www.google.com/settings/ads/onweb/.
The data collected in your Google Account will only be aggregated on the basis of your consent, which you may give or revoke to Google (Art. 6 para. 1 lit. a GDPR). In the case of data collection processes that are not consolidated in your Google Account (e.g. because you do not have a Google Account or have objected to the consolidation), the data collection is based on Art. 6 para. 1 lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes.
Further information and the data protection regulations can be found in Google’s data protection declaration at: https://www.google.com/policies/technologies/ads/.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use what is known as conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not expired, Google and we may recognize that the user clicked on the ad and was directed to that page.
Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through AdWords customer websites. The information collected from the Conversion cookie is used to generate conversion statistics for AdWords customers who have opted for Conversion Tracking. Customers will know the total number of users who clicked on their ad and were directed to a page with a conversion tracking tag. However, they will not receive information that personally identifies users.
If you do not wish to participate in tracking, you can opt out of this use by easily turning off the Google Conversion Tracking cookie in your Internet browser under User Preferences. You will then not be included in the conversion tracking statistics. To prevent Universal Analytics from collecting data over multiple devices, you need to “opt out” on all the systems you use. To set the opt-out cookie: Click here to opt-out of Google Analytics
The storage of “conversion cookies” and the use of this tracking tool are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted
The data controller has integrated the Hatchbuck component on this website. We use the CRM system in order to be able to process user enquiries faster and more efficiently and to be able to provide requested information more quickly (justified interest pursuant to Art. 6 Para. 1 lit. f. GDPR).
The operator of the Hatchbuck components is Systematic Revenue, LLC dba Hatchbuck, 911 Washington Ave, Ste. 828 St. Louis, Missouri 63101, USA.
Hatchbuck uses user data only for the technical processing of inquiries and does not pass them on to third parties. In order to use Hatchbuck, it is necessary to provide at least a correct e-mail address. A pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address).
If users do not agree to the collection and storage of data in Hatchbuck’s external system, we will provide them with alternative contact options for submitting service requests by email, telephone, or mail.
6. Plugins and tools
YouTube with enhanced data protection
Our website uses plugins from the YouTube website. The site is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
We use YouTube in advanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they view the video. However, YouTube’s enhanced privacy mode does not necessarily preclude the sharing of information with YouTube partners. YouTube connects to the Google DoubleClick network whether or not you’re watching a video.
When you start a YouTube video on our site, it connects to YouTube’s servers. This will tell the YouTube server which of our pages you’ve visited. If you are logged in to your YouTube account, you can allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube can also store various cookies on your device after you start a video. YouTube can use these cookies to obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve usability and prevent fraud. The cookies remain on your device until you delete them.
If necessary, after the start of a YouTube video, further data processing operations may be triggered over which we have no control.
YouTube is used in the interest of an appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
Further information on data protection at YouTube can be found in its data protection declaration at: https://www.youtube.com/t/privacy_at_youtube.
This page uses the Google Maps map service via an API. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the features of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
You can find more information on the handling of user data in Google’s data protection declaration: https://www.google.de/intl/de/policies/privacy/.