A. Data privacy objectives
We aim to build a long-lasting relationship with our employees and ensure our customers are highly satisfied in every respect. As part of that, we focus in particular on establishing and nurturing a personal relationship with our customers and gearing all other objectives of our company to that. A key part of those relationships is founded on trust. That is why we are fully committed to protecting privacy and the right to protection of data. Our goal is to offer employees, customers and visitors a secure, risk-free service.
In order to ensure that data is processed in compliance with statutory requirements, we gear our processes and their technology to the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other relevant legislation. In particular, we aim to ensure that personal data is collected to an extent no greater than is required for the specific purpose and that it is easy for data subjects to exercise their rights.
B. Brief overview of data processing
The usage and communication data gathered as a result of your visit to our web offering is processed by us for the purpose of delivering this web offering. It is not used above and beyond that. Additional processing operations may be performed by the integrated third-party services we use to enhance the presentation or functions of this web offering.
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data concerning health
“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
D. General disclosures
The controller within the meaning of the General Data Protection Regulation (GDPR) is the company:
82178 Puchheim, Germany
Phone: +49 89 552 9961 0
Fax: +49 89 552 9961 129
Data Protection Officer
You can contact our Data Protection Officer at:
Phone: +49 6841 9816 0
Fax: +49 6841 9816 29
Our Data Protection Officer will provide you with quick, uncomplicated assistance if you have any questions or wish to exercise your rights as a data subject.
Nature and scope of the processed data
In general, usage data (such as websites visited, access times) and communication data (such as browser information, IP addresses) are processed.
Browser and server data
Please note that your browser transmits information to us only when the website is used. The purpose of that is to ensure that you are technically able to visit the website. The data is required to enable information to be called. The type of information transmitted thus also depends on your settings and technical specifications. That means the following data may be recorded when you access our Internet offering:
- Your IP address
- The time you accessed the website
- The page or name of the file you called (URL)
- Status information (e.g. error codes)
- The amount of data transferred
- Browser information (the web browser and operating system you use, its language setting, etc.)
The data is used for statistical and security-related purposes. It is not passed on to any third party. This Internet offering itself does not use any technologies that are intended to analyze access behavior by individual users. Personal user profiles are not created. The data is stored for the specified purposes for a maximum of seven days.
- To store user settings.
We use the following types of cookie:
- Transient cookies (temporary use)
- Persistent cookies (use for a limited time)
The latter may be used by third-party providers. The cookies help us to improve our web offering and ensure it is easy to use.
Transient cookies are deleted automatically when you close your browser. Persistent cookies are deleted automatically after a predefined time, which may differ depending on the cookie. The times they are deleted are defined by the third-party provider in question.
You can delete the cookies at any time in your browser’s security settings. You can also set your browser so that it rejects certain or all cookies. However, we point out that if you do so, there may be restrictions to the website’s range of functions. The information obtained using cookies is stored by us separately from other data that may be provided to us. This data is explicitly not linked to your other data.
Categories of data subject
Visitors to our web offerings are affected by data processing by our website.
Purpose of processing
- Delivery of an online presence
- Providing users with means of interaction
- Security measures
Length of storage
The criterion for the period of time for storing personal data is the respective statutory retention period and the purpose of processing. When this period ends, the data in question is routinely erased, if it is no longer required for achieving the purpose for which it is processed.
There are several possible legal grounds permitted by the General Data Protection Regulation. First, Article 6 (1) point (a) GDPR is the legal basis for processing operations for which your consent is obtained. The legal basis for processing operations required for steps prior to entering into a contract, such as inquiries about our products and services, is Article 6 (1) point (b) GDPR. In the case of fulfillment of tax-related obligations, processing is based on Article 6 (1) point (c) GDPR. In the case of this web offering, the legal basis for data processing is mainly Article 6 (1) point (f) GDPR. Such processing is permissible if it is necessary to safeguard legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
The specific interests are indicated at the point at which the processing operations are carried out.
Technical security measures
We maintain up-to-date technical and organizational measures to ensure data security, in particular to protect your personal data against risks during its transfer and to prevent third parties gaining knowledge of it. These measures are updated to reflect the current state of the art.
E. Third-party service providers
If we allow third parties to process your data as well, that is done solely if authorized by the law and in compliance with statutory provisions. Such authorization may be your consent, a legal obligation or our legitimate interests.
The hosting services we use enable us to provide the following services: Infrastructure and platform services, software tools, computing capacity, storage space and maintenance services we require to operate this online offering.
The hosting provider processes the usage data on the basis of our legitimate interests in effective and secure delivery of this online offering in accordance with Article 6 (1) point (f) GDPR.
The usage data includes the data defined in the section “Nature and scope of the processed data.” This data is erased after seven days.
Links to other websites
Google Tag Manager
We use the so-called tag manager of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The tags set up via the Google Tag Manger ensure the collection of data that is passed on to the target system. Because the data is only passed on, the system does not collect or store the data itself. According to the provider Google LLC, the Google Tag Manager is a cookie-free domain and therefore cannot collect any personal data this way.
Especially on our career pages we integrate further services:
In this context, your browser may transmit personal data to the respective providers. Both services serve to support and recruit new employees.
The IP address sent from your browser as part of Google Analytics is not combined by Google with other data.
You can prevent storage of the cookies by making the appropriate setting in your browser software; however, we point out that if you do so, you might not be able to use all the functions of this website in full. You can also prevent recording of the data relating to use of website and generated by the cookie (including your IP address) by Google and processing of this data by Google by downloading and installing the browser plug-in available under the following link: tools.google.com/dlpage/gaoptout.
This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are only processed further in truncated form, which prevents them being linked to a particular individual. If data collected about you can be assigned to you, such a link is therefore excluded immediately and the personal data is erased without undue delay.
We use Google Analytics to analyze the use which is made of our website and to improve it on a regular basis. We can use the statistics we obtain to improve our offering and make it more interesting for you as a user. In exceptional cases in which personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). Google LLC is certified under the Privacy Shield Framework and so offers a safeguard that it complies with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
This website also uses Google Analytics to analyze visitor flows across all devices on the basis of user IDs. You can disable cross-device analysis of your users in your customer account.
A large number of websites use Google Analytics in the way described above. You can permanently prevent recording of data by installing a plug-in in your browser: https://tools.google.com/dlpage/gaoptout?hl=de. You can additionally prevent storage of cookies by means of your basic browser settings. You can also disable Google Analytics for your visit to our site by means of an opt-out: Google Analytics turn off
Social plugins – Links
We use the double opt-in procedure for subscription to our newsletter. This means that, after you have subscribed, we will send an e-mail to the e-mail address given by you asking you to confirm that you wish to receive the newsletter. If you do not confirm your subscription, your information will be blocked and finally erased automatically. We also store the IP addresses you use and the times of your subscription and confirmation. The purpose of this procedure is to demonstrate that you have subscribed and to clarify any possible misuse of your personal data (Article 6 (1) point (f) GDPR).
The only information you must always disclose so that you can receive the newsletter is your e-mail address. The other, separately indicated data can be provided optionally and is used to be able to address you personally. If you do not wish to state your name, you can also specify a pseudonym. After receiving your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis for that is Article 6 (1) sentence 1 point (a) GDPR. You can withdraw your consent to receiving the newsletter and cancel your subscription to it at any time. You can withdraw your consent by clicking on the link in every newsletter e-mail, on our website, or by sending an e-mail, or a message to the contact data stated in the Imprint. We point out that we analyze your user behavior when we send the newsletter. To enable such analysis, the e-mails sent contain web beacons or tracking pixels, 1x1 pixel image files which are stored on our website. As part of the analyses, we link the above data and the web beacons with your e-mail address and an individual ID. We use the data obtained in this way to create a user profile so that the newsletter can be tailored to your personal interests. As part of that, we record when you read our newsletter and what links you click on in it and use that to draw conclusions on your personal interests. We link this data with your activities on our website.
G. Download of technical documentation and software (including white papers, Devpack)
Our website offers you the option of downloading technical documentation and software for our products if you provide your contact information. In order to begin the download, you must give us basic work-related data via your contact information. When you send this form, you give your consent to our storage and use of your personal data to improve our service. You also consent to our informing you via e-mail, telephone and postal mail about our products and contacting you about product-related topics. Your data will not be made available to third parties, and will be processed only for the stated purpose for which it was collected. It will be stored in our CRM system for the duration of the legally permitted period for storing the data of prospective customers. The legal basis for that is Article 6 (1) sentence 1 point (a) GDPR. You may revoke your consent at any time. Even if you revoke your consent, you may continue to use the technical documentation and software you have downloaded.
H. Contact form
You can use the contact form to send a message to our departments. It is primarily used as a means for prospective customers to contact us about our products and services. Please note that your message cannot initially be assigned to a specific recipient, but is instead forwarded by the responsible body to the contact persons at our company. If you wish to address your inquiry directly to a specific contact person without other contact persons at our company gaining knowledge of it, please submit your inquiry over the phone or by regular mail, stating the name of the specific contact person.
The only information you must always disclose when sending the contact form is your e-mail address. The other, separately indicated data can be provided optionally and is used to be able to address you personally. If you do not wish to state your name, you can also specify a pseudonym.
We erase inquiries if they are no longer required and there is no further legal obligation to retain them. We regularly review whether they are still required; there are also statutory archiving obligations that may apply, in particular under fiscal and commercial law.
I. Rights of data subjects
You have the right to ask us to inform you about what data we have stored on you at any time, without the need to state reasons why, as well as about its origin and the recipients or categories of recipient to whom the data is disclosed and the purpose for which it is stored. You have the right, at any time, to demand the data we collect concerning you be rectified or erased or processing of it be restricted, as well as to exercise your right to data portability. You also have means of objecting to processing of your data.
Rectification, erasure or restriction of processing: You have the right to obtain from Elatec without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to object: If processing of personal data concerning you is based on Article 6 (1) point (f) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of that data. We will no longer process that personal data unless Elatec demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw consent at any time, without this affecting the lawfulness of processing based on consent before its withdrawal. To do that, you can get in touch with our Data Protection Officer at any time under the above contact data.
Right to erasure: You have the right to obtain from Elatec the erasure of personal data concerning you without undue delay and Elatec has the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- the personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject. This shall not apply if processing is required for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject.
Right to restriction of processing: You have the right to obtain from Elatec restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request restriction of its use instead;
- Elatec no longer needs the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defense of legal claims, or you have objected to processing pending verification whether our legitimate grounds override yours.
- Where processing of personal data concerning you has been restricted, the data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If you have obtained restriction of processing, you shall be informed by us before the restriction of processing is lifted.
Right to lodge complaints: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (GDPR). You can also contact Elatec’s Data Protection Officer, who can be reached at:
Phone: +49 6841 9816 0
Fax: +49 6841 9816 29