1. Responsible body, legal bases, purpose
With regard to all personal data that arises, we store and process the data in compliance with the relevant regulations on data protection, particularly the General Data Protection Regulation (GDPR), the German Data Protection Law (BDSG) and the German Telemedia Act (TMG). The controller responsible for compliance with the data protection laws and the service provider under the German Telemedia Act is:
EUCHNER GmbH + Co. KG
70771 Leinfelden-Echterdingen, Germany
Commercial register District Court Stuttgart, HRA 221073
Article 6(1)(1)(a)(b) and (f) of the GDPR as well as section 15 of the German Telemedia Act (TMG) form the basis for the processing of personal data.
If data is entered on our website, e.g. during a request for a quotation, registration for a newsletter or use of a contact form, certain input fields are marked as “mandatory information.” We use these fields to collect only the data that is necessary for contractual performance or to carry out the request. If you wish, you may also provide us with additional data.
Your personal data will be used and stored to fulfill the contract with you or to complete your request (e.g. creation of a quotation, reply to a contact request) and for advertising purposes (please read point 2). As soon as the personal data is no longer necessary to fulfill the purpose, it is deleted. If statutory retention obligations exist, the data is locked until the retention obligations have expired and it is then deleted. Please note that due to routine data backups a time lag may occur before data is deleted; this may sometimes be significant.
2. Advertising measures: especially email newsletter
You may, at any time, object to the use of your personal data for advertising purposes – for all future advertising – and may do so in writing, by fax, by email or by phone, or you may, at any time, revoke consent provided to us with respect to advertising.
This applies in particular to email newsletters with, for example, information on our products and services. We will only send you email newsletters if you have consented to the use of your data for this purpose or if we have a legitimate interest (especially for direct advertising) in accordance with Article 6(1)(1)(f) GDPR. You may, at any time and for all future email newsletters, unsubscribe by either clicking on the link shown in each newsletter or by contacting us using the specified contact details.
3. Forwarding of data to third parties
As a rule, your personal data is only known to the people involved in processing your request, processing your order and sending the newsletter. Your personal data will only be passed to third parties as is necessary for the purpose of executing the contract, as long as you expressly consented to this or as the data protection legislation permits. However, only the necessary data is passed on in each case.
If this is necessary for the delivery of goods you have ordered, your address data will be passed to transport and logistics companies.
If you use the “automatic debit transfer/direct debit” payment method, we pass your data to the payment service providers selected by you as is necessary to process the payments.
In the event of default of payment, we have the option of passing your data to law firms or to debt collection companies.
In such cases, our data processing is carried out by a service provider that is bound by instructions, that is obligated in accordance with the data protection regulations and that is not permitted to use the data for any other purpose.
4. Rights of data subjects
You have, under certain conditions, the right to obtain information free of charge on the personal data we have stored in relation to you, to have incorrect data amended and to demand the deletion or restriction of the processing as well as the transferability of your personal data.
You may, at any time, object to the use of data for direct advertising; you may also, at any time, for all future direct advertising, object to the use of data on the basis of Article 6(1)(e) or (f) GDPR for reasons arising from your particular situation.
However, in some cases we are not permitted to fully delete user data due to statutory retention obligations. We would also like to point out your right of appeal to the Baden-Württemberg State Commissioner for the Protection of Data and Freedom of Information.
If you have questions in relation to the processing of your personal data, please contact our data protection officer:
EUCHNER GmbH + Co. KG
Data protection officer
70771 Leinfelden-Echterdingen, Germany.
Cookies are small text files that are stored on your computer. Most of the cookies that we use are deleted from your hard drive again at the end of the browser session (called “session cookies”). Other cookies remain on your computer and enable us to recognize your computer at your next visit (called “persistent cookies”). You have the option of viewing our website without cookies. Most browsers accept cookies automatically.
You may revoke the consent you have provided to us at any time or object to the processing of the data. The easiest way to do this is to block cookies from being saved on your hard drive by selecting “Do not accept cookies” in your browser settings. However, this may mean that you will not be able to use all functions on our website to their full capability.
When you visit our page, your access data is stored on the server. This data includes, for example, the browser type and version, the operating system used, the web page previously visited, access date and time of the server request and the file request from the client (file name and URL). We use this data anonymously for statistical analyses, therefore the data is not assigned to the specific user.
The purpose of this data processing is to enable the website to be called and correctly displayed on your device, as well as to optimize our website. A legitimate interest on our part exists in this regard. Article 6(1)(1)(f) of the GDPR as well as section 15 of the German Telemedia Act (TMG) form the basis for the processing.
On our website, we use Matomo (www.matomo.org), a web analysis service from InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”), which collects and stores data for optimization and marketing purposes. Fictitious user profiles can be created from this data and analyzed for the same purpose. Cookies can be used for this (see point 5 above); these are saved locally in the cache of the internet browser of the device visiting our website. The cookies facilitate recognition of the internet browser, among other things. The data collected using the Matomo technology (including the fictitious IP address of the device accessing our website) is processed on our servers.
The information generated by the cookie in the fictitious user profile is not used to personally identify the visitor to the website and is not combined with personal data from the bearer of the fictitious name.
Statistical analysis of your use of the website for optimization and marketing purposes constitutes a legitimate interest under the authoritative legal basis of Article 6(1)(f) GDPR.
If you do not consent to the storage and analysis of this data from your visit, you may object to this storage and usage at any time with the click of your mouse on our website. The browser you are using will create an opt-out cookie in this case, which will prevent Matomo from collecting any session data. Please note that if you fully delete your cookies, this will result in the opt-out cookie also being deleted and you may have to activate it again.
8. Use of Google Maps
On this website, we use Google Maps to visually display geographical information and to create route descriptions. Google Maps is a map service operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland (“Google”).
When you use Google Maps, Google collects data on your use of the functions of Google Maps, including your IP address. It cannot be ruled out that the information collected may be transmitted to and saved on a Google server in a third country, in particular a server operated by Google’s parent company, Google LLC based at 1600 Amphitheatre Parkway, Mountain View, California, USA.
When you are logged into your Google account, Google can, depending on the account settings, add the processed information to your account and treat it as personal data, see in particular www.google.com/policies/privacy/partners/.
Our allowing the visual display constitutes a legitimate interest within the meaning of the authoritative legal basis of Article 6(1)(f) GDPR.
Further information on the Terms of Service of Google Maps and on data processing by Google is available on the Google web pages, such as:
- www.google.com/intl/en_en/help/terms_maps.html (“Google Maps Terms of Service”)
9. Data processing by social networks / Information on giving your consent for the potential transfer of your personal data to the USA
Services provided by companies headquartered in or connected to the USA are integrated on our website, and we maintain public profiles on social networks. A list of the specific social networks we use is given further below. If you consent to your data being processed by one of these service providers, it cannot be ruled out that US authorities will have unrestricted access to your processed personal data. There are no legal measures available to you to prevent this.
Social networks such as Facebook and Twitter can generally comprehensively analyze your user behavior if you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Various different processing activities relevant to data protection are carried out when you visit our social media profiles. These are as follows:
If you are signed into your social media account and visit one of our social media profiles, the operator for the social media site in question can assign your visit to your user account. However, your personal data can, in some circumstances, be recorded even if you are not logged in or do not have an account with the social media site in question. In this case, your data can, for example, be recorded when cookies are stored on your end device or when your IP address is recorded.
Social media site operators use data recorded in this way to create user profiles that detail your preferences and interests. This means you may be shown targeted advertising both on the social media site concerned and elsewhere. If you have an account with the social network in question, you may be shown targeted advertising on all devices on which you are or were logged in.
Please also note that we are not able to track all the processing activities that take place on social media sites. Depending on the provider, it may therefore be the case that certain social media site operators carry out further processing. You can find out more information on this in the terms of service and data policies provided by the individual social media sites.
We maintain social media profiles to ensure that our online presence is as comprehensive as possible. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Analyses carried out by the social networks may have different legal bases that must be specified by the social network operators (e.g. consent within the meaning of Article 6 (1) (a) GDPR).
The service providers in question are as follows:
1. Service: Google Maps
Provider: Google Ireland Limited, Dublin/Ireland Parent company: Google LLC, Mountain View/USA.
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Provider: Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
These providers are joint controllers in accordance with Article 26 GDPR. However, the possibility cannot be ruled out that the specific parent company and/or US authorities will have access to and process personal data in order to provide their services.
Until now, this transfer of personal data to the USA was justified because the companies’ parent companies were certified according to the EU-US Privacy Shield. This Privacy Shield has now been declared invalid by the Court of Justice of the European Union (CJEU). It is not possible to transfer the data on the basis of the standard data protection clauses in accordance with Article 46 (2) (c) GDPR because the high standards set by the CJEU and data protection authorities regarding additional agreements with the companies in the USA have not (yet) been met. The USA and the EU are currently negotiating a follow-up agreement to the Privacy Shield. It is not yet clear when these negotiations will be concluded.
We will therefore use the services named above only with your explicit prior consent. We would like to draw your attention specifically to the following information regarding the risks of data transfer to one of the service providers mentioned above:
Due to the powers of the US secret services and the legal situation in the USA, the national surveillance measures are disproportionate and the EU considers there to be no appropriate national level of protection for personal data. In particular, Section 702 of the US Foreign Intelligence Surveillance Act (FISA) does not provide any restrictions on the surveillance measures used by the secret services or guarantees for non-US citizens. In addition, the Presidential Policy Directive 28 (PPD-28) does not provide any effective judicial remedies to data subjects against the measures of the US authorities and does not provide any limits to ensure measures are proportional. US authorities can also demand on the basis of the US Cloud Act that a US company surrender all of its stored data, even if these data are stored on servers within the EU.