ECKART

Data Protection Declaration - ECKART GmbH

1. General Information on Data Processing

This data protection declaration aims to clarify to you as the user the type, scope, and purposes of processing personal data by us as the controller ECKART GmbH (hereinafter referred to as “ECKART” or “we/us”) on this website (hereinafter referred to as the “website”).

Our contact details are:

ECKART GmbH
Güntersthal 4
91235 Hartenstein, Germany 

The contact details for our Data Protection Officer are:

Dr. Lutz-Steffen Berghold
- Data Protection Officer -     
Güntersthal 4
91235 Hartenstein, Germany 

1.1 Scope of Processing of Personal Data

In principle, we process your personal data only when you contact us via this website, when it is necessary for the function of the website, or when it is necessary for the presentation and use of our content, offers and services. 

1.2 Legal Basis for Processing Personal Data

If we obtain your consent to process personal data, then Article 6(1)(a) of the EU General Data Protection Regulation (“GDPR”) applies as the legal basis.

If processing personal data is required in order to fulfill a contract, whereby you are a party to the contract, Article 6(1)(b) of the GDPR applies as the legal basis. This is also the legal basis for processing required in order to perform precontractual tasks. If processing personal data is required in order for us to fulfill a legal obligation, Article 6(1)(c) of the GDPR applies as the legal basis.

If interests that are essential for your life or that of another natural person make the processing of personal data necessary, Article 6(1)(d) of the GDPR applies as the legal basis.

If processing personal data is necessary in order to protect a legitimate interest of ours or a third party and this interest outweighs your interests, fundamental rights, and freedoms, Article 6(1)(f) of the GDPR applies as the legal basis.

1.3 Sharing Data with Third Parties

All of the personal data processed in connection with the provision of this website shall only be shared by us with our Group companies and providers of technical services that are commissioned by us as processors in accordance with the provisions of the GDPR.

In individual cases, data may also be transferred to a third country outside of the EU and the EEA. However, we only transfer personal data to third countries that the EU Commission has ruled in accordance with Article 45 of the GDPR to have an adequate level of data protection or if we have agreed upon the standard data protection clauses issued by the EU Commission as set out in Article 46(2)(c) of the GDPR with the recipient of the data.

1.4 Data Deletion and Storage Duration

If you did not consent to a specific storage duration when your data was collected, we store your personal data only as long as is necessary for the respective purpose of processing where no statutory retention or storage durations dictate otherwise.

1.5 IP Recognition 

There are products in our product range that are sometimes only provided for particular markets, or, in other words, products that are not available to particular markets.

In order to only offer you the products that are available in your segment, we use both IP recognition and your browser language to determine the region in which you are located and suggest this as a potential target region. Provided that you actively confirm this region, this information will be stored in a cookie. In this respect, we store neither your IP address nor any other personal information.

2. Provision of the Website

When you visit our website, we log the IP address (i.e. the Internet address) of the computer you are using, along with other general usage data such as the date and time (“user-related data”), in order to evaluate which parts of our website are of particular interest. Your usage data is not linked to your full IP address in this case.

This data is processed in order to conduct internal analysis of the frequency of use of our website and, in doing so, we are pursuing our legitimate interest to check the efficiency of our website. Furthermore, this data is processed for marketing and optimization purposes, in particular to show you relevant ads that are of interest to you and therefore improve our website and make it more appealing to you as the user. The legal basis for processing the data is Article 6(1)(f) of the GDPR.

3. Use of Cookies

Our website uses cookies. Cookies are text files stored in the Internet browser or by the Internet browser on the computer system of the user. A cookie generally contains the name of the domain from which the cookie data was sent, as well as information on the age of the cookie and an alphanumerical identifier. Cookies help us improve our website and offer you a better service that is more tailored to you. They enable us to recognize your computer when you return to our website.

3.1 etracker

The provider of this website uses the services of etracker GmbH based in Hamburg, Germany (www.etracker.com), to analyze usage data. Cookies are used in the process, which allow for a statistical analysis of the use of this website by its visitors and facilitate the display of usage-related content or advertising. Cookies are small text files that are stored by an Internet browser on the user’s device. etracker cookies do not contain any information that allow for a user to be identified.

The data generated with etracker is processed and stored by etracker exclusively in Germany on behalf of the provider of this website. The data is therefore subject to the strict German and European data protection laws and standards. In this respect, etracker has been independently inspected, certified, and awarded the ePrivacyseal data protection seal of approval.

The legal basis for data processing is Article 6(1)(f) – legitimate interest – of the EU General Data Protection Regulation (GDPR). Our legitimate interest lies in optimizing our online offering and our website. The privacy of our visitors is especially important to us and, for this reason, the IP address is anonymized at etracker as soon as possible, and log-in or device identifiers at etracker are converted into a key that is unique but not assigned to a person. The data is not used in any other way, compiled with other data, or shared with third parties by etracker.

You can object to the data processing described above at any time, provided it pertains to personal data. Your objection will not have any negative implications for you.

I object to the processing of my personal data with etracker on this website.

Further information on data protection at etracker can be found here.
Information about your use of our website is also collected for statistical analyses using tracking pixels. Tracking pixels are small graphics on websites that allow for log file recording and analysis. The tracking pixels write information to your browser’s cookie file when you visit our website. The data is collected via a tracking server operated by eComCon GmbH, which stores information such as your IP address, the domain name of the website that took you to our website, the web pages you visited on our website, the names of the files you accessed, the date and time of access, the name of your Internet service provider, and possibly the operating system and browser version on your PC. No personal user data is transferred in the process; all of the acquired data is immediately fully anonymized after processing and before storage. The IP address is deleted immediately after its use. The collected data is used to create anonymous usage profiles that form the basis for web statistics and to improve our website and services on a continuous basis, thereby making them more appealing to you. As the data acquired using tracking pixels is collected, stored, and processed fully anonymously, neither we nor the third-party companies mentioned and need any special consent from you for this activity. You can object to the use of tracking pixels by the third-party companies working on our behalf. There is a blue arrow on each banner that appears. Clicking on this arrow directs you to a page that explains how the system works and gives you the opportunity to opt out. Choosing to opt out sets an opt-out cookie that prevents the future display of our advertising banners. However, you should be aware that deleting cookies will also delete this opt-out cookie. You should therefore reset the cookies before activating the opt-out cookie.

The use of cookies aims to improve the quality of our website and its content. Our legitimate interest in the processing of personal data lies in pursuing these purposes. The legal basis for processing the data is Article 6(1)(f) of the GDPR. Furthermore, the use of cookies helps ensure the confidentiality, integrity, availability, and resilience of our website and of the systems used to implement it. The legal basis for processing the data in this case is Article 6(1)(c) of the GDPR.

3.2 Google Analytics

This website uses Google Analytics, a web analysis service offered by Google Inc. (“Google”). Information concerning your use of the website is collected, including browser type and version, the operating system used, referrer URL (page that took you to our website), IP address, or the date and time of access.

Google Analytics uses cookies, which are stored on your computer to allow an analysis of your use of the website. The information concerning your use of this website that is generated by the cookies is generally transmitted to a server operated by Google in the United States and stored there. IP anonymization is activated on this website, so your IP address is shortened by Google within member states of the European Union or the EEA (European Economic Area) and is only transmitted in anonymized form. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and stored there. This transmission takes place on the basis of the EU-U.S. Privacy Shield Framework.

Google uses this information on behalf of the operator of this website to evaluate your use of the website, compile website activity reports, and provide further services associated with the use of both the website in particular and the Internet in general to the website operator.

Our legitimate interest in the processing of data lies in pursuing these purposes. The legal basis for using Google Analytics is Article 6(1)(a) and (f) of the GDPR.

The data sent by us and linked to cookies, user identifiers (e.g. user ID), or marketing IDs is automatically deleted after [14] months. Data for which the retention duration has reached its end is automatically deleted once a month.

You can adjust your browser settings to prevent cookies from being stored; if you do so, however, please be aware that you then may not be able to use the full scope of functions offered by this website.

You can also prevent the collection of data generated by the cookies and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in provided at the following link. The link is: http://tools.google.com/dlpage/gaoptout. Alternatively, you can prevent data collection by Google Analytics by clicking on the following link. Clicking on the link sets an opt-out cookie, which prevents the future collection of your data when visiting this website: <a href= "javascript:gaOptout(); alert('You have successfully deactivated Google Analytics');">deactivate Google Analytics</a>. Get more detailed information from Google at https://policies.google.com/privacy/partners.

3.3 Google AdSense

Our website uses the services of Google AdSense, a service used to integrate ads. Google AdSense uses cookies, which are stored on your computer to allow an analysis of use of the website. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to analyze information such as visitor traffic on this website.

The information generated by cookies and web beacons concerning the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a server operated by Google in the United States and stored there. Google may share this information with its contractual partners. However, Google will not compile your IP address with other stored data pertaining to you.

If you do not want any cookies to be stored on your computer, you can configure the appropriate settings in your browser. Doing so, however, may result in restricted use of our website.

The data is processed for marketing and optimization purposes, in particular to show you relevant ads that are of interest to you and therefore improve our website and make it more appealing to you as the user. The legal basis for processing the data is Article 6(1)(f) of the GDPR.

3.4 Google reCHAPTA

On our website, we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to determine whether an entry has been made by a natural person or has instead been made by a machine in an automated process, which is not permitted. The service includes sending the IP address to Google, along with any other data required by Google for the reCAPTCHA service.

The legal basis for this is our legitimate interest in determining whether the individual actions on the website have been carried out by a person or by a machine and preventing misuse and spam in accordance with Article 6(1)(f) of the GDPR. As part of the use of Google reCAPTCHA, personal data may be transmitted to the servers operated by Google LLC in the United States.

Where personal data is transmitted to Google LLC, which is based in the Untied States, Google LLC has been certified for the EU-U.S. Privacy Shield Framework, which ensures compliance with the data protection level applicable in the EU. A current certificate can be seen here: https://www.privacyshield.gov/list.

Further information on Google reCAPTCHA and Google’s privacy policy can be seen at: https://policies.google.com/privacy.

3.5 Facebook Custom Audience

The website uses the Custom Audiences remarketing function from Facebook Inc. (“Facebook”). This function enables ads that are of interest to be shown to users of the website when they visit the social network Facebook or other websites that use this function (“Facebook ads”). In doing so, we try to present you with ads that are of interest to you, in order to make our website more appealing to you.

Based on the marketing tools used, your browser automatically establishes a direct connection to Facebook’s server. We do not have any influence over the scope and further use of data collected by Facebook through the use of this tool. To the best of our knowledge, the following takes place: by integrating Facebook Custom Audiences, Facebook is informed when you have accessed the corresponding part of our website or clicked on our ad. If you are registered for a Facebook service, Facebook can assign your visit to our website to your account. Even if you do not have an account with Facebook, the service provider can obtain and save your IP address and other identifying characteristics.

Users who are logged in can deactivate the Facebook Custom Audiences function at https://www.facebook.com/settings/?tab=ads. Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy.

 

3.6 LinkedIn Retargeting and Tracking

On our website, we use the conversion tracking technology and retargeting function from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). The LinkedIn Insight Tag is integrated on our website for this purpose. The Insight Tag allows LinkedIn to collect statistical, pseudonymized data about your visit and your use of our website and to provide us with aggregated statistics based on this data. These statistics allow us to show you relevant offers and recommendations that are of interest to you after you have looked at certain services, information, and offers on the website. The related data is stored in a cookie. Furthermore, it is possible to create anonymized reports on the performance of ads and information about website interactions. The LinkedIn Insight Tag is integrated on this website for this purpose, whereby a connection to the LinkedIn server is established if you visit this website while being logged into your LinkedIn account at the same time.

The data is processed for marketing and optimization purposes, in particular to show you relevant ads that are of interest to you and therefore improve our website and make it more appealing to you as the user. The legal basis for processing the data is our legitimate interest in accordance with Article 6(1)(f) of the GDPR.

LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy provides further information on data collection and use, as well as the options and rights you have to protect your privacy.

If you are logged into LinkedIn, the collection of data can be deactivated at any time using the following link: https://www.linkedin.com/psettings/enhanced-advertising.

4. Contact Form 

Our website has a contact form that can be used to get in touch electronically. If you use this form, the data entered in the form is transmitted to us and processed by us.
The personal data from the form is only used by us alone to process your query.

The legal basis for processing the data in this case is Article 6(1)(f) of the GDPR. Processing your query also constitutes our legitimate interest in data processing.

Further legal basis for processing the data is your consent in accordance with Article 6(1)(a) of the GDPR. You can always withdraw your consent informally at any time.
If the purpose of making contact is to conclude a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR.

5. Social Media Buttons

You can find a link to Facebook, LinkedIn, Xing, YouTube, Wikipedia, and Instagram on our website. If you access one of these platforms, your browser establishes a temporary connection with the server of the corresponding network, which is primarily used to display the content of the plug-in. However, the network in question does receive your IP address through this plug-in. Your IP address is not assigned to you personally as a matter of course. However, if you have a user account with the network and are logged in there at the time the plug-in is activated, your visit to our website can be assigned to your user account.

Social media buttons usually transmit user data to the network, such as Facebook, each time a page is accessed. In order to prevent your IP address from being transmitted without your consent, we have set up a data protection–compliant solution on our website, which prevents your data from automatically being transmitted. This means that user data is only transmitted – to Facebook, for example – after the button is clicked, and not right when you access the page. Only when you actively click on the button in question will a connection be established with the platform’s server. If you do not click on the corresponding buttons, no data will be exchanged between you and the social media platform providers. More information on the Shariff solution used by us can be found here:
http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.

The privacy policy of the respective network exclusively applies to your connection with a social network, the data transmission that takes place between the network and your system, and your interactions on this platform. The plug-in remains active until you deactivate it or delete your cookies.

6. Careers Portal, Applicant Data

You can apply for advertised roles or send us a job application on your own initiative through our website. During the online application process, you share personal data with us, which we process for the purposes of processing your application. All personal data that you provide as part of the application process is only collected for the purposes of processing your application.

6.1 What Information Do We Collect? 

During the application process, we collect all information you provide in your application, as well as other data that we obtain in the course of an interview or online assessment, in particular evaluations.

Naturally, this evaluation does not contain any defamatory or pejorative statements; only information that directly relates to the application and the recruitment process or your job profile is added.

 

6.2 Handling Your Application Data

All personal data that you provide as part of the application process is only collected for the purposes of processing your application. It does not matter if you apply for a specific role or send us a job application on your own initiative.

Your application for a specific role or sent on your own initiative for a specific location goes directly to the responsible human resources department of our respective subsidiary.

When you send an application on your own initiative for a region or for multiple locations, you provide us with your personal data in order for us to check your suitability for different, possibly cross-departmental or cross-company roles. Your documents may therefore also be shared with several of our functional departments or with HR and functional departments of our subsidiaries in addition to being processed by our HR department.

In both cases, your application may also be shared with the responsible functional departments or the works council. Furthermore, our HR Corporate Systems & Recruitment department has access to the Group-wide applicant management system due to technical system requirements and can therefore access your applicant data.

6.3 Transferring Data to Third Parties

Particularly where an application process concerns a role in a third country outside of the EU and the EEA, your personal data will be transferred to our subsidiaries in this country. However, we only transfer personal data to third countries that the EU Commission has ruled in accordance with Article 45 of the GDPR to have an adequate level of data protection or if we have agreed upon the standard data protection clauses issued by the EU Commission as set out in Article 46(2)(c) of the GDPR with the recipient of the data.

6.4 Retention of your Data, Applicant Pool 

Your data will be deleted upon conclusion of the application process in accordance with the applicable data protection regulations, particularly in terms of retention periods.

During the application process, you have the option of consenting to the storage of your data in our applicant pool. If you provide this consent, your application data and documents will continue to be stored in our system and checked for suitability as new roles open up. If you do not provide this consent, or if you withdraw your consent, we will delete your personal data in accordance with legal provisions, provided we are not legally required to retain your data. You can withdraw your consent informally at any time.
 

6.5 Purpose of Data Processing, Legal Basis, Storage Duration

We collect and process your personal data during an application process for the purpose of initiating a potential employment relationship.

The legal basis for processing the data in this case is Article 6(1)(b) of the GDPR, as well as Article 6(1)(a), insofar as you have provided your consent for certain processing of your data.

Your applicant data is deleted or its processing is restricted as soon as the purpose of storage, i.e. processing an application or conducting an employment relationship, no longer applies. However, your data is not deleted insofar as European or national legislation stipulates a duty to archive data for a certain period of time after the end of the application process, or you have voluntarily provided your consent to the storage of your data for a longer period of time. In these cases, the data is deleted once the archiving period has expired or once your consent expires or has been withdrawn. You can withdraw your consent at any time.

7. Internet Purchasing Network Tool for Suppliers

If you are interested in being a supplier to our company and have shared this interest by using our Internet Purchasing Network Tool, you will be asked to provide contact details for the decision makers and representatives of your company. This information is provided on a voluntary basis. Only provide this information about employees of your company if these individuals have given their consent for this information to be shared.

This data is collected in order to prepare supplier contracts. The legal basis for processing the data in this case is Article 6(1)(b) of the GDPR, as well as Article 6(1)(a), insofar as you have provided your consent for certain processing of your data. You can withdraw your consent at any time. The personal data is only stored for as long as is necessary in order to prepare and execute a contract.

8. Your Rights

You have in principle - i.e. subject to statutory limitations - the following listed rights. In order to make exercising these rights easier, please note that such requests on your part do not have to be in a specific format and can be submitted electronically (especially by e-mail), among other methods.

You can request information from the controller about the personal data pertaining to you.

You can request that inaccurate personal data pertaining to you be corrected by the controller.

You can request that personal data pertaining to you be deleted by the controller.

You can request that processing of personal data pertaining to you be restricted by the controller.

You have the right to object to further processing of personal data pertaining to you by the controller, provided you specific reasons for this arising from your particular situation.

You can receive the personal data in a structured, commonly used, and machine-readable format and have this data transferred to another person without obstruction by the controller to which the personal data was provided.

Furthermore, you have the right to lodge a complaint about the controller’s handling of your data with a responsible supervisory authority for data protection. To make it easier for you to exercise this right, please note that the responsible supervisory body for the controller’s registered headquarters can be reached at the following address:

          

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), 
Promenade 27
91522 Ansbach, Germany


9. Data Security

We implement the required technical and organizational measures necessary for protecting your personal data from manipulation, loss, destruction, and unauthorized access and ensuring its integrity and availability. Our security measures are constantly improved in line with technological progress.

10. Changes to the Data Protection Declaration

This data protection declaration was last updated on July 1, 2019. We reserve the right to make changes to it at any time.