Data protection declaration of efcom gmbh

(Par. 13, 14 and 21 GDPR)

Version 2.1.

The protection of your privacy during the use of our website is an important issue at efcom gmbh. Please be so kind to acknowledge the following information.

If in this declaration we speak about the personal data processing, it means that we collect (ask for) save, use, transfer or delete these data.

Additionally, in this declaration we would like to inform you about the type, scope and aim of the personal data processed by us. We would also like to make your rights more transparent.

With the GDPR (EU-General Data Protection Regulation), previously valid demands, obligations and rights change. Thus, we will be adapting this declaration to the new cognitions (laws and jurisdiction) regularly. Thus we recommend you to akcnowledge this declaration occasionally, so that you are informed comprehensively about your rights concerning data protection and the processing of your personal data.

1. Contact data of the person responsible / data protection manager

efcom gmbh
Martin-Behaim-Straße 20
63263 Neu-Isenburg

Telefon: +49 (0) 61 02 – 8 83 50 – 0

Telefax: +49 (0) 61 02 – 8 83 50 – 22


You can contact us by regular mail as well as using our website:

Data protection manager:

efcom gmbh
Martin-Behaim-Straße 20
63263 Neu-Isenburg

Telefon: +49 (0) 61 02 – 8 83 50 – 0

Telefax: +49 (0) 61 02 – 8 83 50 – 22


If you have any further questions concerning data protection at efcom gmbh or your rights, please turn to our data protection manager.

2. Personal data processed by us

2.1 Order data

Personal data is only collected if you provide it to us on your own, for example, to carry out a contract, a survey, or when registering for personalised services. As part of the personalised services provided by efcom gmbh, your registration data will be processed for the purposes of advertising and market research as well as for the needs-based design of electronic services, subject to your consent. These data are transmitted in an encrypted form to counteract misuse of them by third parties.

2.2 Data that you store on our IT systems

We process the data that you save yourself when using our services (e.g. contact form, e-mail). This includes the creation of backups in our systems.

2.3 Log data

In its server log, efcom gmbh automatically processes file information that your browser sends to us. These are:

  • browser type / version
  • operating system used,
  • referrer URL (previously visited website)
  • host name of the accessing computer (IP address)
  • time of server request.

These data cannot be assigned to specific or identifiable persons by efcom gmbh. A merge of this data with other data sources is not performed; the data is also deleted after a statistical evaluation.

2.4 Tracking

We do not use tracking methods.

2.5 Application information

We process personal data that we received from you during the application process.
For example:

  • Name, first name
  • Date of birth
  • Address
  • phone numbers
  • E-mail addresses as well as all
  • Further data you provide us (e. g. certificates, employment certificates, previous income, etc.)

3. Legal basis for the processing operation

We process and use your information to perform the contract and to provide our services, to improve our services and our websites and to adapt them to your needs, to provide updates and upgrades, and to provide you with service notifications as well as to create billings and collect our claims. Art. 6 para. 1a GDPR provides us with a legal basis for processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is required to fulfil a contract, the processing is based on Art. 6 para. 1b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If we are subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Art. 6 para. 1c GDPR. In the end, processing operations could be based on Art. 6 para. 1f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of our legitimate interests or that of a third party, unless the interests, fundamental rights and fundamental freedoms of the concerned person prevail. We are allowed to deal with such processing operations because they have been specifically mentioned by the European legislator. A legitimate interest is usually to be assumed if the data subject is a customer of the responsible person.

If the processing of personal data is based on Article 6 para. 1f GDPR, then the performing of our business is in our legitimate interest.

Applicant data is processed in accordance with Art. 88 GDPR and the German § 26 Data Protection Adaptation and Implementation Act EU (DSAnpUG-EU).

4. Categories of recipients

If the possibility of entering personal or business data within the Internet offer exists, the user makes this disclosure on an expressly voluntary basis. Your personal data is stored on protected servers and is only accessible to specially authorized persons who are responsible for processing your data. In connection with your access, data is stored on our servers for backup purposes, which may allow identification (for example IP address, date, time and visited pages). There is no personal utilisation.

4.1 Order processor

Various service providers process personal data on behalf of us. With the help of appropriate contracts according to § 62 DSAnpUG-EU the security of your data is guaranteed. These processors are:

  • Companies in the IT area
  • Tax consultant
  • Data destruction company

4.2 Authorities

Under certain circumstances, we may need to provide data to government authorities in compliance with legal requirements (e.g. to prosecute crimes). These are, for example,

  • Court decision (e.g. search warrant)
  • Prosecutors (or equivalent authorities)
  • Police on behalf of a prosecutor

5. Data transmission to third countries

Transmission to third countries (non-EU countries) will not take place.

6. Duration of storage

The data received from you is only saved for the duration of the purpose.

We store data of interested parties who apply via the contact form for 12 months, as experience shows that later business contacts develop.

The termination of the contract does not always correspond with the deletion of your data, as we have to comply with statutory retention periods (e.g. by the tax code, AO). After the respective deadline, they will be deleted.

After the end of the contract, we delete the data from our systems. Backups are automatically deleted after the specified deadline.

In the application process, data we receive from you is processed for 6 months.

7. Your rights

7.1 Confirmation and information right

According to Art. 15 GDPR you have the right to receive the confirmation, if the respective responsible person processes personal data from you. You can get information from us free of charge about the personal data stored about you.

7.2 Right of rectification

According to Art. 16 GDPR, you have the right to demand the immediate correction of incorrect personal data concerning you. Furthermore you have the right to request the completion of incomplete personal data, also by means of a supplementary statement, taking into account the purposes of processing.

7.3 Deletion right

According to Art. 17 GDPR, you have the right to have your personal data deleted without delay, provided that one of the following reasons applies and the processing is not required:

  • The personal data has been collected or otherwise processed for such purposes for which they are no longer necessary.
  • They revoke their consent, on which the processing was based, and lack any other legal basis for processing.
  • In accordance with Article 21 para. 1 GDPR, you appeal against the processing and there are no legitimate reasons for the processing, or you object to the processing in accordance with Article 21 para. 2 of the GDPR.
  • The personal data were processed unlawfully.
  • The deletion of personal data may be required in order to fulfil a legal obligation in accordance with the legislation of the European Union or the laws of the Member States to which the data controller is subject.
  • The personal data have been obtained in relation to the services offered by the information society in accordance with Art. 8 para. 1 GDPR.

7.4 Right to restriction of processing

According to Art. 18 GDPR, you have the right to request a restriction of processing if one of the following conditions is met:

  • The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
  • The processing is unlawful; you refuse the deletion of the personal data and instead require the restriction of the use of personal data.
  • We no longer need your personal information for processing purposes, but you need it to assert, exercise or defend your rights.
  • You have objection to the processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether our legitimate reasons prevail over yours.

7.5 Right to data portability

According to Art. 20 GDPR you have the right to receive personal data relating to you, which were provided to us, in a structured, widely used and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance by us, provided that the processing is based on the consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or it is based on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing occurs using automated means, unless the processing is necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the data controller.
In addition, when exercising your right to data portability under Article 20 para. 1 GDPR, you have the right to obtain that your personal data are transmitted directly from one controller to another, provided that this is technically feasible and provided that the rights and freedoms of others are not affected.

7.6 Opposition rights against processing

According to Art. 21 GDPR, you have the right to object at any time against the processing of personal data relating to you which occurs on the basis of Art. 6 para. 1 lit. e or lit. f GDPR.

We no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves for the establishment, exercise or defence of legal claims.
You have the right to object at any time against the processing of your personal data for the purposes of direct marketing.

7.7 Right to revoke a data protection consent

According to Art. 6 GDPR you have the right to revoke the consent to the processing of personal data at any time. This revocation applies to the future.

7.8. Right of appeal to the supervisory authority

You have the right to contact the Hessian Data Protection Supervisor (Hessischer Datenschutzbeauftragte) in case of a complaint. However, we would appreciate it if you first contact us (see point 1).

The competent supervisory authority is:

Mail address:

Der Hessische Datenschutzbeauftragte
Postfach 3163
65021 Wiesbaden

Telefon: +49 611 1408 – 0

Telefax: +49 611 1408 – 900

8. Automated decisions incl. profiling

We do not make use of single automated decisions incl. profiling (Art. 22 GDPR).

9. Security instruction

We protect your personal data by taking all possible technical and organisational means to achieve the protection goals.

During email communication we cannot guarantee the data protection cannot. For confidential information we recommend to use postal services.

Neu-Isenburg, 25th May 2018