DATA PROTECTION STATEMENT OF THE WEBSITE AND SOCIAL MEDIA
In this data protection statement we inform you about the following topics:
- 1: Person responsible for data processing and data protection officer; scope of application.
- 2: General principles for the processing of your personal data
- 3: Informational use of our WEBSITE (hosting, log data, cookies)
- 4: Contact form
- 5: Presence on social media platforms
- 6: Data security
- 7: Your rights
- 8: Modification of this data protection rules
1. Person responsible for data processing and data protection officer; scope of application
(1) We, Eloxalwerk Ludwigsburg Helmut Zerrer GmbH, Neckartalstraße 33, 71642 Ludwigsburg-Neckarweihingen, Germany, Tel.: 0 71 41 – 56 15 0, Fax: 0 71 41 – 56 15 44, E-Mail: firstname.lastname@example.org, are the operator of the web pages, accessible at www. ceranod.de (hereinafter also “WEBSITE"), and responsible for the processing of personal data of you as a user of our WEBSITE (“you") pursuant to Article 4 No. 7 of the EU General Data Protection Regulation (“GDPR").
Our data protection officer is: Dr. Norbert Kuhn, Thingstr. 3, 70565 Stuttgart, Germany, e-mail: email@example.com.
(2) In the following, we inform in detail, as part of our duty, which data is processed when you visit our WEBSITE and contact us. Furthermore, we inform about the accompanying protective measures that we have also taken in technical and organizational terms on our WEBSITE, as well as your rights about the processing of personal data concerning you.
2. General principles for the processing of your personal data
(1) Personal data means any information relating to an identified or identifiable individual person. Consequently, your personal data includes all data that can be directly or indirectly assigned to you, such as name, address, telephone number or e-mail address.
(2) Personal data will only be processed by us in the first instance if and insofar as you have given us your consent to the processing of data for one or more specific purposes (Art. 6 para. 1 UAbs. 1 letter a GDPRGDPR);
the processing is necessary for the performance of a contract to which you are a party or for the performance of pre-contractual measures taken at your request (Art. 6 para. 1 UAbs. 1 letter b GDPR); the data processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 para. 1 UAbs. 1 lit. c GDPR); or
the data processing is necessary for the protection of our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms requiring the protection of personal data prevail (Art. 6 para. 1 UAbs. 1 lit. f GDPR).
(3) Which of the legal bases listed in paragraph 2 or other legal bases we use to process your personal data in individual cases is explained in the following provisions of this data protection statement.
(4) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored. Furthermore, we may pass on your personal data to third parties if contracts or similar services are offered by us together with partners. You will receive more detailed information on this when you provide your personal data or in the following regulations of this data protection statement. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will also inform you about the consequences of this circumstance in the following provisions of this data protection statement.
3. Informational use of our WEBSITE
We host our WEBSITE with the external service provider (hoster) SEYBOLD – AGENTUR FÜR SICHTBARKEIT, Theodor-Körner-Straße 7, 73614 Schorndorf in Germany, with whom we have concluded an data processing agreement pursuant to Art. 28 GDPR. If personal data is collected on our WEBSITE, it will be stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, website accesses and other data generated via a website.
3.2 Log data
(1) In connection with the use of our WEBSITE, we collect those of your data that your Internet browser automatically transmits to our server. The following data is collected:
– IP address of the requesting computer Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT) Content of the request (specific page)
– Access status/HTTP status code
– Amount of data transferred in each case Website from which the request comes Browser
– Operating system and its interface
– language and version of the browser software.
(2) This data is technically necessary for us to enable you to use our WEBSITE, in particular to display the WEBSITE and to ensure the security and stability of the WEBSITE. A linkage of these data with personal data of a certain individual person does not take place. Our legitimate interest lies in a functioning website. The legal basis is Art. 6 para. 1 UAbs. 1 letter f GDPR.
(3) We delete this data as soon as it is no longer required to achieve the purpose for which it was collected. Your IP address is stored in full for up to seven days, and then in anonymized form. The temporary storage of the IP address by our system is necessary in order to eliminate malfunctions of our WEBSITE as well as to prevent danger. Otherwise, the deletion takes place when the respective session has ended.
(2) Our WEBSITE uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (see below a)
– Persistent cookies (see below b).
- a) Transient cookies are automatically deleted when you close the browser. These includes session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to a page of our WEBSITE. Session cookies are deleted when you log out or close your browser.
- b) Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie.
(3) Our WEBSITE uses necessary cookies. Necessary cookies help us make our WEBSITE usable by enabling basic functions such as page navigation and access to secure areas of the WEBSITE. Our WEBSITE cannot function properly without these cookies.
(4) If personal data is processed by individual cookies, the processing is carried out in accordance with Art. 6 para. 1 UAbs. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of our WEBSITE and a customer-friendly and effective design of the page visit.
4. Contact form
(1) If you contact us, for example to receive information material and/or an offer from us, the processing of your communicated contact data (e.g. first and last name, e-mail address, telephone number) is carried out to answer your inquiries and/or suggestions made via the contact form or by e-mail. The processing of your data is used to handle the approach as well as to prevent misuse and ensure the security of our information technology systems.
(2) The legal basis for the processing of the data is Art. 6 para. 1 UAbs. 1 letter f GDPR. If your message is aimed at the conclusion of a contract, the additional legal basis for the processing of your data is Art. 6 para. 1 UAbs. 1 letter b GDPR.
(3) Insofar as no retention periods prevent the deletion of your personal data, we will delete it as soon as it is no longer required to achieve the purpose for which it was collected.
(4) In the case of inquiries from the business environment (B2B), the further instructions for business partners in the information for business partners also apply, and in the case of inquiries in connection with job applications, the instructions in our applicant information.
5. Presence on social media platforms
(1) We operate publicly accessible profiles on the social media platforms of the providers named below under 6.1 to 6.3 for the purposes of presenting our company, advertising our products and services as well as contacting and processing any inquiries from (potential) applicants, (potential) customers and other users. Our legitimate interests lie in the up-to-date and supportive information and interaction possibilities. The legal basis for this is Art. 6 para. 1 subpara. 1 letter f GDPR. If your message is aimed at the conclusion of a contract, the additional legal basis for the processing of your data is Art. 6 para. 1 subpara. 1 lit. b GDPR.
(2) We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g., B. Comment, share, rate). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is available on your device in the form of cookies. This information is used to provide us as the operator of the accounts with statistical information about the interaction with us. Further details can be found in the following explanations for the respective providers. You are also not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profiles on social media platforms. These functionalities are not available to you or only to a limited extent if you do not provide us with your personal data. Alternatively, you can also find the information offered via this on our website at www.ceranod.de.
(3) The data collected about you in this context will be processed by the platforms and, if necessary, transferred to countries outside the European Union, in particular the USA. According to their own statements, all of the aforementioned providers comply with an adequate level of data protection that corresponds to that of the former EU-US Privacy Shield and we have concluded the standard data protection clauses with the companies (with the exception of Xing, as this provider is based within the EU).
(4) We do not know how the social media platforms use the data from your visit to our account and interaction with our contributions for their own purposes, how long this data is stored and whether data is passed on to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged in user. When accessing a post or account, the IP address assigned to your device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your device can be used to track how you have moved around the network. Via buttons integrated into websites, it is possible for the platforms to record your visits to these websites pages and assign them to your respective profile. Based on this data, content or advertising can be tailored to you. If you want to avoid this, you should log out or disable the “stay logged in" function, delete the cookies on your device and restart your browser.
(6) What information the social media platform receives and how it is used is described by the providers in their data protection declarations (see link in the following explanations to the respective providers). There you will also find information about contact options and the setting options for advertisements. You can also find more information about social networks and how to protect your data on www.youngdata.de.
(1) We are the operator of the LinkedIn company page on the technical platform of LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; “LinkedIn"), available at https://www.linkedin.com/company/elb-eloxalwerk-ludwigsburg-helmut-zerrer-gmbh/. The processing of your data is based on LinkedIn’s Data Processing Agreement (DPA), which you can find under the following link: https://legal.linkedin.com/dpa/DE.
(2) We use insight data provided to us by LinkedIn. In this way, we evaluate the behavior of our target group or users in the context of interaction with our LinkedIn page. Our legitimate interests lie in the optimisation and marketing purposes. The legal basis for this is Art. 6 para. 1 subpara. 1 letter f GDPR.
(3) Together with LinkedIn, we are responsible for the processing of this data in accordance with Art. 26 GDPR (so-called joint controller) and have concluded a joint controller agreement with LinkedIn in this regard. These can be found under the following link: https://legal.linkedin.com/pages-joint-controller-addendum.
(4) You have the right to object to the processing of your data for the above-mentioned purposes. You can assert your right of objection and your other rights as a data subject with regard to the Insight data (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against LinkedIn. If you assert your rights against us, we will forward them to LinkedIn in accordance with the joint controller’s agreement.
(1) We are the operator of the XING company page on the technical platform of New Work SE (Dammtorstraße 30, 20354 Hamburg, Germany; “XING"), available at https://www.xing.com/pages/elb-eloxalwerk-ludwigsburg-helmut-zerrer-gmbh.
Our XING page can only be visited by registered users of the XING platform.
6. Data security
(1) We use technical and organizational security measures to protect personal data that is generated or collected, in particular against accidental or intentional manipulation, loss, destruction or against attack by unauthorized persons. Our security measures are continuously improved in line with technological developments.
(2) Our WEBSITE is encrypted using SSL technology to prevent access by unauthorized third parties. You can recognize secure transmission by the protocol designation “https://" in the URL line.
7. Your rights
(1) Regarding the processing of personal data concerning you, you are entitled to the rights listed below under letters a – h in accordance with the legal requirements. Please contact us or our data protection officer for this purpose. You will find the contact details under point 1.
- a) Right to informationPursuant to Art. 15 GDPR, you may request confirmation from us as to whether personal data concerning you is being processed by us. In this case, pursuant to Art. 15 (1) GDPR, you have a right to information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, the planned storage period or the criteria for determining the storage period. the criteria for determining the storage period, the existence of a right to rectification or erasure of your personal data as well as to restriction of processing or to object to processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of the data if we have not collected your data from you, the existence of automated decision-making, including profiling, as well as, pursuant to Article 15(2) of the GDPR, the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR in the context of transfers of personal data to third countries.
- b) Right to rectificationPursuant to Art. 16 GDPR, you may request us to correct and/or complete your personal data without delay, taking into account the purposes of the processing, if your data is incorrect or incomplete.
- c) Right to deletionIn accordance with Art. 17 GDPR, you can demand that we delete your personal data without delay, provided that there is a reason in accordance with Art. 17 (1) a-f GDPR. However, the right to erasure of your personal data does not exist, in particular, to the extent that its processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims (Art. 17(3) GDPR).
- d) Right to restriction of processingYou may request us to restrict the processing of your personal data pursuant to Art. 18 GDPR for as long as we verify the accuracy of your data that you dispute, if you object to the erasure of your data due to unlawful processing and instead request the restriction of the use of your data, if you need your data to assert, exercise or defend legal claims, or if you have objected to the processing as long as it is not yet clear whether our legitimate grounds prevail.
- e) Right to informationPursuant to Art. 19 GDPR, we will inform all recipients to whom your personal data has been disclosed of any rectification or erasure of your personal data or restriction of its processing pursuant to Art. 16, 17 (1) and 18 GDPR, unless this proves impossible or involves a disproportionate effort. According to Art. 19 S. 2 GDPR, you have the right to be informed about these recipients upon request.
- f) Right to data portabilityPursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller, provided that the further requirements of Art. 20 GDPR are met, in particular that this is technically feasible.
- g) Right to objectInsofar as we base the processing of your personal data on the legitimate interests pursuant to Art. 6 (1) UAbs. 1 letter f GDPR, you may file an objection to the processing pursuant to Art. 21 GDPR. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is presented by us in each case in the above description of the offers. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as carried out by us. In the event of your justified objection, we will examine the merits of the case and, in accordance with Article 21 (1) sentence 2 GDPR, either no longer process the personal data or demonstrate to you our compelling legitimate grounds for processing that override your interests, rights and freedoms. Further processing is also reserved if the processing serves the assertion, exercise or defense of legal claims.
Of course, pursuant to Article 21 (2) GDPR, you may file an objection at any time to the processing of your personal data for the purposes of direct marketing and profiling, insofar as it is related to direct marketing.
You can inform us or our data protection officer of your objection using the contact details provided in section 1.
- h) Right to revoke consentPursuant to Art. 7 (3) GDPR, you have the right to revoke any consent granted to us under data protection law at any time with effect for the future. However, this does not affect the lawfulness of the processing that took place based on your consent up to the time of the revocation.
(2) If you are of the opinion that the processing of your data violates data protection regulations, you also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. Please contact a supervisory authority in the member state of your residence, workplace, or the location of the potential breach. You can find an overview here, among other places: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_node.html.
8. Amendment of this data protection statement
We reserve the right to change this data protection statement at any time with effect for the future. A current version is available on our WEBSITE. Please visit the WEBSITE regularly and inform yourself about the applicable data protection provisions.
Status: July 11, 2023
INFORMATION ON THE PROCESSING OF PERSONAL DATA OF OUR BUSINESS PARTNERS
As part of our information obligations under Articles 13, 14 of the EU General Data Protection Regulation (“GDPR"), we inform you as our prospective customer, customer, cooperation partner, supplier and/or provider of other supplies and/or services (“business partner") about the processing of your personal data by us and the rights to which you are entitled under the GDPR.
1. WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHO IS THE DATA PROTECTION OFFICER?
The person responsible for data processing is
ELB – Eloxalwerk Ludwigsburg Helmut Zerrer GmbH Neckartalstr. 33
Phone: +49 (0) 7141/5615-0
Fax: +49 (0) 7141/5615-44
E-mail address: firstname.lastname@example.org
You can reach our data protection officer, Dr. Norbert Kuhn (Kuhn-privacy), at the address Heustraße 3, 70174 Stuttgart or at the e-mail address email@example.com.
Further information about our company is available from us on request or can be found on our website at: www.ceranod.de
2. WHAT CATEGORIES OF DATA DO WE PROCESS AND WHERE DO THEY COME FROM?
The categories of personal data include data about you or the contact persons in your company designated by you in each case. In particular, this includes your first and last name, if applicable your job title and/or your function in the company, contact data (e.g. address, e-mail address, (mobile) phone number, fax number), tax identification number and tax codes (e.g. tax ID, VAT ID), contract master data (e.g. about our contractual relationship, product or contractual interest), product and/or service data, customer history, contract billing and payment data, planning and control data, creditworthiness data.
Your personal data is usually provided directly by you (e.g. through your contact, business card, telephone calls, meetings, orders) or collected by us in the course of processing. In this context, we may also receive data from third parties (e.g. distributors), e.g. insofar as they act for you (in an intermediary capacity). On the other hand, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. Internet, commercial register, press, media, etc.) or third parties (e.g. credit agencies) and may process. Changes to contact persons in your company may also result in the subsequent collection of further personal data in connection with employees of your company.
3. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS IS DATA PROCESSED?
First and foremost, your data is stored and electronically processed for the purposes of initiating, establishing, and processing contractual and delivery relationships between us and you. For communication in the context of the above purposes (e.g. offers, orders, order confirmations, delivery bills and/or invoices), we may contact you via the data collected from you. This can be done via postal address(es), e-mail address(es) or other electronic means of communication and telephone as well as fax number(s). The technical and content-related formulation of contracts, in particular content, specifications, and prices, can also be handled with the stored data. The legal basis for this is Art. 6 para. 1 UAbs. 1 letter b GDPR.
In addition, we process your data to fulfill legal obligations, e.g. due to commercial or tax law requirements or mandatory notifications to (tax) authorities on the basis of Art. 6 para. 1 UAbs. 1 lit. c GDPR.
Furthermore, we process data to protect our legitimate interests pursuant to Art. 6 (1) UAbs. 1 lit. f GDPR, unless your protective interests or fundamental rights and freedoms prevail. The reasons for our legitimate interests include, in particular, processes for internal administration, building, facility and IT security, internal auditing, quality assurance, assessment of economic risks (such as payment defaults), assertion, exercise or defense of any legal claims arising from our business relationship, and the management and further development of our business activities.
Finally, we may also process your personal data for the purposes of maintaining the business relationship, marketing, and advertising, for example, to send you relevant communications about our business relationship and our products/services, as well as to provide you with opportunities to initiate new business. The legal basis for this is Art. 6 para. 1 UAbs. 1 letter f GDPR. Our legitimate interest in processing your data is to promote and sell our products and services.
4. WHO RECEIVES YOUR DATA AND WHERE IS YOUR DATA PROCESSED?
Within our company, access to your data is granted to those persons who need it to fulfill our contractual and legal obligations or who may process it based on our legitimate interest.
Processors engaged by us may also receive data for these purposes. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.
Your data will only be passed on to third parties if this is necessary and permissible within the framework of the above-mentioned purposes. This includes in particular the disclosure to service providers, distributors, subcontractors as well as other business partners and their representatives, representatives of legal and tax advisory professions, authorities (in particular tax authorities, courts, supervisory authorities), banks for the processing of payment transactions. Furthermore, we may transfer your data to third parties if you expressly consent to the transfer.
If we transfer personal data to third parties outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. You can request detailed information on this via the contact details mentioned in section 1.
5. HOW LONG WILL YOUR DATA BE STORED?
Insofar as no legal or contractual retention periods or ongoing warranty and/or limitation periods prevent the deletion of your personal data, we delete it as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case when a business relationship with you or your company no longer exists and a further exchange is no longer expected.
6. WHAT DATA PROTECTION RIGHTS CAN YOU ASSERT AS A DATA SUBJECT?
Regarding the processing of personal data concerning you, you are entitled to the following rights against us under the legal conditions:
– Right to information about the data stored about you in accordance with Art. 15 GDPR;
– Right to correction or deletion of your data under the conditions of Art. 16 and Art. 17 GDPR;
– Right to restrict the processing of your data according to Art. 18 GDPR;
– Right according to Art. 20 GDPR to surrender the data provided by you in a structured, common and machine-readable format and to transmit this data, provided that the further requirements of Art. 20 GDPR are met;
– Right to revoke any consent granted to us under data protection law pursuant to Art. 7 (3) GDPR. The lawfulness of the processing carried out based on the consent until the revocation remains unaffected by this.
Right to object
If we process your data to protect legitimate interests pursuant to Art. 6 (1) UAbs. 1 lit. f GDPR, you may file an objection to this processing for reasons arising from your particular situation pursuant to Art. 21 GDPR. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
Of course, you can object to the processing of your personal data for direct marketing purposes at any time pursuant to Article 21 (2) GDPR.
To do so, please contact us or our data protection officer via the contact details mentioned in section
7. WHERE CAN YOU COMPLAIN?
You have the option of submitting a complaint to the above-mentioned data protection officer or to a data protection supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the place of the alleged violation for this purpose. The data protection supervisory authority responsible for us is:
LfDI Baden-Württemberg Mr. Dr. Stefan Brink
P.O. Box 10 29 32, 70025 Stuttgart
or Königstraße 10a, 70173 Stuttgart, Germany
8. ARE YOU OBLIGED TO PROVIDE YOUR DATA?
There is no contractual or legal obligation for you to provide personal data. However, without processing your personal data, we are generally unable to carry out the contractual relationship or the necessary pre-contractual measures with you or your employer/client.
9. TO WHAT EXTENT DO AUTOMATED INDIVIDUAL CASE DECISIONS OR PROFILING MEASURES TAKE PLACE?
Automated individual case decisions or profiling measures do not take place.