1 Collection of personal data
2 Controller, contact details of our data protection officer
(1) The controller pursuant to Art. 4 (7) GDPR is:
ETO GRUPPE Beteiligungen GmbH
Telephone: +49 77 71 8 09-0
Telefax: +49 77 71 8 09-100
(2) You can contact our data protection officer at:
Data protection officer
c/o ETO GRUPPE Beteiligungen GmbH
3 Legal bases for our processing of data
The legal bases of the processing of data are taken from the provision of Art. 6 GDPR, where the main purposes of us processing data are
· the performance of a contract, first sentence of Art. 6 (1) (b) GDPR
· the fulfilment of legal requirements, Art. 6 (1) (c) GDPR
· the safeguarding of legitimate interests, Art. 6 (1) (f) GDPR
4 Your rights as a data subject
(1) In accordance with the GDPR, you have the following rights regarding the personal data concerning you:
· Right of access, Art. 15 GDPR
· Right to rectification, Art. 16 GDPR
· Right to erasure (“right to be forgotten”), Art. 17 GDPR
· Right to restriction of processing, Art. 18 GDPR
· Right to data portability, Art. 20 GDPR
· Right to object to the processing, Art. 21 GDPR (see also Clause 5 below).
(2) You also have the right pursuant to Art. 22 GDPR not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you if the decision
· is not necessary for entering into, or performance of, a contract between you, the data subject, and us, the data controller;
· is authorised by Union or Member State law to which we as the controller are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
· is based on your explicit consent.
(3) If you are of the opinion that the processing of data concerning you infringes data protection provisions, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. The right to lodge a complaint can be claimed in particular with a supervisory authority in the Member State of your habitual residence or the place of the alleged infringement. In Baden-Württemberg, the competent supervisory authority is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit (State Department for data protection and freedom of information), Königsstraße 10a, 70173 Stuttgart.
5 Your right to withdraw and object
(1) Your right to withdraw in the case where consent was given
You have the right to withdraw any consent submitted at any time, without affecting the legality of processing that has previously taken place. If consent is withdrawn, we shall cease the corresponding processing of data.
(2) Your right to object in the case of legitimate interests
You have the right in accordance with Art 21 GDPR to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
1 Data collection in the event of purely informational use of the websites
You can visit our website without having to provide information about you. If you are merely using our website for informational purposes, i.e. when you do not log in or transmit information to us in any other way, for example, we only collect the personal data your browser transmits to our server and saves in protocol data (server log files). If you wish to view our website, we collect the following data, which are technically necessary for us in order to display our website to you and guarantee stability and security. The legal basis for this is the first sentence of Art. 6 (1) (f) GDPR:
· IP address
· Date and time of the request
· Time difference to Greenwich Mean Time (GMT)
· Content of the request (specific page)
· Access status/HTTP status code
· Respective data amount transmitted
· Website from which the request originated
· Operating system and interface
· Language and version of the browser software.
(1) In addition to the aforesaid data, cookies are stored on your computer when you use our website. You are informed of this with a pop-up information bar when you visit our websites. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information is passed to the site that sets the cookie (in this case us). Cookies cannot run programs or transfer viruses to your computer.
(2) Types of cookies used:
a) This website uses the following types of cookies, the extent and functioning of which are ex-plained below:
· Transient cookies
"Transient cookies" are deleted automatically when you close the browser. This includes session cookies in particular. These save what is known as a session ID, which can be used to assign different requests from your browser to the same session. This allows your computer to be recognised when you return to the website. Session cookies are deleted when you log out or close the browser.
· Persistent cookies
"Persistent cookies" are automatically deleted after a specified length of time, which may differ from cookie to cookie. You can delete the cookies in your browser’s security settings at any time.
b) You can configure your browser settings as you wish and, for example, refuse all cookies. Internet browsers are set to accept cookies as standard. However, you can deactivate the storage of cookies or set your browser in such a way that it is queried before cookies are sent. You can find more information about this in the help pages of the browser you are using. By clicking on the links below you can find out how you can manage and deactivate cookies in the most common browsers:
Please note that by deactivating / limiting cookies, you may have problems using our offers, e.g. you may not be able to access content that is part of your subscription or you may need to log in again every time you visit the website. You can actively delete the cookies used on our websites at any time in the browser you are using.
Special types of use (other features / services) of our website
(1) In addition to use of our website for purely informational purposes (see Section II), we also offer various other services and features that you can use should you be interested. To do this you will usually need to submit additional personal data, which we require and use in order to provide the particular service and to which the aforementioned principles on data protection also apply.
(2) We sometimes employ external service providers to process your data. They are carefully selected and commissioned by us, bound by our instructions and monitored on a regular basis.
(3) If our service providers or partners have their headquarters in a state outside the European Economic Area (EEA), we shall inform you of the consequences of this circumstance in the description of the respective offer.
(4) To prevent third parties from accessing your personal data without authorisation, particularly payment data, the connection is encrypted using SSL technology.
1 Contacting us using the contact form or via email
If you contact us by email or via the contact form, we will store the data you submit to us (your email address, your first and last name; providing your telephone number is optional) so that we can respond to your queries. We shall delete data that falls within this context once storage is no longer necessary, or shall restrict the processing if legal storage obligations exist.
2 Supplier login
(1) If you would like to use the download area on our website, you will need to register with us as a supplier beforehand. Registration is your personal, central access to the functions and our offers. This gives you i.a. simple and direct access to the content and services we have released for you and you can also manage your data. You will need to submit at least your email address and a password to register. Combined, these are the access data which you can use to log in.
(2) If you would like to use the protected download area on our website, you will need to register by providing your email address. For registration, we use what is known as the double opt-in process, which means that your registration will not be completed until you have first changed the encrypted password, which will be sent to you by email for the purpose of logging in, to your own password by clicking the link in the email. If you do not carry out this confirmation within 24 hours, your registration data will be deleted from our database.
(3) If you use our download area, we will save the data about you that we require for the purpose of fulfilling the contract. We will also save the optional data you provide for the time during which you use the portal unless you delete it first. You can manage and amend any of this information, except your user name, in the protected customer area.
Social media plug-ins
1 Integration of YouTube videos
(1) We have embedded YouTube videos into our online service. These are stored at http://www.youtube.com and can be played directly from our website. They are all embedded in “privacy-enhanced mode”, meaning that no data about you as a user is transferred to YouTube if you do not play the videos. The data indicated in paragraph 2 is only transferred when you play the videos. We have no control over this transfer of data.
(2) When you visit the websites, YouTube will be informed that you have accessed the relevant subpage of our website. In addition, the data indicated in section II No. 1 of this declaration will be passed on. This happens regardless of whether YouTube supplies a user account through which you are logged in or whether no user account exists. If you are logged into YouTube’s site, this data will be directly associated with your account. If you do not want your data to be associated with your profile on YouTube’s site, you will need to log out before activating the button. YouTube will save this data as a usage profile and use it for the purposes of advertising, market research and/or the demand-oriented design of its website. Such an evaluation will be carried out in particular (including for users who are not logged in) to deliver appropriate advertising and to provide other users of the social network with information about your activities on our website. You have the right to object to the creation of such usage profiles. To exercise this right, you must contact YouTube.
2 Integration of Google Maps
(1) We use Google Maps on our website. This allows us to display interactive maps for you on the website and enables you to comfortably use the maps feature.
(2) When you visit the websites, Google will be informed that you have accessed the relevant subpage of our website. In addition, the data indicated in section II No. 1 of this declaration will be passed on. This happens regardless of whether Google supplies a user account through which you are logged in or whether no user account exists. If you are logged into Google’s site, this data will be directly associated with your account. If you do not want your data to be associated with your profile on Google’s site, you will need to log out before activating the button. Google will save this data as a usage profile and use it for the purposes of advertising, market research and/or the demand-oriented design of its website. Such an evaluation will be carried out in particular (including for users who are not logged in) to deliver appropriate advertising and to provide other users of the social network with information about your activities on our website. You have the right to object to the creation of such usage profiles. To exercise this right, you must contact Google.
3 Integration of Google reCAPTCHA
4 Integration of social media plug-ins
(1) We currently use the following social media plug-ins: Facebook, Google+, Xing and LinkedIn. We use the system known as the two-click solution for these. This means that, when you visit our website, no personal data are initially passed on to the providers of the plug-ins. You will be able to identify the provider of the plug-in from its initial letter or the logo in the marking on the box. We give you the option of communicating directly with the provider of the plug-in via the button. Only when you click on the marked field, thus activating a plug-in, will the plug-in provider be informed that you have accessed the relevant website of our online service. In addition, the data indicated in Section II Number 1 of this declaration will be passed on. In the case of Facebook and Xing, the respective providers have stated that the IP addresses are anonymised immediately after collection in Germany. When the plug-in is activated, your personal data is thus automatically passed on to the provider of that plug-in and stored there (in the United States for US providers). Because the plug-in provider collects the data through cookies in particular, we recommend deleting all your cookies by using the security settings in your browser before clicking on the greyed-out box.
(2) We have no control over what data is collected or what data processing operations are used, nor are we aware of the full scope of the data collected, the purposes of processing or duration of storage. We also have no information concerning the erasure of data collected by the plug-in provider.
(3) The plug-in provider will save this data as a usage profile and use it for the purposes of advertising, market research and/or the demand-oriented design of its website. Such an evaluation will be carried out in particular (including for users who are not logged in) to display appropriate advertising and to provide other users of the social network with information about your activities on our website. You have the right to object to the creation of such usage profiles. To exercise this right, you must contact the relevant plug-in provider. Plug-ins allow us to give you the option to interact with the social networks and with other users so that we can improve our service and become more interesting for you as a user. The legal basis for the use of plug-ins is the first sentence of Art. 6 (1) (f) GDPR.
(4) Data is transferred regardless of whether you have an account with the plug-in provider or are logged into such an account. If you are logged into the plug-in provider’s site, the data we have collected on you are directly associated with your existing account with the plugin provider. If you press the activated button and link to the site, for example, the plug-in provider will also save this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using social networks, especially before activating the button, so that you can avoid being associated with your profile with the plug-in provider.
(5) Further information on the purpose and scope of the data collection and processing by the plug-in provider can be obtained in the following data protection declarations supplied by the providers. These also contain additional information on your rights in this regard and on the settings you can use to protect your privacy.
(6) Contact data of plug-in providers including URL and information on their data protection:
· Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; Data Policy; More information on data collection: “Like” button. Facebook also processes your personal data in the US and is subject to the EU-US Privacy Shield.