Data Protection Information of eperi GmbH
In the version as of: 24 May 2018
1. Controller for the Processing of Your Personal Data
With this data protection information, we would like to inform you what personal data we collect and process and the purposes for which we do so. We process your personal data only insofar as you have given us your consent herefor or the statutory provisions permit us to do so. The following references to Articles refer to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR).
are the “controller” for the processing of your personal data as defined in Article 4, No. 7 GDPR.
2. Personal Data
Personal data means, inter alia, your personal details (e.g. your name, your date of birth, your address), your e-mail address, your technical connection data such as, e.g. your IP address as well as other comparable data.
3. Collection of Your Personal Data
When you contact us per e-mail or by using the contact form, the data provided by you (your e-mail address and, where applicable, your name and telephone number) are stored by us in order to respond to your inquiries. We erase the recorded data recorded in this connection after storage thereof is no longer necessary or limit the processing in the event that statutory storage obligations exist.
Insofar as you access and use our website purely for informational purposes, we only collect such data which is automatically transmitted by your Internet browser. This includes, e.g. the following data:
- IP address
- date and time of the inquiry as well as the duration of the visit
- time zone difference from Greenwich Mean Time (GMT)
- content of the access (the actual web page)
- access status/HTTP status code
- the respective quantity of data transmitted
- website from which the access took place
- information related to visitor conduct
- screen resolution
- device (PC, tablet PC or Smartphone)
- operating system and its interface
- language and browser software version
This data shall be evaluated exclusively for the purpose of ensuring a trouble-free operation of the site as well as improvement of our offering. In accordance with Article 6, paragraph 1, sentence 1, letter f GDPR, this is carried out on the basis of our legitimate interests in a correct presentation of our offering.
4. Transmission of Your Personal Data to Third Parties
We transfer your personal data to a processor domestically and abroad insofar as this is necessary for commercial or technical reasons. For this purpose, we carefully select the respective provider with which a contract is agreed for order processing according to Art. 28 GDPR as well as control it carefully. For the purpose of the outsourcing of certain business processes, we have a legitimate interest in the conclusion of contracts for order processing with the respective service provider in accordance with Article 6, paragraph 1, sentence 1, letter f GDPR.
5. Transfer of Your Personal Data to a Third Country
Should your data be transmitted to a third country, we shall ensure that the transmission occurs only in such countries which have a level of protection respective to that as defined in Art. 45, paragraph 1 GDPR or the controller located in the respective third country has foreseen appropriate data protection guarantees. These guarantees can, e.g. be comprised of:
5.1 binding, internal data protection provisions according to Article 47 GDPR or
5.2 standard protection clauses which were issued by the European Commission according to the examination procedure according to Article 93, paragraph 2 GDPR.
In addition, cookies are stored on your computer when you use our website. Cookies are small text files which are stored on your hard drive in a way referring to the browser you are using and which provide certain information to the party placing the cookie (in this case: to us). Cookies cannot execute programs or transmit viruses to your computer. They are used to make the Internet more user-friendly and more efficient as a whole.
This website used transient as well as persistent cookies. The scope and functionality of these cookies are explained in the following:
6.2.1 Transient cookies are automatically erased when you close your browser. These include, in particular, session cookies which store a so-called session ID that can be used to assign different requests from your browser to the same session. This enables your computer to be recognised when you return to our website. Session cookies are erased when you log off or close your browser.
6.2.2 Persistent cookies are automatically erased after a defined time which may be different depending upon the cookie. You can erase the cookies at any time in the security settings of your browser.
You can configure your browser settings as desired and, for example, reject acceptance of third party cookies or all cookies. However, we must point out that this action could have the consequence that you may not be able to use all the functions of our website.
7. Web Analysis Tools and Internet Advertising
7.1 Google Analytics
7.1.1 This website uses Google Analytics, a web analysis service provided by Google Inc. („Google“). Google Analytics uses so-called “cookies”, text files which are stored on your computer and enable an analysis of the use of our website by you. The information on your use of the website generated by the cookies is usually transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, Google will, however, shorten your IP address prior to transmission within the Member States of the European Union or in other contracting states of the Treaty on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to evaluate your use of the website, to compile reports of the website activities and to provide additional services associated with website use and Internet use.
7.1.2 The IP address transmitted by your browser in the context of Google Analytics will not be combined with other Google data.
7.1.3 You can prevent the cookies from being stored by making an appropriate setting in your browser software. However, we point out that if you do this, you may not be able to use all the functions of the website to the full extent. In addition, you may prevent acquisition of the data generated by the cookie by Google that relate to your use of the website (including your IP address) and the processing of the data by Google by downloading and installing the browser plug-in provided at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
7.1.4 This website uses Google Analytics with the extension “_anonymizeIp()”. Herewith, IP addresses are shortened before further processing so that direct reference to a person can be ruled out. Insofar as a direct reference to you occurs through the data collected about you, this shall therefore be immediately ruled out and the personal data therewith immediately erased.
7.1.5 For the exceptional case in which personal data is transmitted to the USA, Google complies with the EU-US Privacy Shield. You can obtain information hereon under https://www.privacyshield.gov/EU-US-Framework.
7.1.6 Information regarding the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms and conditions: https://www.google.com/analytics/terms/gb.html, overview regarding data protection: https://support.google.com/analytics/answer/6004245?hl=en, as well as the data privacy declaration: https://policies.google.com/privacy?hl=en.
7.2 Google AdWords Conversion
7.2.1 We use the offering of Google Adwords to bring attention to our attractive offerings with the aid of advertisements (so-called Google Adwords) on external websites. Based on data from advertising campaigns, we can determine the success of individual advertising measures. We pursue thus the legitimate interest of showing you ads that are of interest to you, making our website more interesting for you and ensuring the fair charging of advertising costs.
7.2.2 These advertising media are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. Insofar as you access our website via a Google ad, Google Adwords stores a cookie on your computer. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.
7.2.3 These cookies enable Google to recognise your Internet browser. If a user visits certain pages of an Adwords customer’s website and the cookie stored on his computer has not yet expired, Google and the customer can recognise that the user has clicked on the ad and has been redirected to this page. Each Adwords customer is assigned a different cookie. Cookies, therefore, cannot be traced via the websites of Adwords customers. We do not collect and process any personal data in the afore-mentioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations, we can recognise which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
7.2.4 Based on the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to the best of our knowledge. By integrating AdWords Conversion, Google is informed that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
7.2.5 You can prevent participation in this tracking procedure in different ways:
- by an appropriate setting in your browser software, in particular, the disabling of third-party cookies, such will result in you not receiving ads from third-party providers;
- by disabling cookies for conversion tracking, by setting your browser to block cookies from the “www.googleadservices.com” domain, https://www.google.de/settings/ads, whereby this setting will be erased when you erase your cookies;
- by deactivating the provider’s interest-themed ads that are part of the self-regulation campaign “About Ads” at the link http://www.aboutads.info/choices, whereby this setting will be erased when you erase your cookies;
- by means of permanent deactivation in the browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not have full use of all the functions on this website.
Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) under http://www.networkadvertising.org besuchen. Google complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
7.3 Google Remarketing
7.3.1 We use the application Google Remarketing. This is a process by which we would like to address you again. By means of this application, we can place our advertisements in other websites with your further Internet use after you visit our website. This is done by means of cookies stored in your browser that enable Google to collect and analyse information about your usage behaviour when visiting different websites. For example, Google can determine your previous visit to our website. According to its own statements, Google does not combine the data collected within the scope of remarketing with any personal data that Google may have stored. In particular, according to Google, pseudonymisation is employed for remarketing.
7.3.2 For the exceptional cases in which personal data is transmitted to the USA, Google complies with the EU-US Privacy Shield. You can obtain information under https://www.privacyshield.gov/EU-US-Framework.
7.4 Facebook Custom Audience
7.4.1 In addition, the website uses the remarketing function “Custom Audiences” of Facebook Inc. (“Facebook”). With this, in the context of a visit to the social network Facebook or to other websites also using this procedure, users of our website can be shown interest-related advertisements (“Facebook ads”). We thereby pursue the intention of showing you advertising that is interesting to you, thereby making our website more interesting for you.
7.4.2 Due to the marketing tools deployed, your browser automatically makes a direct connection to the Facebook server. We have no influence on the extent and the further utilisation of the data collected by Facebook through the use of this tool and can therefore only inform you about what we do know. Through the integration of Facebook Custom Audiences, Facebook receives the information that you have called up on the corresponding web pages of our Internet presentation, or learns that you have clicked an advertisement shown by us. If you are registered by the Facebook service, Facebook can assign the visit to your account. Even if you are not registered by Facebook, or have not logged on, there is the possibility that the provider can discover and store your IP address and further identifying characteristics.
7.4.3 Deactivation of the function “Facebook Custom Audiences” is possible under https://www.facebook.com/settings/?tab=ads.
7.4.4 The lawfulness of the processing of your data is Article 6, paragraph 1, sentence 1, letter f GDPR. You can find further information on data processing by Facebook under https://www.facebook.com/about/privacy.
7.5 Microsoft Bing
7.5.1 This website also uses the Bing Conversion Tracking from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. When you click on one of our Bing ads or on selected websites of the Bing advertising network, a temporary cookie is placed on your computer. If you now reach a conversion page with us – recognisable for Microsoft Bing and for us – it is recorded that you previously clicked on the ad. The information collected via the conversion cookie is meant to compile conversion statistics, i.e. to register how many users have arrived at a conversion page after clicking the ad, i.e. conclude an order process.
7.5.2 You can find information hereto and the possibility of preventing that information related to your use of the website is recorded by Bing Ads and transferred to Microsoft, in addition to the above-named possibility of deactivating tracking cookies, under the following link: http://choice.microsoft.com/.
8. Connection to Social Media
8.1 Use of Social Media Plug-ins
8.1.1 At the moment, we are using the social media plug-ins: Facebook, Twitter, LinkedIn, Xing, Google+. In order to increase the protection of your data when visiting our website, the plug-ins are not unrestricted but only integrated into the page using an HTML link (so-called “Shariff solution” from c’t). This integration ensures that no connection is established with the servers of the provider of the respective social network when a page of our website containing such plug-ins is called up. When you click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider on which you can (if necessary after entering your login data) e.g. press the Share button. We offer you the possibility through the plug-ins to interact with the social networks and other users so that we can improve our offering and structure such in a more interesting manner for you as the user. The lawfulness of the use of the plug-ins is Article 6, paragraph 1, sentence 1, letter f GDPR.
8.1.2 If you do not want that the respective social networks to generate data about you through our website, you can take the following action: always log out of the social network before you visit our website or other websites.
8.1.3 You can obtain more information about the purpose and scope of data collection and further processing thereof by the plug-in providers in the following notified data protection declarations of these providers. You can obtain further information therein of your relevant rights and setting options for the protection of your privacy.
8.1.4 Addresses of the respective plug-in providers and URLs with their data protection policies:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; more information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland; https://privacy.xing.com/en/privacy-policy.
- Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en. Google complies with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
9. Storage Periods and Criteria for the Storage of Your Personal Data
All processed personal data shall only be stored no longer and to the extent than is necessary for us to fulfil our contractual and statutory obligations. Among other things, data storage is necessary for the performance and execution of the contract including the defence and enforcement of civil law claims within the relevant statute of limitations time periods. According to §§ 195 et seq. German Civil Code (Bürgerliches Gesetzbuch, BGB), this statute of limitations period can be up to 30 years, whereby the general statute of limitations period is three years. Storage obligations and storage time periods resulting therefrom exist also on the basis of tax law, money laundering, commercial law, tax law and other statutory provisions. The time periods foreseen there for storage/documentation are six to 10 years. In order not to violate the statutory regulations or to lose the possibility of enforcing a claim or to defend ourselves against such a claim, we reserve the right to first erase the data after expiry of the last time period which legitimizes the data storage. It is standard that data which are collected through the analysis service Google Analytics are erased after 14 months.
10. Your Rights
You have the following rights in dealings with us with regard to your personal data:
- Right to information (Article 15 GDPR)
- Right to rectification or erasure (Articles 16, 17 GDPR)
- Right to restriction of processing (Article 18 GDPR)
- Right to data portability (Article 20 GDPR)
- Right to object (Article 21 GDPR): You have the right to lodge an objection at any time insofar as reasons exist relating to your particular situation against the processing of your personal data by us which occurs on the basis of Article 6, paragraph 1, sentence 1, letter f GDPR (data processing due to a legitimate interest). If you lodge an objection, we shall no longer process your personal data unless we prove compelling legitimate grounds requiring protection in favour of processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims. Furthermore, you have the right to lodge an objection against the processing of your personal data for direct marketing purposes, Article 21, paragraph 2 GDPR. If you lodge an objection to processing for purposes of direct marketing, your personal data shall no longer be processed for such purposes.
In order to exercise the rights named in Clause 10.1 above, please send an e-mail to firstname.lastname@example.org or to the address stated under Clause 1.2 above.
In addition, you have the right to lodge a complaint with the responsible data protection supervisory authority regarding the processing of your personal data.