Data Protection Declaration of efcom gmbh

(Art. 13, 14 und 21 DS-GVO)

Version 2.2

Protecting your privacy when you use our website is extremely important to us at efcom gmbh. Consequently, please take note of the following information.

In this Declaration, when we speak about personal data processing it means that we collect (request), store, use, transfer or erase these data.

Additionally, through this Declaration we would like to inform you about the nature, scope and purpose of the processing of data concerning you as well as make you more aware of your rights.

The GDPR (EU General Data Protection Regulation) has brought about a change to requirements, obligations and rights that were previously valid. As such, we will regularly adapt this Declaration to meet new requirements (laws and judgements). In light of this, please consult this Declaration from time to time to ensure you are fully aware of your rights concerning data protection and the processing of your personal data.


1. Contact details of the controller/Data Protection Officer

efcom gmbh
Martin-Behaim-Straße 20
63263 Neu-Isenburg
Germany

Tel.: +49 (0)6102 – 88350 – 0
Fax: +49 (0)6102 – 88350 – 22
Email: verwaltung@efcom.de

You can contact us by post as well as via our website:

https://www.efcom.de/en/contact/

Data Protection Officer:

PragmaProtect GmbH

Mr Helmuth Hilse

Störmthaler Str. 12

04288 Leipzig
Germany

Tel: +49 (0)34297 7770 – 50
Email: kontakt@datenschutz.efcom.de

If you have any further questions concerning data protection at efcom gmbh or relating to your rights, please contact our Data Protection Officer.


2. Personal data processed by us

2.1 Order data

We will only collect personal data concerning you if you have provided these to us yourself such as to perform a contract, carry out a survey or to register for personalised services. As part of the personalised services provided by efcom gmbh, your registration data will be processed for the purposes of advertising, market research and to optimise the design of electronic services, subject to your consent. These data will be transmitted in an encrypted format to counter misuse of them by third parties.

2.2 Data that you store on our IT systems

We process data that you store yourself when using our services (e.g. contact form, email). This includes the creation of backups in our systems.

2.3 Log data

efcom gmbh will automatically process log file information on its servers that your browser sends to us. These include the:

  • browser type/version;
  • operating system used;
  • referrer URL (previously visited website);
  • host name of the accessing computer (IP address);
  • time of server request.

These data cannot be associated with specific or identifiable persons by efcom gmbh. We will not merge these data with other data sources. In addition, we will delete these data following statistical analysis.

2.4 Tracking

We do not use tracking methods.

2.5 Applicant information

We will process personal data that we received from you during the application process.
These include your:

  • surname and forename;
  • date of birth;
  • address;
  • phone numbers;
  • email addresses; as well as all
  • additional data you provide to us (e. g. certificates, job references, proof of previous income, etc.).

2.6 Email contact

If you get in touch with us by email, we will save your details to process your request and to get in touch with you to answer any follow-up questions. We will only process additional personal data concerning you if you have consented to this or it is lawful to do so without your explicit consent. Please be aware that sending data over the internet (e.g. email communication) can never be guaranteed to be entirely secure as it is vulnerable to many different types of attack and it can never be completely protected against third-party access.

2.7 Contact form

If you use our contact form for a request, we will process personal data concerning you that you enter into the contact form such as your name, email address and, if applicable, telephone number. Furthermore, we will save the date and time of your request. We will only process the data you send via our contact form to answer your request or enquiry.

You are free to decide what information you share with us via our contact form. Your consent pursuant to Article 6(1)a. GDPR is the lawful basis upon which we process your data. We will not disclose your personal data to third parties unless these data are required such as to process business transactions. The transmitted data will be limited to a strict minimum.

Following processing of the matter, the data will initially be stored for any queries to be answered. You have the right to demand erasure of the data at any time; otherwise, they will be erased once the process is fully completed.


3. Legal basis for the processing operation

We process and use your information to perform the contract and to provide our services, to improve our services and our web pages and to optimise them for you, to provide updates and upgrades, and to provide you with service notifications as well as to create invoices and collect our claims. Article 6(1)a. GDPR provides us with a legal basis for processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is required for the performance of a contract, processing is based on Article 6(1)b. GDPR. The same applies to processing operations that are necessary to take steps prior to entering into a contract, for example in the case of enquiries regarding our products or services. If we are subject to a legal obligation which requires the processing of personal data, such as the fulfilment of fiscal reporting obligations, processing is based on Article 6(1)c. GDPR. Ultimately, processing operations could be based on Article 6(1)f. GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary for the protection of our legitimate interests or those of a third party unless the interests, fundamental rights and freedoms of the data subject prevail. We are permitted to engage in such processing operations because they have been specifically mentioned by the European legislator. A legitimate interest is usually to be assumed if the data subject is a client of the controller.

If the processing of personal data concerning you is based on Article 6(1)f. GDPR, the legitimate interest pursued by us is to conduct our business activities.

Applicant data are processed pursuant to Article 88 GDPR and Section 26 of the German Act to Adapt Data Protection Law to Regulation (EU) 2016/679 and to Implement Directive (EU) 2016/680 (DSAnpUG-EU).


4. Categories of recipients

If we provide the option for you to enter personal or business information on our website, you disclose this information on an explicitly voluntary basis. Your personal data will be stored on secure servers and will only be accessible to persons who are specially authorised to process your data. In connection with your access, data will be stored on our servers for backup purposes which may allow identification (such as your IP address, date, time and pages visited). We do not utilise personal data.

4.1 Processors

Various service providers process personal data on our behalf. The protection of your data is guaranteed through appropriate contracts pursuant to Section 62 DSAnpUG-EU. These processors are:

  • IT companies;
  • tax consultants;
  • data destruction companies.

4.2 Authorities

Under certain circumstances we may need to provide data to government authorities to comply with statutory requirements (e.g. to prosecute crimes). These include:

  • court orders (e.g. search warrants);
  • public prosecutors (or equivalent authorities);
  • police on behalf of a public prosecutor.

 

5. Data transfer to third countries

We do not transfer data to third countries (non-EU member states).

 

6. Retention period

We will only store the data we receive from you for the duration of the purpose for which they were collected or otherwise processed.

We keep data of interested parties who apply via our contact form for 12 months, as experience shows that these interested parties can later become business contacts.

Termination of the employment contract does not always result in the immediate erasure of your data as we have to comply with statutory retention obligations (e.g. AO (the German Fiscal Code)). At the end of the particular deadline, the data will be erased.

At the end of a contract, we will erase the data from our systems. We will delete backups automatically after the specified deadline.

 

As part of the application process, we will process the data we receive from you for 6 months.

 

7. Your rights

 7.1 Confirmation and right of access

Pursuant to Article 15 GDPR you have the right to obtain confirmation as to whether or not the processor is processing personal data concerning you. You may obtain information from us free of charge about stored personal data concerning you.

7.2 Right to rectification

Pursuant to Article 16 GDPR you have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

 7.3 Right to erasure

Pursuant to Article 17 GDPR you have the right to obtain the erasure of personal data concerning you without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you revoke your consent, on which the processing was based, and where there are no other legal grounds for the processing;
  • you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

7.4 Right to restriction of processing

Pursuant to Article 18 GDPR you have the right to obtain restriction of processing where one of the following applies:

  • the accuracy of your personal information is contested by you, for a period enabling us to verify the accuracy of your personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  • you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether our legitimate grounds override yours.

7.5 Right to data portability

Pursuant to Article 20 GDPR you have the right to receive the personal data concerning you, which you have provide to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us where the processing is based on consent pursuant to Article 6(1)a. or Article 9(2)a. or on a contract pursuant to Article 6(1)b. GDPR and the processing is carried out by automated means unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising your right to data portability pursuant to paragraph 1, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided this does not adversely affect the rights and freedoms of others.

7.6 Right to reject

Pursuant to Article 21 GDPR, you have the right to object at any time to the processing of personal data concerning you which is based on Article 6(1)e. or Article 6(1)f. GDPR.

We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You have the right to object at any time to the processing of personal data for direct marketing purposes.

7.7 Right to withdraw consent

Pursuant to Article 7 GDPR you have the right to revoke your consent to the processing of personal data concerning you at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

7.8 Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint to the Hessian Data Protection Officer (Hessischer Datenschutzbeauftragte); however, we would appreciate it if you first contact us (see Point 1).

The competent supervisory authority is:

Postal address:

Der Hessische Datenschutzbeauftragte
Postfach 3163
65021 Wiesbaden
Germany
Email: Poststelle@datenschutz.hessen.de

Tel: +49 (0)611 1408 – 0
Fax: +49 (0)611 1408 – 900

8. Automated individual decision making, including profiling

We do not make use of automated individual decision making including profiling (Article 22 GDPR).

9. Data protection notice regarding the Google Analytics service

This website uses Google Analytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We value the trust you place in us and know that we have a responsibility to protect your privacy. Therefore, we would like to inform you about the information we collect when you use Google Analytics, why we collect that information and how we use that information to improve our products and services.

Google Analytics uses its own cookies to track interactions. Cookies are text files which are placed on your computer to help analyse how you use our website (including your shortened IP address). You can disable cookies or delete them individually. The information generated by the cookie about your use of our website will be transmitted to and stored by Google on servers in the USA.

Google Analytics is supported by an optional browser add-on. If you install and enable it, this prevents your data from being tracked by Google Analytics when you visit websites. However, the add-on only disables Google Analytics.

Google Analytics also collects IP (Internet Protocol) addresses to ensure the security of the service and to provide website owners with information about the country, region or city of origin of their users. This is also referred to as IP address geolocation. Your collected IP address will be anonymised.

If IP anonymisation is enabled on this website, your IP address will first be truncated by Google. Please note that on this website, Google Analytics code is supplemented by IP masking to ensure IP addresses are anonymised. Google will not associate the IP address sent as part of Google Analytics by your browser with other data held by Google.

Purpose of processing:

On our behalf, Google will use information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services to us relating to website activity and internet usage.

Legal basis:

Pursuant to Article 6(1) GDPR your consent forms the legal basis for using Google Analytics.

Categories of recipients:

The recipient of the collected data is Google Ireland Limited.

Retention period:

The data sent by us and linked to cookies, user IDs or advertising IDs will be deleted automatically after 14 months. Data whose retention period has been reached will be deleted automatically once a month.

Data subject rights:

You can withdraw your consent at any time without this affecting the lawfulness of processing based on consent before its withdrawal by preventing cookies being stored on your computer. You can do this by configuring the relevant setting in your browser; however, be advised that you may not be able to use the full functionality of our website.

You can prevent Google from collecting the data generated by the cookie and pertaining to your use of the website (including your IP address) or processing this data by downloading and installing the following browser add-on: (http://tools.google.com/dlpage/gaoptout?hl=en

For further information about the data protection principles of Google analytics, see:

https://support.google.com/analytics/answer/6004245

 

10. Use of the Instagram plug-in

If you click the Instagram button, you establish a direct connection between yourself and Instagram. Consequently, you have full data control.

This website uses the plug-in from the provider Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. Users of this website are advised that the plug-in will connect to Instagram. Your browser will then be instructed to display the plug-in so that it appears on the web page. We have no influence over the collected data, nor are we aware of the full extent of data collection, the purpose of processing or the retention period. We also have no information concerning the erasure of the data collected by the plug-in provider. The plug-in provider saves the collected data as usage profiles and uses these for marketing and market research purposes as well as to optimise the display of its website. Such an analysis is performed (even if users are not logged in) to display appropriate ads and to inform other users of the social network about your activities on our website.

Pursuant to Article 6(1)a. GDPR, by clicking the Instagram plug-in the following data may be transmitted to the provider:

  • IP address;
  • browser information;
  • operating system;
  • screen resolution;
  • installed browser plug-ins such as Adobe Flash Player;
  • previous website, if you followed a link (referrer);
  • the URL of the current website, etc.

Logged in Instagram users will be associated with their personal account and can link to and comment on content publicly.

Processing operations are performed in accordance with Article 6(1)f. GDPR based on the legitimate interests pursued by Instagram. If you do not want Instagram to associate the data collected through our website directly with your Instagram profile, log out of Instagram before visiting our website.

Instagram Inc., which is based in the USA, has certified with the EU-U.S. Privacy Shield Framework. This data protection framework ensures compliance with EU data protection standards.

When using the Instagram plug-in via our website, our data protection rights no longer apply. For further information on how Instagram uses data, see: http://instagram.com/about/legal/privacy/

 

11. Protection

We protect your personal data by taking all possible technical and organisational measures to achieve the data protection objectives.

We cannot guarantee data is protected when communicating by email. For confidential information we recommend using the postal services.

12. Status and amendments to this Data Protection Declaration

This Data Protection Declaration is valid and effective as of May 2019.

We reserve the right to amend the Data Protection Declaration in line with current legal requirements when updating our website.

 

Neu-Isenburg, 03 June 2019