Privacy Policy 

This privacy policy refers to the processing of personal data within the context of this website, including the services provided there.

For further details regarding the processing of your personal data, please feel free to contact us using the contact information listed below.

 

Contents

1. General Information
2. Legal basis for data processing on this website
3. How long will the personal data be stored
4. Notice regarding data transfers to third countries that are not secure under data protection law and transfers to US companies that are not DPF-certified
5. Recipients of personal data
6. Rights of the data subject
7. Revoking your consent to data processing
   Direct marketing (Article 21 of the GDPR)
8. Right to lodge a complaint with the supervisory authorities
9. Additional information
10. SSL or TLS encryption
11. Special information regarding the website
    a) external hosting
    b) recording
12. Cookies
    a) technical cookie – essential
    b) performance/tracking cookie
    c) cookie consent with Borlabs Cookie
13. Analysis of user behaviour (webtracking systems; reach measurement)
    a) use of Google Tag Manager
    b) use of Google Analytics
    c) use of Visable
14. Plugins and tools
15. Collection of additional data
    a) audio and video conferences
    b) contact form
    c) inquiry by email, phone or fax
16. Electronic mail (email)
17. Credit check
18. Specific information regarding the application process
19. Social media appearances
20. Subcontractor relationship/data processors

 

1. General information

Issued by:

EW Hof Antriebe und Systeme GmbH
Oberkotzauer Str. 3
95032 Hof

Phone: +49 (0) 9281-585-0
Fax: +49 (0) 9281-585-37
Email: info@ewhof.de

 

Staff responsible for the website
Jürgen Kluge

 

Data protection officer:
BM Digital Consulting GmbH
Bettina Döhla
Telephone: 09281 180070
Email: info@bm-digital-consulting.de

 

Managing Director:
Jürgen Kluge
Phone: +49 (0) 9281-585-0
Fax: +49 (0) 9281-585-37
Email: info@ewhof.de

 

2. Legal basis for data processing on this website

To the extent that you have consented to the processing of your data, we process your personal data on the basis of Art. 6 Sect. 1 lit. a or Art. 9 Sect. 2 lit. a of the GDPR, provided that special categories of data are processed in accordance with Art. 9 Sect. 1 of the GDPR. In case of express consent to the transfer of your personal data to third countries, the data will also be processed based on Art. 49 Sect. 1 lit. a of the GDPR. If you have consented to the storage of cookies or to the access to information on your terminal device (e.g. via device fingerprinting), the data will also be processed on the basis of Section 25 Paragraph 1 of the TDDDG (German Telecommunications Digital Services Data Protection Act). The consent can be revoked at any time. If your data is required for the performance of a contract or pre-contractual measures, we will process your data on the basis of Art. 6 Sect. 1 lit. b of the GDPR. Furthermore, we may process your data on the basis of Art. 6 Sect. 1 lit. c of the GDPR if this should be necessary for the fulfilment of a legal obligation. Furthermore, the data may be processed on the basis of our legitimate interest pursuant to Art. 6 Sect. 1 lit. f of the GDPR. Information about the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

 

3.  How long will the personal data be stored

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for the data processing ceases to exist. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

 

4. Notice regarding data transfers to third countries that are not secure under data protection law and transfers to US companies that are not DPF-certified

We use, among other technologies, tools from companies located in third countries that are not secure under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are enabled, your personal data may be transferred to and processed in these countries. We would like you to note that no level of data protection comparable to that in the EU can be guaranteed in third countries that are not secure under data protection law.

We would like to point out that the US, as a secure third country, generally has a level of data protection comparable to that of the EU. Data transfer to the US is therefore permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional assurances. Information on transfers to third countries, including the data recipients, can be found in this privacy policy.

 

5. Recipients of personal data

As part of our business activities, we collaborate with various external entities. In some cases, this collaboration requires the transfer of personal data to these external entities. We only disclose personal data to external entities if it is necessary for the performance of a contract, if we are legally obligated to do so (for example, data transfer to tax authorities), if we have a legitimate interest according to Article 6 Paragraph 1 Letter f of the GDPR in the disclosure, or if another legal basis permits us to disclose the data. When using data processors, we only pass on the personal data of our clients on the basis of a valid contract for order processing . In the event of joint processing, a joint processing agreement will be concluded.

 

6. Rights of the data subject

If we process your personal data, you as the data subject will have the following rights:

 

Right to obtain access:
If your personal data is processed, you will have the right to obtain access to the personal data stored (Art. 15 of the GDPR).

Right to rectification:
If inaccurate personal data is processed, you will have the right to rectification (Art. 16 of the GDPR).

Right to erasure:
If the legal requirements are met, you will have the right to deletion or restriction of processing (Art. 17, 18 of the GDPR).

Right to data portability:
If the processing is based on your consent or on a data processing contract and the data processing is carried out by automated means, you will have, where appropriate, the right to data portability (Article 20 of the GDPR).

Right to object:
If you have consented to the processing and the processing is based on this consent, you will have the right to revoke the consent with effect for the future. This does not affect the legality of data processing carried out based on consent until its revocation. You have the right to object to the processing of your data at any time on grounds relating to your particular situation if the processing is based on Art. 6 Sect. 1 Subsect.  lit. e GDPR (Art. 21 Sect. 1 Clause 1 GDPR).

Right to restriction of processing:
You have the right to obtain restriction of processing of your personal data. To do so, contact us at any time. The right to restriction of processing exists in the following cases:

• If the accuracy of the personal data is contested by you, we will usually need some time to verify the accuracy. For the duration of this verification, you have the right to obtain restriction of processing of your personal data.
• If the processing of your personal data was or is unlawful, you will have the right to request restriction of processing instead of erasure.
• If we no longer need your personal data, but you need them for the establishment, exercise or defence of legal claims, you will have the right to request restriction of processing instead of erasure.
  If you have objected to the processing pursuant to Art. 21 Sect. 1 of the GDPR, it shall be determined whether your legitimate grounds override ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

• If you have restricted processing of your personal data, such personal data shall, with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

 

7. Revoking your consent to data processing

A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation. Right to object to data collection in special cases and for direct marketing purposes pursuant to Article 21 of the GDPR.

Direct marketing (Article 21 of the GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Letters e or f of Art. 6 Sect. 1 of the GDPR, including profiling based on those provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object to the processing of your personal data, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims (objection pursuant to Art. 21 Sect. 1 of the GDPR).

Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing which includes profiling to the extent that it is related to such direct marketing. If you object to the processing of your personal data, your personal data shall no longer be processed for direct marketing purposes (objection pursuant to Article 21 Sect. 2 of the GDPR).

 

8. Right to lodge a complaint with the supervisory authorities

In addition, you have the right to lodge a complaint with the Bavarian State Office for Data Protection. Below, please find the contact information:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) (Bavarian State Office for Data Protection Supervision)
Promenade 18
91522 Ansbach
www.lda.bayern.de

Tel.: 0981 180093-0
Fax: 0981 180093-800
Email: poststelle@lda.bayern.de

 

9. Additional information

For further details regarding the processing of your personal data, please feel free to contact us using the contact information above (at the very top).

 

10. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program.

You can recognize an encrypted connection by checking whether the address line of the browser switches from

“http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, third parties will not be able to read the data you transfer to us.

 

11. Special information regarding the website

a)   external hosting

Our web server is operated by OPUS Marketing GmbH. The personal data you provide when you visit our website will therefore be processed on our behalf by OPUS Marketing GmbH.

OPUS Marketing GmbH uses a subcontracted processor, Mittwald CM Service GmbH & Co. KG.

 

Contact information:

Name of order processor: OPUS Marketing GmbH
Postal address: Am Pfaffenfleck 10, 95448 Bayreuth
Email: info@opus-marketing.de

 

Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a website.

The external hosting serves the purpose of fulfilling the contract with our potential and existing clients (Article 6 Paragraph 1 Letter b of the GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Article 6 Sect. 1 lit. f of the GDPR).

Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

Further details can be found in the privacy policy of Opus Marketing GmbH at https://www.opus-marketing.de/datenschutz/.

In order to ensure processing in compliance with the data protection regulations, we have concluded an order processing contract with our host.

 

b)   recording

When visiting this or other web pages, you transfer data to the web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

• Name of the file accessed
• Date and time of access
• Volume of data transferred
• Message about the success of the access or retrieval
• IP address of the accessing device
• Browser type
• of the operating system used by the visitor

The data is not consolidated with other data sources. Once the connection has ended, the data will be deleted after 60 days.

This data is collected on the basis of Art. 6 Sect. 1 lit. f of the GDPR. The operator of the website has a legitimate interest in the technically error-free presentation and optimisation of his website – for this purpose the server log files must be recorded.

 

12. Cookies

Our web pages use so-called “cookies”. Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently stored on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically deleted by your web browser.

Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimisation (essential cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6 Sect. 1 lit. f of the GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of essential cookies to ensure the technically error-free and optimised provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6 Sect. 1 lit. a of the GDPR and Section 25 Paragraph 1 of the TDDDG (German Telecommunications Digital Services Data Protection Act); this consent may be revoked at any time.

 

a) technical cookie – essential

When you access these web pages, we save technical cookies, so-called session cookies, on your device, which are valid for the duration of your visit of the website. We use these exclusively during your visit of our website and store only the current session ID of the browser.

This cookie is removed when you end the browser session.

The IP address will not be stored.

 

b) performance/tracking cookie

These cookies, so-called analytics cookies, are used to collect statistics regarding the use of our website. We use this data to enhance our performance and optimise our website.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic erasure of cookies when the browser closes. If cookies are deactivated, the functions of this website may be restricted.

Refer to this privacy policy to find out which cookies and services are used on this website.

 

Cookie name	Source	Description	Validity after last interaction
c5bb602caf32bab5ea0841721d101046	www.visableleads.com	Storage of time, IP, user agent, domain of the pixel for market research purposes	90 days

 

c) cookie consent with Borlabs Cookie

Our website uses the Borlabs cookie consent technology to obtain your consent for the storage of certain cookies on your browser, or the use of certain technologies and to document these in compliance with data protection regulations. Provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (referred to in the following as Borlabs).

When you access our website, a Borlabs cookie will be stored in your browser, which saves the consents you have given or the revocation of these consents. This data is not passed on to the provider of Borlabs Cookie.

The data collected will be stored until you request us to delete it or delete the Borlabs cookie itself or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details regarding data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The Borlabs cookie consent technology is used to obtain the consent for the use of cookies required by law. Legal basis for this is Art. 6 Sect. 1 lit. c of the GDPR.

 

13. Analysis of user behaviour (webtracking systems; reach measurement)

a) use of Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

 

b) use of Google Analytics

This website uses functions of the web analysis service of Goolge Analytics. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows the website operator to analyse the behaviour patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the operating system used and the user’s origin. This data is summarised in a user-ID and assigned to the respective end terminal device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modelling approaches to augment the collected data sets and uses machine learning technologies during the data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analysing the user behaviour patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is usually transferred to a Google server in the US, where it is stored.

This service is used on the basis of your consent pursuant to Art. 6 Sect. 1 lit. a of the GDPR and Section 25 Paragraph 1of the TDDDG (German Telecommunications Digital Services Data Protection Act). The consent can be revoked at any time.

 

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Further details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US that is intended to ensure compliance with European data protection standards when data is processed in the US. Any company certified under the DPF undertakes to observe this data protection standard. Further details regarding this matter can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active 13 / 21

 

Browser plugin

You have the option to block the collection and processing of your data by Google by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further details regarding the handling of user data by Google Analytics can be found in the privacy policy of Google at: https://support.google.com/analytics/answer/6004245?hl=de.

 

Order processing

We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

 

c) use of Visable

EW Hof uses products and services for analysis and marketing purposes, which are provided by Visable GmbH (www.visable.com) in cooperation with them. To that end, pixel-code technology is used to collect, process and store data in order to create at least pseudonymised, but where possible and sensible, completely anonymous user profiles. Data collected, which may initially still include personal data, is transmitted to Visable or is collected directly by Visable and is used to create the aforementioned user profiles there. Visitors to this website are not personally identified and no other personal data is merged with the user profiles. If IP addresses are identified as personal, they are immediately deleted. You can object to the processing operations described with future effect at any time:
Exclude visitor recording (Note: Link sets a 1st-party cookie for an opt-out)

 

14. Plugins and tools

Google Maps

This web page uses Google Maps services. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Using the Google Maps functions requires the storage of your IP address. This information is usually transferred to a Google server in the US and stored there. The provider of this website has no control over this data transfer. If Google Maps is activated, Google will be able use Google Fonts for the purpose of uniform font display. When accessing Google Maps, your browser uploads the required web fonts into your browser cache to properly display texts and fonts.

The use of Google Maps is in the interest of an appealing presentation of our online services and in an easy navigation to the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 Sect. 1 lit. f of the GDPR. Where relevant consent has been requested, the processing takes place exclusively on the basis of Art. 6 Sect. 1 lit. a of the GDPR and Section 25 Paragraph 1 of the TDDDG (German Telecommunications Digital Services Data Protection Act), insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Further details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ und https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Further details regarding the handling of user data can be found in the privacy policy of Google at: https://policies.google.com/privacy?hl=de.

The company is certified under “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US that is intended to ensure compliance with European data protection standards when data is processed in the US. Any company certified under the DPF undertakes to observe this data protection standard. Further details regarding this matter can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

 

15. Collection of additional data

a) audio and video conferences

Data processing

We use online conference tools, among other things, to communicate with our clients and applicants. The specific tools we use are listed below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool. In doing so, the conference tools collect all data that you provide/apply to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” in connection with the communication process (metadata). The provider of the tool also processes all technical data required to carry out online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection.

If content is exchanged, uploaded or otherwise provided within the tool, it is also stored on the servers of the tool providers. Such content includes, but is not limited to, Cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during use of the service.

Please note that we do not have full influence over the data processing operations of the tools used. Our options are largely based on the corporate policy of the respective provider. Further details regarding data processing by the conference tools can be found in the privacy policies of the tools used, which we have listed below this text.

 

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to provide our clients with specific services (Art. 6, Sect. 1, Clause 1, lit. b of the GDPR). Furthermore, the use of the tools serves to generally simplify and speed up communication with us or our company (legitimate interest within the meaning of Art. 6 Sect. 1 lit. f of the GDPR). If consent has been requested, the use of the relevant tool is based on this consent. The consent can be revoked at any time with effect for the future

 

Storage period

The data collected directly by us via the video and conference tools will be deleted by our system as soon as you ask us to delete it, revoke your consent to the storage, or the purpose for the data storage no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory statutory retention periods remain unaffected. We have no control over the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

 

We us the following conference tool:

Microsoft Teams

We use Microsoft Teams. Provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Further details regarding data processing can be found in the privacy policy of Microsoft Teams:

https://privacy.microsoft.com/de-de/privacystatement.

 

Concluding an order processing contract

We have concluded an order processing contract with Microsoft Teams and fully implement the strict requirements of the German data protection authorities when using Microsoft Teams.

 

b) contact form

If you submit inquiries to us via our contact form, the information provided in the contact form including any contact information provided therein will be stored by us in order to process your inquiry and in case we have further questions. We will not share this information without your consent.

The data will be processed based on Article 6 Paragraph 1 Letter b of the GDPR if your request is related to the performance of a contract or if it is necessary to implement pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 Sect. 1 lit. f of the GDPR) or on your agreement (Art. 6 Sect. 1 lit. a of the GDPR) if this has been requested; the consent can be revoked at any time.

The information you have entered into the contact form shall remain with us until you ask us to delete the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g., after we have concluded our response to your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

 

c) inquiry by email, phone or fax

If you contact us by email, telephone or fax, your inquiry, including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your inquiry. We will not share this information without your consent.

The data will be processed based on Art. 6 Sect. 1 lit. b of the GDPR if your request is related to the performance of a contract or if it is necessary to implement pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 Sect. 1 lit. f of the GDPR) or on your agreement (Art. 6 Sect. 1 lit. a of the GDPR) if this has been requested; the consent can be revoked at any time.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage no longer exists (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

 

16. Electronic mail (email)

Information that you send to us unencrypted by electronic mail (email) may possibly be read by third parties during transmission. In general, we cannot verify your identity and do not know who is behind an email address. Legally secured communication via simple email is therefore not guaranteed. We use – – filters against unwanted advertising (“SPAM filters”), which in rare cases can also automatically classify regular emails as unwanted advertising and delete them. We will always automatically delete emails that contain harmful programs (“viruses”).

If you want to send sensitive messages to us, we recommend encrypting and signing them to prevent unauthorised access and falsification during transmission or sending the message to us by conventional mail.

Please also let us know whether and how we can send you encrypted emails to respond to your mailings. If you do not have the option to receive encrypted emails, please let us know how you would like us to contact you in order to respond to your sensitive messages.

 

17. Credit check

Insofar as we make advance payments or enter into comparable economic risks (e.g. when ordering on account), we reserve the right to obtain identity and credit information from specialised service providers (credit agencies) for the purpose of assessing the credit risk on the basis of mathematical-statistical procedures in order to safeguard legitimate interests.

We process the information received from credit agencies on the statistical probability of non-payment as part of an appropriate discretionary decision on the establishment, execution and termination of the contractual relationship. In the event of a negative result of the credit assessment, we will reserve the right to refuse payment on account or any other advance payment.

In accordance with Article 22 of the GDPR, the decision as to whether we will provide goods or services prior to payment is made solely on the basis of an automated decision in the individual case, which our software makes on the basis of the information provided by the credit agency.

If we obtain the express consent of contractual partners, the legal basis for the credit information and transfer of the client’s data to the credit agencies will be this consent. If no consent is obtained, the credit rating will be based on our legitimate interests in the security of our payment claims.

 

Types of data processed:

• Inventory data (e.g. names, addresses)
• Payment data (e.g. bank details, invoices, payment history)
• Contact data (e.g. email, telephone numbers)
• Contract data (e.g. contract object, duration, client category)

 

Data subjects: Clients, prospective clients.

 

Purposes of processing:

Assessment of creditworthiness.

 

Legal basis:

The credit check is carried out on the basis of contract fulfilment (Art. 6 Sect. 1 lit. b of the GDPR) and prevention of payment defaults (legitimate interest pursuant to Art. 6 Sect. 1 lit. f of the GDPR). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 Sect. 1 lit. of the GDPR). The consent can be revoked at any time.

 

Services and service providers used:

Verband der Vereine Creditreform e.V.: Credit agency; service provider: Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss, Germany.

Website: https://www.creditreform.de/

Privacy policy: https://www.creditreform.de/datenschutz

 

18. Specific information regarding the application process

Handling of applicant data

We provide you the option to apply to us by email or postal service. In the following, we will inform you about the scope, purpose and use of your personal data acquired as part of the application process. We assure you that the acquisition, processing and use of your data is carried out in compliance with applicable data protection regulations and all other statutory provisions, and that your data will be treated with strict confidentiality.

 

Scope and purpose of the data collection

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.), insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 of the Federal Data Protection Act (BDSG)-new under German Law (initiation of an employment relationship), Art. 6 Sect. 1 lit. b of the GDPR (general initiation of a contract) and – if you have given your consent – Art. 6 Sect. 1 lit. a of the GDPR. The consent can be revoked at any time. Your personal data will only be passed on to persons within our company who are involved in processing your application. If the application is successful, the data you submit will be stored in our data processing systems for the purpose of carrying out the employment relationship on the basis of Section 26 of the Federal Data Protection Act (BDSG)-new and Art. 6 Sect. 1 lit. b of the GDPR.

 

Data retention period

If we cannot make you a job offer, you reject a job offer or withdraw your application, we will reserve the right to store the data you have transmitted on the basis of our legitimate interests (Art. 6 Sect. 1 lit. f of the GDPR) for up to 4 months from the end of the application process (rejection or withdrawal of the application).

The data will then be deleted and the physical application documents destroyed. The storage serves in particular for evidence purposes in case of a legal dispute. If it is evident that the data will be required after the 4-month period has expired (e.g. due to an impending or pending legal dispute), it will only be deleted when the purpose for further storage no longer applies.

The data may also be stored for longer periods if you have given your consent accordingly (Art. 6 Sect. 1 lit. a of the GDPR) or if statutory retention requirements prevent erasure.

 

Admission into the applicant pool

If we do not make you a job offer, you may be able to join our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.

Admission to the applicant pool is based exclusively on your express

consent (Art. 6 Sect. 1 lit. a of the GDPR). The consent is given voluntarily and bears no relation to the ongoing application process. The person concerned can revoke his or her consent at any time. In this case, the data will be irrevocably deleted from the applicant pool unless there are legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given

.

 

19. Social media appearances

Data processing through social networks.

We maintain publicly available profiles in social networks. The specific tools we use are as follows:

–           LinkedIn

 

Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous processing operations relevant to data protection are triggered.

 

a) In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal will be able to assign this visit to your user account. However, under certain circumstances, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your terminal device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way, you can see interest-based advertising inside and outside of the respective social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details regarding this matter can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Sect. 1 lit. f of the GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Sect. 1 lit. a if the GDPR).

 

b) responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, will be responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, rectification, erasure, restriction of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are largely based on the corporate policy of the respective provider.

 

c) storage period

The data collected directly by us via the social media presence will be deleted by our system as soon as the purpose for their storage no longer exists, you ask us to delete it, revoke your consent to the storage, or the purpose for the data storage no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

 

d) social networks in detail

LinkedIn

We have a profile on LinkedIn. Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses marketing cookies.

If you would like to disable LinkedIn marketing cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Further details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Details regarding the handling of your personal data can be found in the privacy policy of LinkedIn at: https://www.linkedin.com/legal/privacy-policy.

 

20. Subcontractor relationship/data processors

As part of a subcontractor relationship, EW Hof Antriebe und Systeme GmbH makes personal data available to the following companies for the purpose of order processing and upon the instructions of the client:

 

EW HOF s.r.o.
Dopravni 2831
P.O.BOX
CZ – 75664 Roznov p. R.

Phone: +42 (0) 571 842410
Email: einkauf@esporoznov.cz

 

As part of this order processing, the following personal data are passed on to the data processor:

• First name, last name
• Address details
• Telephone
• Email address
• All data relevant to the processing of an order

 

Using the subcontractor relationship serves the purpose of fulfilling the contract with our potential and existing clients (Art. 6 Sect. 1 lit. b of the GDPR) and is in the interest of professional order processing and customer service (Art. 6 Sect. 1 lit. f of the GDPR).

The data processor will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

In order to ensure processing in compliance with the data protection regulations, we have concluded an order processing contract.

In addition, a corresponding intercompany agreement with this subsidiary exists.

 

 

Last update 02/09/2024