Data Protection

Information on Data Protection for Microsoft Teams

Information on Data Protection When Using the Website

 

We provide you with information below about the collection of personal data when using our website. Personal data are all data that are available about you personally, e.g. name, address, email address and user behavior. We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act, new version (BDSG), and all other relevant laws on the processing of personal data.

 

I. Collection of Personal Data 

(1) Essentially, we only collect data which are legally or contractually stipulated or necessary to conclude the contract. There are no negative consequences associated with the non-provision of these data. However, in individual cases non-provision may obstruct or delay communication with you, for example.
(2) Your personal data are protected from loss and misuse at all times through reasonable technical and organizational measures. In certain cases, e.g. when using our contact form, your personal data will be encrypted in the course of transmission by so-called Transport Layer Security (TLS) technology. This means that communication takes place between your computer and our servers, using a recognized encryption method.
(3) In some cases, we will transmit your data to third parties and/or data processors (e.g. IT providers, hosting providers, computer centers, etc.), who provide us with support in contract implementation, or in order to comply with legal obligations. If third parties are service providers, they have been carefully selected and commissioned by us; data processors are bound by our instructions and are regularly monitored. Your data will be transferred if you have consented to transmission in advance or we are legally or contractually authorized or obliged to do so.

 

II. Controller, Contact Details for our Data Protection Officer 

The controller pursuant to Art. 4 (7) GDPR is:

ETO GRUPPE TECHNOLOGIES GmbH
Hardtring 8
78333 Stockach
Email: info@etogruppe.com
Telephone: +49 7771 809-0
Telefax: +49 7771 809-100

 

III. Contact Details for our Data Protection Officer

You can contact our data protection officer at:

Data protection officer
c/o ETO GRUPPE TECHNOLOGIES GmbH
Hardtring 8
78333 Stockach
Email: datenschutz@etogruppe.com

 

IV. Legal Foundations for our Data Processing 

The legal foundations for data processing can be seen in the provision of Article 6 GDPR, whereby our data are predominantly processed:
- on the basis of consent, Article 6 (1) clause 1a) GDPR
- for contractual performance, Article 6 (1) clause 1b) GDPR
- for the fulfillment of legal obligations, Article 6 (1) c) GDPR
- for the safeguarding of legitimate interests, Article 6 (1) f) GDPR.

 

V. Your Rights as the Data Subject 

(1) Pursuant to GDPR, you have the following rights with regard to personal data concerning you:
- Right of access, Article 15 GDPR
- Right to rectification, Article 16 GDPR
- Right to erasure (“right to be forgotten”), Article 17 GDPR
- Right to restriction of processing, Article 18 GDPR
- Right to data portability, Article 20 GDPR
- Right to object to processing, Article 21 GDPR
(2) In addition, under Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, where the decision:
- is not necessary for the conclusion or performance of a contract between you as data subject and us as controller;
- is permitted based on legislation of the European Union or the Member States, to which we are subject as controller, and such legislation contains reasonable measures to safeguard your rights and freedoms, as well as your legitimate interests as data subject; or
- is taken with your explicit consent.
(3) If you believe that the processing of data concerning you infringes data protection provisions, you have the right, under Article 77 GDPR, to lodge a complaint with a supervisory authority. The right to lodge a complaint may in particular be enforced at a supervisory authority in the Member State in which you reside, or at the site of the alleged infringement.

 

VI. Your Right to Withdraw Consent and Right to Object 

(1) Your right to withdraw consent
You have the right to withdraw consent issued on the basis of Article 6 (1) clause 1a) GDPR at any time, without affecting the lawfulness of processing carried out until that time. If consent is withdrawn, we shall stop the relevant data processing.
(2) Your right to object in case of legitimate interests
Under Article 21 GDPR you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you, which are collected on the basis of Article 6 (1) f) GDPR. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the assertion, exercise or defense of legal claims.

 

VII. Data Collection When Using Data for Information Only 

(1) You can visit our website without having to give details about your person. When using our website merely for information, i.e. if you do not contact us via our contact form, for example, or transfer information to us in any other way, we will only collect personal data which are automatically transferred to our server by your browser and stored in protocol data (server log files). The following data are collected:
- IP address
- date and time of query
- request line
- status code
- size of temporarily loaded data volume
- website from which the query comes (referrer)
- type and version of browser used
- operating system
(2) Log files are stored to assure the functioning of the website and to allow for the prevention of errors and attacks. Moreover, the data serve to optimize our website and guarantee stability and security.
(3) The legal foundation for temporary storage is Article 6 (1) clause 1f) GDPR with the legitimate interest in achieving the purposes set out above.
(4) We delete stored data as soon as storage is no longer required. This will be the case after 7 days at the latest. Continued storage is possible if for example we detect irregularities in the log files as a result of attacks. In this case the IP addresses are deleted or distorted, so that assignment is no longer possible.
(5) The recording of data on provision of the website and the storage of data in log files is absolutely necessary for the operation of the site and carried out automatically. The user has the option to object, but we have no influence over data processing for the future.

 

VIII. Cookies 

(1) In addition to the data referred to above, cookies are stored on your computer when you use our website. Cookies are text files, which we store on your computer. Cookies are unable to execute any programs or transfer viruses onto your computer.
a) This website uses technically necessary cookies. Technically necessary cookies are absolutely necessary for the operation of the website and its basic functions. Without these cookies the website might not be correctly displayed, it might not function properly, and we cannot perform, or fully perform the service offered on the website. Technically necessary cookies cannot be deactivated.
We use the following technically necessary cookies: 

 

Name

164f078e776a7170ba440ba821f4afcb

Provider

www.etogruppe.com 

Purpose

The session cookie assigns a clearly randomly generated value to the browser session.

Stored data

Language, login status

Life circle

Session

 

Name

fmalertcookies

Provider

www.etogruppe.com 

Purpose

The cookie indicates whether the user has understood the information on use of cookies

Stored date

Information understood (true)

Life circle

1 month


(2) Technically necessary cookies are used based on the legal foundation of Article 6 (1) clause 1f) GDPR with the legitimate interest in achieving the purposes referred to above. When accessing our website, the user will be informed of the use of technically necessary cookies via a banner. The banner is designed in such a way that initially only technically necessary cookies are set. When using technically unnecessary cookies we would ask for your confirmation that you have taken note of the data privacy information. If you give confirmation by clicking on “understood”, we will also set a cookie to allow your confirmation to be verified. Reference is also made here to this information on data privacy.
(3) Session cookies are deleted when you log out or close the browser. In addition, you can configure your browser setting to meet your requirements and, for example, switch off the acceptance of cookies in general. You can deactivate the storage of cookies or set your browser so that you will be asked before cookies are sent. You can find further relevant information here in the help function of your browser. Under the links below, you can obtain information on how to manage and deactivate cookies in the most popular browsers:
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

 

 

IX. Contact on our Contact Form or by Email 

(1) When contacting us on our contact form we would ask you to provide the following data: your first name, surname and email address. These personal data are necessary compulsory details and are specially identified. We store your data on order to reply to your queries. We use your first name and surname so that we can address you in person, and use your email address as recipient address for our communications. The legal foundation for processing is constituted by Article 6(1) clause 1b), if the goal of contact is to conclude a contract, and f) GDPR with the legitimate interest of contacting you. We delete data accumulated in this context once correspondence has clearly ended, storage is no longer necessary, or processing is restricted if statutory retention obligations arise.
(2) When you contact us by email, we store personal data that you have provided in the email in order to reply to your queries. The legal foundation for processing is constituted by Article 6 (1) clause 1b), if the goal of contact is to conclude a contract, and f) GDPR with the legitimate interest of contacting you. We delete data accumulated in this context, once correspondence has clearly ended, storage is no longer required, or processing is restricted if statutory retention obligations arise.

 

X. Applications for Job Adverts / Online Job Portal 

(1) If you apply to us by email or by post, we will process the personal data you have provided (e.g. surname, first name, address data, communication data, birth data, CV, certificates, qualifications, replies to questions and any correspondence with you in the course of the selection process) within the course of our candidate selection procedure, in order to assess whether you have the professional suitability and capacity, as well as professional performance for the position for which you have applied. The legal basis for the establishment of the employment relationship results from Art. 6 (1) Sentence 1 lit. b GDPR, for the fulfillment of legal obligations in the context of the application procedure from Art. 6 (1) Sentence 1 lit. c GDPR. 
(2) Within the responsible body, certain persons will have access to your data; these are the ones who need it within the course of the candidate selection procedure or to fulfill our contractual or legal obligations.
(3) We delete personal data stored in relation to your application as soon as storage is no longer required or processing is restricted if statutory retention periods arise. Unless recruitment is implemented, this is frequently the case no more than four months after completion of the application procedure.
(4) If no recruitment is made, but your application continues to be of interest to us, we will ask for your consent on whether we can continue to hold your application for future vacancies.
(5) For some of the offered positions, you have the option of applying on our online job portal. In such cases you will receive separate information on data protection for applicants in our job portal.

 

XI. Matomo 

(1) We use the web analytics service Matomo on our website, an open source software for statistical analysis of visitor access. We have configured Matomo to create visitor hits without cookies. Instead, Matomo assigns each visitor a temporary configuration ID and compiles statistics based on data that is automatically transmitted to servers when the website is accessed (so-called log files). This form of data collection does not provide access to data stored in the user’s terminal device. Potential personal data – such as the IP address or visitor ID – is anonymized, data from which personal data can potentially be read is also anonymized. If you visit our website several times within a day, Matomo assigns you a new configuration ID each time. It is, therefore, not possible to merge your visits. 
(2) The scope of application of the GDPR and the TTDSG is not opened under these settings. 
(3) We use the data to gain key insight into high-visit pages and draw conclusions about which content needs to be (more) attractively designed for visitors. 
(4) Matomo and the statistics obtained through Matomo are stored on our own corporate servers. Our servers are hosted in Germany. A transfer to other EU countries or to countries outside the EU / EEA does not take place, and is not envisaged. 
(5) The configuration ID assigned by Matomo is stored for 24 hours. 

 

XII. Google Maps 

(1) We use Google Maps, an online service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), on this website. As a result, we can show you interactive maps directly on the website and allow you to use the map function conveniently. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. As a minimum, Google then receives your IP address and the referrer URL. This takes place regardless of whether Google provides a user account on which you are logged in, or whether there is no user account. In the event of you also being logged on with an existing user account at Google in parallel to visiting our websites, Google may also allocate the visit to our websites to your user behavior.
(2) Google stores your data as a user profile and uses data for the purpose of advertising, market research and/or demand-based design of its website. Such an analysis is conducted in particular (even for users who are not logged on) to provide demand-based advertising and to inform other users of the social network about your activities on our website.
(3) The legal foundation for processing by us is constituted by Article 6 (1) clause 1f) GDPR and our legitimate interest in shaping our offer overall for users in a user-friendly and uniform way.
(4) We do not have any influence on the collected data and data processing operations, and nor are we aware of the full extent of data collection, the purpose of processing or storage periods. We also have no information available on the deletion of collected data by the provider. If you do not want to be assigned to your Google profile, you will have to log out.

 

XIII. Google reCAPTCHA 

(1) We use Google reCAPTCHA, an online service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), on this website. Its integration serves to differentiate whether entries are made by a natural person or improperly through machine and automated processing.
(2) We use Google reCAPTCHA for the purpose of ensuring sufficient data security in the transmission of personal data. When you use Google reCAPTCHA, Google receives the information that you have accessed the corresponding subpage of our website. In addition, as a minimum, your IP address and the referrer URL are transmitted. This takes place regardless of whether Google provides a user account on which you are logged on, or whether there is no user account. In the event of you also being logged in to Google with an existing user account in parallel to visiting our websites, Google may also assign the visit to our websites to your user behavior.
(3) Google stores your data as a user profile and uses the data for the purpose of advertising, market research and/or demand-based design of its website. Such an analysis is conducted in particular (even for users who are not logged in) to provide demand-based advertising and to inform other users of the social network about your activities on our website.
(4) The legal foundation for our processing is constituted by Article 6 (1) clause 1f) GDPR. There is a legitimate interest in protecting the client’s website from automated entries (e.g. bot attacks).
(5) We do not have any influence on collected data and data processing operations, and nor are we aware of the full extent of data collection, the purpose of processing, or storage periods. We have no information available on the deletion of collected data by the provider. If you do not want to be assigned to your Google profile, you will have to log out.
(6) You can find more detailed information on the terms of use and data privacy at https://www.google.de/intl/de/policies/.

 

XIIIV. YouTube 

(1) You can play YouTube videos directly on our website. The videos are available on YouTube via our channel “ETO GROUP” and are directly integrated into our online offer via a plug-in. YouTube is a trademark of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. 
(2) By embedding YouTube videos, we want to give you insights, impressions and information about our work to inspire you as a prospective customer, applicant or in any other capacity.
Information about the processing of your personal data by Google, the purposes of the processing and the storage periods and their deletion can be found at https://www.google.de/intl/de/policies/. 
(3) Your personal data will be processed by us exclusively with your consent to the collection and transmission of your personal data for the purposes named above, Art. 6 (1) Sentence 1 lit. a GDPR.
When you access a page on which we have embedded a YouTube video, the video is initially blocked by a preview page. In doing so, we can ensure that no data is automatically transferred to Google. Only with your consent – by clicking on the preview page – is the cookie banner accessed again. By sliding the slider to the right you will see the video ready to play. 
(4) When transmitting your personal data, servers of Google are accessed. These servers may be located in the USA. In cases where personal data is transferred to the US, Google has certified itself in accordance with the EU-US Transatlantic Data Privacy Framework, https://www.dataprivacyframework.gov. The certification confirms an adequate level of data protection in accordance with the EU Commission’s implementing decision. 
(5) You have the right to revoke the consent at any time for the future. You can undo the data transfer to YouTube by revisiting the cookie banner and moving the slider to the left or by deleting the cookies in your browser. The video can then no longer be played. If you are logged in to Google (YouTube) with an existing user account while visiting our website, Google may also be able to associate your behavior with the use of our YouTube channel. If you want to make it more difficult to associate your Google profile, we recommend that you log out. 

 

XV. Content Delivery Networks 

(1) We rely on a Content Delivery Network (CDN) for the operation of individual contents on our website. In the course of integration, large media files, such as design templates for typography, forms, buttons, tables, grid systems, and navigation and other interface design elements are downloaded from the browser as a separate file to cache. The files are loaded from a central server - connected via the Internet - to which several websites have access. A CDN has the advantage that contents can be delivered more quickly by retrieval from a central server. When you access our website, data are transmitted to the CDN. As a minimum, your IP address and the referrer URL are transferred.

 

Name

CDN

Provider Privacy Policy

jsDelivr

Prospectone Sp. z o.o., ul. Krolweska 65A, 30-081, Krakow, Poland

https://www.jsdelivr.com/privacy-policy-jsdelivr-net/

Font Awesome

FontIcons Inc.

https://fontawesome.com/privacy

Ajax Google API

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

https://www.google.de/intl/de/policies/

StackPath Bootstrap

LLC. NetDNA, 3575, Cahuenga Blvd Suite 630, Los Angeles, CA 90068, USA

https://www.maxcdn.com/legal/

 

(2) The use of a CDN serves to maintain the functioning of our website and provides us with support in facilitating a better user experience as a result of shorter loading times.
(3) The legal foundation for use of the service is constituted by Article 6(1) clause 1f) GDPR and our legitimate interest in rapid provision of our website and optimization of our online offer.
(4) By virtue of the employed technologies, your browser automatically establishes a direct connection with the server of the CDN provider. These servers may also be located outside the EU and the EEA.
(5) We do not have influence on collected data and data processing operations, and nor are we aware of the full extent of data collection, the purpose of processing, or storage periods. We also have no information available on the deletion of collected data by the CDN provider.
(6) Common browsers provide the option in settings to block the loading of contents from the CDN (JavaScript blocker). If you do not want to transfer any data to the CDN, you can set your browser up accordingly. Alternatively, you can install a JavaScript blocker (e.g. www.noscript.net or www.ghostery.com). We would point out that in such cases the correct display and smooth functioning of our website might no longer be possible.

 

XVI. Social Media 

(1) On our website, you have the option of visiting our web presences on various social media platforms. You can recognize the provider of the social media platform via the logo. You can recognize the provider of each social media platform by its logo.
The social media logos only have links behind them. This means that when visiting our website, none of your personal data is automatically transferred to social networks. Clicking on one of the logos opens a page in a separate window and you will be transferred to that particular social network.
(2) When you visit our social media channels, data processing takes place there. All information on the purpose and scope of data collection, on processing by the social network, as well as by us, and on your data protection rights can be found in the following information on data protection:

 

Facebook
Instagram
LinkedIn
Twitter
YouTube
Xing

 

Cookie Declaration