A. Data privacy objectives
We aim to build a long-lasting relationship with our employees and ensure our customers are highly satisfied in every respect. As part of that, we focus in particular on establishing and nurturing a personal relationship with our customers and gearing all other objectives of our company to that. A key part of those relationships is founded on trust. That is why we are fully committed to protecting privacy and the right to protection of data. Our goal is to offer employees, customers and visitors a secure, risk-free service.
In order to ensure that data is processed in compliance with statutory requirements, we gear our processes and their technology to the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant legislation. In particular, we aim to ensure that personal data is collected to an extent no greater than is required for the specific purpose and that it is easy for data subjects to exercise their rights.
B. Brief overview of data processing
What happens to the data?
For what purpose?
For how long?
IP, usage data
Statistics, operation of the website, security
Until use of the website is over
A few days
The usage and communication data gathered as a result of your visit to our web offering is processed by us for the purpose of delivering this web offering. It is not used above and beyond that. Additional processing operations may be performed by the integrated third-party services we use to enhance the presentation or functions of this web offering.
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data concerning health
“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
D. General disclosures
The controller within the meaning of the General Data Protection Regulation (GDPR) is the company:
82178 Puchheim, Germany
Phone: +49 89 552 9961 0
Fax: +49 89 552 9961 129
Data Protection Officer
You can contact our Data Protection Officer at:
Phone: +49 6841 9816 0
Fax: +49 6841 9816 29
Our Data Protection Officer will provide you with quick, uncomplicated assistance if you have any questions or wish to exercise your rights as a data subject.
Nature and scope of the processed data
In general, usage data (such as websites visited, access times) and communication data (such as browser information, IP addresses) are processed.
Browser and server data
Please note that your browser transmits information to us only when the website is used. The purpose of that is to ensure that you are technically able to visit the website. The data is required to enable information to be called. The type of information transmitted thus also depends on your settings and technical specifications. That means the following data may be recorded when you access our Internet offering:
- Your IP address
- The time you accessed the website
- The page or name of the file you called (URL)
- Status information (e.g. error codes)
- The amount of data transferred
- Browser information (the web browser and operating system you use, its language setting, etc.)
The data is used for statistical and security-related purposes. It is not passed on to any third party. This Internet offering itself does not use any technologies that are intended to analyze access behavior by individual users. Personal user profiles are not created. The data is stored for the specified purposes for a maximum of seven days.
- To store user settings.
We use the following types of cookie:
- Transient cookies (temporary use)
- Persistent cookies (use for a limited time)
The latter may be used by third-party providers. The cookies help us to improve our web offering and ensure it is easy to use.
Transient cookies are deleted automatically when you close your browser. Persistent cookies are deleted automatically after a predefined time, which may differ depending on the cookie. The times they are deleted are defined by the third-party provider in question.
You can delete the cookies at any time in your browser’s security settings. You can also set your browser so that it rejects certain or all cookies. However, we point out that if you do so, there may be restrictions to the website’s range of functions. The information obtained using cookies is stored by us separately from other data that may be provided to us. This data is explicitly not linked to your other data.
Categories of data subject
Visitors to our web offerings are affected by data processing by our website.
Purpose of processing
- Delivery of an online presence
- Providing users with means of interaction
- Security measures
Length of storage
The criterion for the period of time for storing personal data is the respective statutory retention period and the purpose of processing. When this period ends, the data in question is routinely erased, if it is no longer required for achieving the purpose for which it is processed.
There are several possible legal grounds permitted by the General Data Protection Regulation. First, Article 6 (1) point (a) GDPR is the legal basis for processing operations for which your consent is obtained. The legal basis for processing operations required for steps prior to entering into a contract, such as inquiries about our products and services, is Article 6 (1) point (b) GDPR. In the case of fulfillment of tax-related obligations, processing is based on Article 6 (1) point (c) GDPR. In the case of this web offering, the legal basis for data processing is mainly Article 6 (1) point (f) GDPR. Such processing is permissible if it is necessary to safeguard legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
The specific interests are indicated at the point at which the processing operations are carried out.
Technical security measures
We maintain up-to-date technical and organizational measures to ensure data security, in particular to protect your personal data against risks during its transfer and to prevent third parties gaining knowledge of it. These measures are updated to reflect the current state of the art.
E. Third-party service providers
If we allow third parties to process your data as well, that is done solely if authorized by the law and in compliance with statutory provisions. Such authorization may be your consent, a legal obligation or our legitimate interests.
The hosting services we use enable us to provide the following services: Infrastructure and platform services, software tools, computing capacity, storage space and maintenance services we require to operate this online offering.
The hosting provider processes the usage data on the basis of our legitimate interests in effective and secure delivery of this online offering in accordance with Article 6 (1) point (f) GDPR.
The usage data includes the data defined in the section “Nature and scope of the processed data.” This data is erased after seven days.
Links to other websites
The IP address sent from your browser as part of Google Analytics is not combined by Google with other data.
You can prevent storage of the cookies by making the appropriate setting in your browser software; however, we point out that if you do so, you might not be able to use all the functions of this website in full. You can also prevent recording of the data relating to use of website and generated by the cookie (including your IP address) by Google and processing of this data by Google by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout.
This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are only processed further in truncated form, which prevents them being linked to a particular individual. If data collected about you can be assigned to you, such a link is therefore excluded immediately and the personal data is erased without undue delay.
We use Google Analytics to analyze the use which is made of our website and to improve it on a regular basis. We can use the statistics we obtain to improve our offering and make it more interesting for you as a user. In exceptional cases in which personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). Google LLC is certified under the Privacy Shield Framework and so offers a safeguard that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
This website also uses Google Analytics to analyze visitor flows across all devices on the basis of user IDs. You can disable cross-device analysis of your users in your customer account.
A large number of websites use Google Analytics in the way described above. You can permanently prevent recording of data by installing a plug-in in your browser: http://tools.google.com/dlpage/gaoptout?hl=de. You can additionally prevent storage of cookies by means of your basic browser settings. You can also disable Google Analytics for your visit to our site by means of an opt-out:
Google Analytics turn off
F. Contact form
You can use the contact form to send a message to our departments. It is primarily used as a means for prospective customers to contact us about our products and services. Please note that your message cannot initially be assigned to a specific recipient, but is instead forwarded by the responsible body to the contact persons at our company. If you wish to address your inquiry directly to a specific contact person without other contact persons at our company gaining knowledge of it, please submit your inquiry over the phone or by regular mail, stating the name of the specific contact person.
The only information you must always disclose when sending the contact form is your e-mail address. The other, separately indicated data can be provided optionally and is used to be able to address you personally. If you do not wish to state your name, you can also specify a pseudonym.
We erase inquiries if they are no longer required and there is no further legal obligation to retain them. We regularly review whether they are still required; there are also statutory archiving obligations that may apply, in particular under fiscal and commercial law.
G. Rights of data subjects
You have the right to ask us to inform you about what data we have stored on you at any time, without the need to state reasons why, as well as about its origin and the recipients or categories of recipient to whom the data is disclosed and the purpose for which it is stored. You have the right, at any time, to demand the data we collect concerning you be rectified or erased or processing of it be restricted, as well as to exercise your right to data portability. You also have means of objecting to processing of your data.
Rectification, erasure or restriction of processing: You have the right to obtain from Elatec without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to object: If processing of personal data concerning you is based on Article 6 (1) point (f) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of that data. We will no longer process that personal data unless Elatec demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw consent at any time, without this affecting the lawfulness of processing based on consent before its withdrawal. To do that, you can get in touch with our Data Protection Officer at any time under the above contact data.
Right to erasure: You have the right to obtain from Elatec the erasure of personal data concerning you without undue delay and Elatec has the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- the personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject. This shall not apply if processing is required for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject.
Right to restriction of processing: You have the right to obtain from Elatec restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request restriction of its use instead;
- Elatec no longer needs the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defense of legal claims, or you have objected to processing pending verification whether our legitimate grounds override yours.
- Where processing of personal data concerning you has been restricted, the data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If you have obtained restriction of processing, you shall be informed by us before the restriction of processing is lifted.
Right to lodge complaints: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (GDPR). You can also contact Elatec’s Data Protection Officer, who can be reached at:
Phone: +49 6841 9816 0
Fax: +49 6841 9816 29