Data Privacy Statement
ELMEKO GmbH + Co. KG
Tel. +49 27 36 / 50 97 48-0
Commercial Register: HRA 21180
District Court: Montabaur
Managing Director: Burkhard Herr
Data Protection Officer:
You can contact the external company Data Protection Officer for ELMEKO GmbH + Co. KG at the following
Birlenbacher Str. 20
- General information on data processing and legal basis
- This Data Privacy Statement will inform you about how, to what extent and for what purpose we process personal data in connection with our internet services and its related websites, functions and content (hereafter referred to jointly as "online services" or "website"). The Data Privacy Statement is valid regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used to access or conduct the online services.
- Regarding the terms used, such as "personal data" or the "processing" thereof, please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
- Examples of users’ personal data which is processed in relation to these online services are inventory data (e.g. customer names and addresses), contractual data (e.g. services used, names of responsible persons, payment information), usage data (e.g. the web pages of our online services that users visit, interest in our products) and content data (e.g. entries in the contact form).
- The term "user" covers all categories of person affected by data processing. These include our business partners, customers, interested parties, addressees of marketing measures and other visitors to our online services. Whenever these terms occur, such as "user", they are gender-neutral.
- We only process personal user data in accordance with the relevant data privacy regulations i.e. user data are only processed if and when legal permission exists, particularly when processing of the data is necessary or required by law for the fulfilment of our contractual obligations (such as order processing) or for performance of online services, when the user’s consent has been obtained, and to protect our legitimate interests i.e. our interest in the analysis, optimisation, efficient operation and security of our online services as set out in Art. 6 Para. 1 Letter f) GDPR, particularly with respect to reach measurement, creation of profiles for advertising and marketing purposes, and the collection of access data and use of third-party service providers.
- Please note that the legal basis for consent is Art. 6 Para. 1 Letter a) and Art. 7 GDPR, for processing in order to provide our services and fulfil contractual obligations Art. 6 Para. 1 Letter b) GDPR, for processing in order to fulfil our legal obligations Art. 6 Para. 1 Letter c) GDPR, and for processing to protect our legitimate interests Art. 6 Para. 1 Letter f) GDPR.
- Security measures
- We implement organisational, contractual and technical security measures to ensure that the provisions of data privacy law are complied with, and to protect the data we process against inadvertent or deliberate manipulation, loss, destruction and unauthorised access. These security measures are updated regularly in line with continuous technical development.
- In particular, the security measures include the encoded transmission of data between your browser and our server.
- Transmission of data to third parties and third-party providers
- Data is only transmitted to third parties in accordance with the legal provisions. We only transmit user data to third parties if it is necessary for contractual purposes e.g. pursuant to Art. 6 Para. 1 Letter b) GDPR, or on grounds of legitimate interest in accordance with Art. 6 Para. 1 Letter f) GDPR for the effective, economic operation of our business.
- If we engage sub-contractors to provide our services, we implement appropriate legal, technical and organisational measures to ensure the privacy and integrity of personal data in accordance with the relevant legal provisions.
- If content, tools or other items from other suppliers (hereafter collectively referred to as "third-party providers") are used in the context of this Data Privacy Statement and the business seats of any such providers are in a third country, it can be assumed that data transmission to the respective countries in which the third-party providers are located will take place. Third countries are those in which the GDPR does not apply directly i.e. non-EU/EEA (European Economic Area) countries generally. Data will only be transmitted to third countries either if these countries guarantee an appropriate level of data privacy, or if user consent or some other form of legal permission has been given.
- We process inventory data (e.g. customer names and addresses, user contact data) and contractual data (e.g. services used, names of responsible persons, payment information) for the purpose of fulfilling our contractual obligations and providing services in accordance with Art. 6 Para. 1 Letter b) GDPR.
- Users have the optional of creating a user account in which they can, in particular, follow the status of their orders. Users are advised about which data are mandatory for registration. User accounts are not public and cannot be indexed by search engines. When users have cancelled their user accounts, their data related to the user account will be deleted, provided that storage of this data is not required for commercial or fiscal reasons in accordance with Art. 6 Para. 1 Letter c) GDPR. Once users have given notice of account cancellation, they are responsible for securing their own data before expiry of the contract. We are entitled to irrevocably delete all user data we have collected and stored in the course of the contract.
- In the course of registration, every new log-in transaction and use of our online services we store the IP address and time of the respective user activity. This information is stored in order to protect both our legitimate interests and those of the user by preventing misuse and other unauthorised use. These data are generally not transmitted to third parties unless the transmission is necessary for the pursuit of our claims or required by law pursuant to Art. 6 Para. 1 Letter c) GDPR.
- When users make contact with us (via the contact form or by e-mail), their data are processed for the purpose of registering and handling the request in accordance with Art. 6 Para. 1 Letter b) GDPR.
- The user data may be stored in our Customer Relationship Management System ("CRM System") or comparable request administration systems.
- Collection of access data and log files
- On the legal basis of protecting our legitimate interests as laid down in Art. 6 Para. 1 Letter f) GDPR, we collect information (known as server log files) every time the server on which the respective service is located is accessed. The access data include the name of the website retrieved, the file, date and time of retrieval, data volume transmitted, report on the successful retrieval of the file, browser type and version, user operating system, referrer URL (the site visited prior to this one), IP address and requesting provider.
- Log file information is stored for a maximum of seven days for security reasons (e.g. for use as evidence in cases of misuse or fraud) and then deleted. Data which must continue to be stored for use as evidence are exempted from deletion until the respective incident has been conclusively resolved.
- Cookies & reach measurement
- Cookies are data which are transferred from our web server or third-party web servers to the user’s web browser where they are stored for retrieval at a later date. Cookies can be mini-files or other data tracking formats.
- We use "session cookies" which are only stored temporarily for the duration of your current visit to our online services (e.g. to store your login status or the contents of your shopping cart, essential functions which enable you to use of our online services overall). Session cookies are used to store a randomly generated, unique identification number known as the session ID. A cookie also contains information about its origin and the data retention period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online services and log out or close your browser.
- This Data Privacy Statement informs users about how cookies are used as part of pseudonymized reach measurement activities.
- If users do not want cookies to be stored on their computer, they are requested to deactivate the corresponding option in the system settings of their browser, where stored cookies can also be deleted. Deactivating cookies can lead to restrictions in certain functions of these online services.
- The change of the current cookie settings for www.elmeko.de is possible via the following link: Change cookie settings
- We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing
behavior of our users. The software sets a cookie on the user's computer (for cookies see above). If
individual pages of our website are called up, the following data is stored:
(1) Two bytes of the IP address of the user's calling system
(2) The accessed web page
(3) The website from which the user has reached the accessed website (referrer)
(4) The subpages that are called from the called web page
(5) The length of stay on the web site
(6) The frequency of the call of the web page
The software runs exclusively on the servers of our website. A storage of the personal data of the users takes place only there. The data will not be passed on to third parties.
- We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software sets a cookie on the user's computer (for cookies see above). If individual pages of our website are called up, the following data is stored:
uses products and services for analysis and marketing purposes, which are provided by Visable GmbH (www.visable.com) in cooperation with them. To that end, pixel-code technology is used to collect, process and store data in order to create at least pseudonymised, but where possible and sensible, completely anonymous user profiles. Data collected, which may initially still include personal data, is transmitted to Visable or is collected directly by Visable and is used to create the aforementioned user profiles there. Visitors to this website are not personally identified and no other personal data is merged with the user profiles. If IP addresses are identified as personal, they are immediately deleted. You can object to the processing operations (Note: Link sets a 1st-party cookie for an opt-out) described with future effect at any time.
- Google (Re-)Marketing Services
- On the basis of safeguarding our legitimate interests (i.e. interest in the analysis, optimisation and efficient operation of our online services in the meaning of Art. 6 Para. 1 Letter f) GDPR), we use the marketing and remarketing services (abbreviated to "Google Marketing Services") of Google, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, ("Google").
- Google is certified under the Privacy Shield Framework, thereby guaranteeing compliance with European data privacy laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Google Marketing Services enable us to show more targeted advertisements for and on our website, so that our users are only shown advertisements which are potentially more likely to interest them. For example, if a user is shown advertisements for products in which he has shown interest on other websites, this is known as "remarketing". For this purpose, when a user visits our website or another website on which Google Marketing Services are active, a Google code is directly executed by Google, automatically linking "(re)marketing tags" (invisible graphics or codes, also known as "web beacons") to the website. With the help of these tags, an individual cookie is placed on the user’s device i.e. a small file is stored there (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records the websites the user has visited, the content he has shown interest in and the offers he has clicked on; the file also records technical information about the browser and operating system, referring websites, length of visit and other information on usage of the online services. The user’s IP address is also recorded, although we inform Google Analytics that the IP address must be abbreviated within EU Member States or in other states that are party to the EEA Agreement, and may only be transmitted in its entirety to a Google server and abbreviated there in exceptional cases. The IP address is not merged with any of the user’s other data in other Google services. The information stated above can also be linked by Google to similar information from other sources. When the user subsequently visits other websites, he may be shown targeted advertisements corresponding to his interests.
- User data are processed pseudonymically within the framework of Google Marketing Services. For example, Google does not store and process the user’s real name or e-mail address, but processes the relevant data related to the cookie within the context of pseudonymous user profiles. In other words, from Google’s point of view the advertisements are not managed for and shown to a specific, identifiable individual, but for the cookie owner, irrespective of his or her identity. This does not apply if a user has explicitly allowed Google to process these data with pseudonymisation. The information collected about the user by Google Marketing Services is transmitted to Google and stored on Google’s servers.
- One of the Google Marketing Services we use is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie", so cookies cannot be traced via the websites of AdWords customers. The information collected with the help of the cookie is used to create conversion statistics for AdWords customers who have chosen the conversion tracking option. These AdWords customers receive information on the total number of users who have clicked on their ad and been redirected to a website with a conversion tracking tag. However, they are not given any information which would enable them to identify individual persons.
- We may also use the "Google Optimizer" service. Google Optimizer enables us, in the context of what is known as "A/B-Testing", to ascertain the effects of various website modifications (e.g. changes to entry fields, design etc.). Cookies are placed on users’ devices for the purposes of these tests, which only process pseudonymous user data.
- In addition, we may use "Google Tag Manager" to integrate and manage Google analysis and marketing services in our website.
- 8. You can find an overview of how Google uses data for marketing purposes at: https://policies.google.com/technologies/ads?hl=en, the Google Data Privacy Statement can be viewed at: https://policies.google.com/privacy?hl=en.
- Wenn Sie der interessensbezogenen Werbung durch Google-Marketing-Services widersprechen möchten, können Sie die von Google gestellten Einstellungs- und Opt-Out-Möglichkeiten nutzen: http://www.google.com/ads/preferences.
- The paragraphs below contain information on the content of our Newsletter and how to register for it, the transmission and statistical evaluation process, and your right of objection. By subscribing to our Newsletter, you consent to receiving it and to the procedures and processes described.
- Content of the Newsletter: We only send the Newsletter, e-mails and other electronic notifications containing advertising information (hereafter called "Newsletter") if we have the consent of the respective recipients or legal permission. If concrete details of the content of a Newsletter are given in the context of user registration, they are deemed to be binding for the purposes of obtaining the user’s consent. Otherwise, our Newsletter contains information on our products, offers, services, campaigns and the company in general.
- Double opt-in and logging: registration for our Newsletter is a double opt-in process. After submitting your registration application, you will receive an e-mail requesting you to confirm your registration. This confirmation is required to safeguard against unauthorised persons registering under an e-mail address that does not belong to them. Newsletter registrations are logged as a means of recording the registration process in accordance with legal requirements. The data logged include the date and time of registration and confirmation, and details of the IP address. Any amendments you make to the data stored by the service provider who sends out the Newsletter are also logged.
- Newsletter Tool
- This website uses SendinBlue to send out Newsletters. The service provider is SendinBlue SAS – Politique de confidentialité 55, rue d’Amsterdam 75008 Paris, France.
- SendinBlue is a service with which, among other services, the despatch of Newsletters can be organised and analysed. The data that you enter in connection with your Newsletter subscription are stored on SendinBlue servers in Germany.
- If you do not want SendinBlue to carry out analyses, you must unsubscribe from the Newsletter. Every Newsletter notification provides a corresponding link to cancel your subscription. It is also possible to cancel your subscription to the Newsletter directly on the website.
- Data analysis by SendinBlue
- SendinBlue helps us to analyse our Newsletter campaigns. For example, the analysis enables us to see whether a Newsletter has been opened and which links, if any, have been clicked on. In this way, we can ascertain which links attract a particularly high number of clicks.
- We can also see whether certain pre-determined activities have taken place after opening/clicking on the Newsletter (conversion rate). We can see, for example, whether you have made a purchase after clicking on the Newsletter.
- SendinBlue also enables us to assign Newsletter recipients to different categories ("clustering"). Newsletter recipients can be classified, for example, by categories such as age, gender or place of residence. In this way, we can adapt Newsletters more specifically to their respective target groups.
- Please click on the following link for more information on the functions of SendinBlue: https://www.sendinblue.com/features/.
Data is processed on the basis of your consent (Art. 6 Para. 1 Letter a) GDPR). You can revoke this consent at any time. Revocation of consent does not affect the legitimacy of any data processing activities that have already taken place.
- Conclusion of an agreement on contract data processing We have concluded an agreement with SendinBlue under the conditions of which they are obliged to protect our customers’ data and not transmit them to third parties.
- Links to third-party services and content
- As a means of safeguarding our legitimate interests (i.e. interest in the analysis, optimisation and efficient operation of our online services in the meaning of Art. 6 Para. 1 Letter f) GDPR), we use third-party services or content (hereafter jointly referred to as "content") on our website to provide links to videos or fonts. One precondition for the use of this content is that the third-party providers of the content are aware of the users’ IP addresses, as the providers could not send the content to users’ browsers without knowing their IP addresses. The IP address is therefore essential for displaying this content. We try to use only content from providers who only use the IP address to deliver the content. Furthermore, third-party providers can also use what are known as pixel tags (invisible graphics that are also called "web beacons") for statistical or marketing purposes. These pixel tags allow information such as visitor traffic on the pages of this website to be evaluated. The pseudonymized information can also be stored in cookies on the user’s device and contain, among other data, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online services, as well as enabling a link to similar information from other sources.
- The following table presents an overview of third-party providers and their content, including links to
their Data Privacy Statements which provide further details about data processing and, as in part
already mentioned here, contain information about opt-out possibilities:
- If customers use third-party payment services (such as PayPal), the terms & conditions and data privacy policies of the respective third-party providers apply, which can be viewed on their respective websites or in their transaction applications.
- External fonts from Google, https://www.google.com/fonts ("Google Fonts"). The link to Google Fonts is created by calling a Google server. Data Privacy Statement: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
- Maps provided by the service "Google Maps" of third-party provider Google, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data Privacy Statement: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
- Videos on the platform "YouTube" from third-party provider Google, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data Privacy Statement: https://www.google.com/policies/privacy/, opt-out: https://www.google.com/settings/ads/.
- User rights
- Users have the right to request information from us at any time, free of charge, about their personal data stored by us.
- Users also have the right to have incorrect data rectified, to restrict its processing and to have data erased where appropriate, to assert their right to data portability and, in the event of a presumed breach of data processing regulations, to lodge a complaint with the competent supervisory authority.
- In addition, users can revoke their consent, generally with future effect.
- Deletion of Data
- Data stored by us are deleted as soon as they are no longer required for their original purpose and their deletion does not contravene any statutory data retention requirements. If user data are not deleted because they are required for other lawful purposes, their processing will be subject to restrictions i.e. they will be blocked and not used for other purposes. This applies, for example, to user data that must be retained for commercial or fiscal purposes.
- Pursuant to statutory requirements, stored data must be retained for 6 years under the terms of § 257 Para. 1 HGB (German Commercial Code) in the case of trading books, stock inventories, opening balances, annual financial statements, commercial letters, booking vouchers etc.) or 10 years under the terms of § 147 Para. 1 AO (German Fiscal Code) for accounts, financial reports, status reports, booking vouchers, trade and business letters, documents which are relevant for tax assessment etc.
- Withdrawal of consent
- Users can withdraw their consent to the future processing of their personal data at any time in accordance with the relevant legal provisions. Consent can be withdrawn particularly with regard to the processing of data for direct advertising purposes.
- Amendments to the Data Privacy Statement
- We reserve the right to amend this Data Privacy Statement to bring it into line with changes to the legal situation, the service(s) provided or data processing requirements. However, this only applies with regard to statements on data processing. In the event that user consent is required or parts of the Data Privacy Statement contain elements that regulate the contractual relationship with the user, amendments will only be made with the user’s consent.
- Users are requested to review the information contained in the Data Privacy Statement at regular intervals.