Privacy Policy

1. Introduction

Thank you for your interest in our company.

Personal data is all information that relates to an identified or identifiable person. Pseudonymous data that we cannot assign to you directly, e.g. via a name or e-mail address, is also personal data.

As the protection of your personal data is very important to us, we inform you in this privacy policy about the type, scope and purpose of the personal data processed by us and your rights as a data subject.

At the end of the privacy policy, you will find the various explanations of the terms under the heading Definitions.

The controller for the processing of personal data is

ELMEKO GmbH + Co KG

Graf-Zeppelin-Str. 5

56479 Liebenscheid

Liebenscheid, Germany

Phone +49 27 36 / 50 97 48-0

E-mail: info(at)elmeko.de

The external company data protection officer is

dokuworks GmbH

Mr. Markus Weber

Birlenbacher Str. 20

57078 Siegen

Phone: +49 271 77237-60

Email: datenschutz(at)doku.works

If you have any questions or suggestions on the subject of data protection, please feel free to contact us as the controller or our data protection officer at any time.

2. Rights of Data Subjects

You can assert the following rights against us with regard to your personal data

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object to the processing (Art. 21 GDPR)

If you submit a request for information to us, we will inform you in accordance with the data protection regulations whether and which data we have collected from you. We always endeavor to ensure up-to-date and error-free data collection. However, if incorrect information has been recorded, we will correct it immediately following a corresponding request.

To do so, please send us a request to: info@elmeko.de

3. Data Transfer to Third Countries

We only transfer or process data to countries outside the scope of the GDPR (so-called third countries) if you consent to this processing or other legal permission exists. This applies in particular if the processing is required by law or necessary to fulfill a contractual relationship and in any case only to the extent that this is generally permitted.

If data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we conclude EU standard contractual clauses in conjunction with a Transfer Impact Assessment (TIA) with corresponding service providers to establish an appropriate level of data protection.

With regard to data transfer to US companies, the transatlantic data protection agreement (so-called Data Privacy Framework) came into force on July 10, 2023; also known as "Privacy Shield 2.0". This means that - under certain conditions - the use of tracking/analysis and marketing tools with data transfer to the USA is permitted again. In order for a US company to be considered a secure data recipient and comply with the principles of the Data Privacy Framework, it must undergo a self-certification process by the US Department of Commerce (DoC). This self-certification requires a company to submit a series of documents. If these are complete, the organization is added to the DPF list (short for "Data Privacy Framework") and is considered self-certified according to the requirements of the new data protection framework.

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. In addition, data collected may be linked to data from other services of the same provider if you have a corresponding user account. Where possible, we try to use server locations within the EU if this is offered.

4. Data Protection Notice for Business Partners

We are pleased that you are interested in ELMEKO GmbH + Co KG and that you are contacting us.

The protection of your data is very important to us. With this data protection notice, we provide you with the following information in accordance with Art. 13 GDPR on the processing of your personal data in connection with our business relationship.

Further information about our company, details of the authorized representatives and other contact options can be found at www.elmeko.de/de/impressum

What data do we process and for what purposes?

We only process personal data that we have received from you or, if applicable, from publicly accessible sources as part of our business relationship.

Personal data within the meaning of Art. 4 No. 1 GDPR may include Names, telecommunication data and address data. In addition, we also process offer, inquiry and order data, data from the fulfillment of our contractual obligations, product data, documentation data and other data comparable to the categories mentioned.

The provision of your personal data is necessary for the initiation, execution and processing of the contractual relationship. If you do not provide your personal data, we will unfortunately not be able to contact you to clarify pre-contractual or contractual issues.

What is the legal basis for processing your personal data?

Your personal data is processed in accordance with the statutory provisions of the GDPR and the Federal Data Protection Act for the fulfillment of contractual obligations or for measures to initiate a contract (Art. 6 para. 1 sentence 1 lit. b GDPR),

In addition, we may use this data for additional purposes within the scope of our business relationship.

How long is the data stored?

We process and store your personal data for the duration of our business relationship and at least in accordance with the statutory retention periods, such as the German Commercial Code or Tax Code.

Who is the data passed on to and where is it processed?

We only use the personal data for our own purposes in the course of the business relationship.

5. Data Protection Notice for Applicants

The data controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

The legal basis for this processing is Section 26 (1) sentence 1 BDSG in conjunction with Art. 88 (1) GDPR.

If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis in this case is Art. 6 para. 1 lit. f GDPR and Section 24 para. 1 no. 2 BDSG. Our legitimate interest lies in legal defense and enforcement.

If you expressly consent to your data being stored for a longer period of time, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed further on the basis of your consent. The legal basis is then Art. 6 para. 1 lit. a GDPR. However, you can of course revoke your consent at any time in accordance with Art. 7 para. 3 GDPR by making a declaration to us with effect for the future.

6. Data Protection when Visiting our Website

Nature and purpose of processing:

When you access our website, i.e. if you do not register or otherwise transmit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar.

They are processed for the following purposes in particular:

Ensuring a smooth connection setup of the website,
Ensuring the smooth use of our website,
evaluating system security and stability and
to optimize our website.

We do not use your data to draw conclusions about your person. Information of this kind may be statistically evaluated by us in anonymized form in order to optimize our website and the technology behind it.

Legal basis and legitimate interest:

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipients:

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage period:

The data is deleted as soon as it is no longer required for the purpose for which it was collected. For the data used to provide the website, this is generally the case when the respective session has ended.

If the data is stored in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are anonymized so that it is no longer possible to identify the accessing client.

Provision prescribed or required:

The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted. For this reason, an objection is excluded.

7. hosting

We host the content of our website with the following provider:

Hosting provider, address, contact details

Details can be found in the hosting provider's privacy policy:

Link to the privacy policy of the hosting provider

The use of hosting providers is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

8. Online store and customer account

On this website, ELMEKO GmbH + Co KG offers customers the opportunity to register for a customer account by providing personal data and then to make purchases via the website. The personal data is entered in an input form, transmitted to us and stored. As part of the registration process, data such as e-mail address and contact details are processed. Registration for a customer account is required on the one hand for the provision of certain content on this website and on the other hand for the fulfillment of a contractual service.

We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit b. GDPR.

Users can optionally create a user account in which they can view their orders in particular. As part of the registration process, users are provided with the required mandatory information. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their retention is necessary for commercial or tax law reasons in accordance with Art. 6 para. 1 lit. c GDPR. It is the responsibility of users to back up their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.

We store the IP address and the time of the respective user action as part of the registration and renewed logins and use of our online services. The storage is based on our legitimate interests as well as those of the user in protection against misuse and other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR.

9. Use of Analysis and Tracking Tools

Cookies are small text files that are placed on your device and collect data that can later be read by a web server of the domain that placed the cookie.

Cookies and similar technologies are used on our website to provide users of this website with a more user-friendly service, to analyze the performance of our products and for other legitimate purposes.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

The following types of cookies can be distinguished:

9.1 Technically Necessary Cookies

Technically necessary cookies are those that ensure the basic functions of the website and thus enable its operation. This only concerns the technical necessity, not economic aspects.

The legal basis is our legitimate interest in the provision of a functional website in accordance with Art. 6 para. 1 lit. f GDPR or the fulfillment of a legal obligation in accordance with Art. 6 para. 1 lit. c GDPR.

For the aforementioned purposes, we use the services of the third parties listed below, who are responsible for the data processing that takes place via their respective service in accordance with Art. 4 para. 7 GDPR. Further information on data processing by these providers and your rights as a data subject can be found in the providers' privacy policies linked below:

Magneto (Adobe Inc., 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland)

https://www.adobe.com/privacy.html

Matomo (formerly Piwik) (InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769)

https://matomo.org/privacy/

Bootstrap Content Delivery Network (JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB)

https://matomo.org/privacy/

9.2 Statistics Cookies and Marketing Cookies

Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing cookies store user information regarding the website visited. This data is used, for example, to display advertisements tailored to user interest, to optimize offers, to recognize the user or to simplify website use.

The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Visableleads (Visable GmbH, ABC-Straße 21, 20354 Hamburg, Germany)

https://policies.google.com/privacy?hl=de

OpenStreet Map (FOSSGIS e.V., Bundesallee 23, D-10717 Berlin)

https://www.fossgis.de/datenschutzerkl%C3%A4rung/

10. Social Media

10.1 Integration of a Social Media Button

The controller has integrated social media components on this website. For this purpose, we use the services of the third-party providers listed below, who are responsible for the data processing that takes place via the service in accordance with Art. 4 No. 7 GDPR. The providers only collect personal data from you when you click on the button and are redirected to the respective page. Further information on data processing by these third-party providers and your rights as a data subject can be found in the providers' privacy policies linked below:

The legal basis for the processing is our legitimate interest in offering and advertising our offers and services on social media is Art. 6 para. 1 lit f. GDPR.

LinkedIn (LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland), responsible.

https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_join-form-privacy-policy

Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)

https://www.instagram.com/legal/privacy/

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=de&visit_id=0-636644030056539000-341535836&rd=1

10.3 Use of Social Media Profiles

We access the technical platform and services of the respective social media providers to display our content on a social media profile.

As the operator of the social media profile, we, ELMEKO GmbH + Co KG, are jointly responsible with the operator of the social network within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When you visit our social media profile, personal data is processed by the controller. In the following, we will inform you about what data is involved, how it is processed and what rights you have in this regard.

Please note that you use this website and its functions under your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating, etc.). We may take your comments and ratings as an opportunity to respond to them with our own comments. For this purpose, we make use of our legitimate interest in interacting with active users of our profile (Art. 6 para. 1 lit. f GDPR).

If you have questions of any kind, you have the option of contacting us via personal messages. Your user name may be automatically communicated to us. Further information can be provided voluntarily, in particular options for contacting us outside of social media. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent. The personal data processed by us for the purpose of contacting you will be automatically deleted after your request has been dealt with, unless statutory retention obligations prevent this (e.g. because a contractual relationship has been established between us on the basis of your request).

When you visit our social media profile, the provider collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the social media profile, with statistical information about the use of the website.

The data collected about you in this context is processed by the providers and may be transferred to countries outside the European Union. What information the provider receives and how it is used is described by the provider in general terms in its data usage guidelines. There you will also find information on how to contact the provider and on the settings options for advertisements.

The way in which the providers use the data from visits to social media profiles for their own purposes, the extent to which activities on the websites are assigned to individual users, how long this data is stored and whether data is passed on to third parties is not conclusively and clearly stated by the social media provider and is not known to us. When you access a social media profile, the IP address assigned to your end device is transmitted to the provider. It may be possible for the provider to assign IP addresses to individual users. If you are currently logged in to a social media provider as a user, a cookie with your identifier is stored on your device. This enables the provider to track that you have visited this page and how you have used it.

If you wish to avoid this, you should log out of the respective social media provider or deactivate the "stay logged in" function, delete the cookies on your device and close and restart your browser.

Further information on the rights to which you are entitled as a data subject under the GDPR can be found under point 2 Data subject rights.

The provider provides further information on this under the following link

LinkedIn (LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland), responsible.

https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_join-form-privacy-policy

Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)

https://www.instagram.com/legal/privacy/

YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=de&visit_id=0-636644030056539000-341535836&rd=1

11. YouTube with Extended Data Protection

Our website uses plugins from the YouTube website. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. The cookies remain on your end device until you delete them.

If you have consented to the use of YouTube, Google may use Google Fonts for the purpose of uniform display of fonts. When you access YouTube, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If you want to prevent the use of Google Fonts, we recommend deactivating YouTube.

If necessary, further data processing operations may be triggered after the start of a YouTube video (e.g. use of cookies from the Google Play Store), over which we have no influence.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

You can find more information about data protection at YouTube in their privacy policy at: http://www.youtube.com/t/privacy_at_youtube.

12. Contact

When you contact us (e.g. via contact form, chat or email), we process your data to process the request and in the event that follow-up questions arise.

If the data processing is carried out for the implementation of pre-contractual measures that are carried out at your request or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

13. Newsletter

If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address.

You can also voluntarily provide us with your title, surname and first name (Art. 6 para. 1 lit. a GDPR). We may process this additional data on the basis of your consent to personalize our newsletter for you, i.e. to address you personally as a recipient.

We use the Brevo tool (formerly SendinBlue) to send and manage the newsletter. The provider of Brevo is SendinBlue GmbH, Köpenicker Straße 126, 10179 Berlin. Brevo also enables us to analyze the behavior of newsletter recipients. In particular, we can check how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. It is also possible to recognize whether a predefined action has taken place after clicking on the link in the newsletter. Further information on data protection can be found at https://www.brevo.com/de/legal/privacypolicy/.

Registration for our newsletter takes place in a so-called double opt-in procedure, i.e. after registration you will receive an e-mail in which you are asked to confirm your registration. The subsequent confirmation will be logged by us for verification purposes; the time of registration and confirmation will be stored together with your e-mail address.

You can revoke your consent to the use of your title, surname and first name at any time by sending an e-mail to info@, as can a request to unsubscribe from the newsletter. If you unsubscribe from the newsletter, the data you have provided to us in addition to your e-mail address will also be deleted from the distribution list.

14. Storage Period

Unless specifically stated, we only store personal data for as long as is necessary to fulfill the purposes pursued.

In some cases, the legislator provides for the retention of personal data, for example in tax or commercial law. In these cases, the data will only be stored by us for these legal purposes, but will not be processed in any other way and will be deleted after the statutory retention period has expired.

15. Definitions of terms

The data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

16. Disclosure of Personal Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

17. Data security

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data is transmitted to us in encrypted form. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

18. Topicality and Amendment of this Data Protection Policy

This privacy policy is currently valid and is dated June 2024. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy.