Data Privacy Statement
of Eckes-Granini Group GmbH
Status April 2024
Eckes-Granini Group GmbH (hereinafter referred to as "Eckes-Granini") operates the website (hereinafter referred to as the "website") available under the domain "www.eckes-granini.com" as well as mobile applications within external online presences, such as social media profiles (hereinafter collectively referred to as "online offer"). In the following, we inform you about the collection of personal data when using this website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.
The responsible body according to Art. 4 No. 7 GDPR is:
Eckes-Granini Group GmbH
Ludwig-Eckes-Platz 1
DE-55268 Nieder-Olm
service-granini@eckes-granini.de
All requests for information, correction and deletion, objections or revocations of consent, the assertion of the right to restriction of processing or the right to data portability, as well as comments or questions from the user regarding data protection, should be sent to this address.
Your data will be collected, processed and used in accordance with the provisions of data protection law, in particular the General Data Protection Regulation (GDPR) and if applicable, in accordance with national laws. The processing of personal data is carried out on the basis of the following legal bases of the GDPR. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the data privacy statement.
If the data subject has given consent to the processing of personal data concerning a specific purpose or purposes - consent (Art. 6 para. 1 p. 1 lit. a) GDPR).
If the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures - performance of the contract and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) GDPR).
If the processing is necessary for compliance with a legal obligation to which we are subject- legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR) -.
If the processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party and is not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data - legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
1. Collection of personal data for informational use
(1) If you use the website for information purposes only, i.e. if you do not log in to use the website, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. These are:
IP address
Date and time of the request
Timezone difference zur Greenwich Mean Time (GMT)
Content of the request (specific page)
Acess Status /HTTP-Statuscode
Amount of data transferred in each case
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software.
(2) Furthermore, cookies may be stored on your computer when using the website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which certain information flows to the site that sets the cookie (in this case, us). A cookie typically contains the name of the domain from which the cookie originates, the "lifetime" of the cookie, and a value, usually a randomly generated unique number. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall. Cookies are only used by us in accordance with the statutory provisions. This means that we always obtain revocable consent, unless it is not required by law. This applies in particular if the storage and reading of information, including cookies, is absolutely necessary in order to be able to make our online offer available.
We process personal data with the help of cookies onvarious legal bases. If consent has been obtained, the legal basis of the processing is the declared consent. If no consent has been given and the cookies are necessary, the data processed with the help of these cookies will be processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and improvement of its usability) or, if this is done in the context of the fulfilment of our contractual obligations, to fulfill our contractual obligations. We will explain the purposes for which the cookies are processed by us in the course of this privacy policy or in the context of our consent and processing processes.
To manage the cookies and your consent to this, we use a solution from Papoo Software & Media GmbH. As part of order processing, we therefore transmit personal data (consent data) to Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany as a processor. By consent data we mean the following data: date and time of the visit or consent / refusal, device information. The processing of the data is carried out for the purpose of complying with legal obligations (obligation to provide evidence pursuant to Art. 7 para. 1 GDPR) and the associated documentation of consents and thus on the basis of Art. 6 para. 1 lit. c) GDPR. Local storage is used to store the data. The consent data will be stored for 3 years. The data is stored in the European Union. Further information on the collected data and contact details can be found under https://www.ccm19.de/en/privacyclarification.html. Details of the cookies used and the possibility to consent to the use of cookies can be found in the consent settings. There you can also revoke your consent.
2. Collection of personal data for personalized use
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do this, you will usually have to provide further personal data, which we will use to provide the respective service. If additional voluntary information is possible, it will be marked accordingly. We only collect, process and use the personal data that is necessary for your use of the website and/or the fulfilment of a contract concluded with us or that you provide yourself. In particular this involves the following inventory data and usage data, which may be transmitted via forms on our website:
Company
Name (consisting of salutation, title, first name, last name and gender)
Address
Telephone number
Fax number
E-mail address
Date of birth
Registration and login data of the user
Sales tax identification number (optional)
(2) Inventory data and usage data will be used by us to establish, design, change or terminate a contractual relationship with you, if necessary, in order to fulfill our contractual obligations, to log the user to the website, and to contact you if requested by you or necessary within the scope of the contractual relationship or permitted by law.
The personal data is stored and processed within the European Union, with the exception of the data collected by the third-party providers mentioned below.
3. Deletion of the Data
Unless otherwise described in this data privacy statement or in the case of data processing via the contact form provided on the website, we will only store your data for as long as we need your data, e.g. to process a request you have submitted to us. Your personal data will therefore be deleted after your request has been processed, unless otherwise agreed. Inventory data will be deleted two years after termination of the contractual relationship at the end of the calendar year unless longer storage is necessary and legally permissible.
4. Anonymous statistical analysis of the user data
We are entitled to create user profiles using pseudonyms for the purposes of advertising, market research or for the needs-based design of the website, unless you object to this. In particular we analyse the usage data anonymously for statistical purposes in order to design the website according to requirements. You can object to this use of your personal data by notifying us.
5. Use of Google Analytics
(1) We use Google Analytics to measure and analyze the use of our website on the basis of a pseudonymous user identification number. The user identification number is used to assign analysis information to a terminal device in order to identify which content the users of the terminal have accessed within one or more usage processes, which search terms they have used, accessed them again or have interacted with our website online offer when and for how long, without unique data, such as names or e-mail addresses. Pseudonymous profiles of users are created with information from the use of different devices, whereby cookies can be used. Google Analytics does not log or store individual IP addresses for users from the EU. However, Google Analytics provides rough geographical location data derived from the structure of the IP address. In the case of users from the EU, the IP address data will be used exclusively for this derivation of geolocation data before it is deleted. When Google Analytics collects metrics, all IP queries are performed on EU-based servers before traffic is routed to Analytics servers outside the EU for processing.
(2) The service provider of Google Analytics is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://marketingplatform.google.com/about/analytics/). The data privacy statement can be found under https://policies.google.com/privacy. We concluded an data processing agreement with Google Ireland Limited, the content of which you can view here: https://business.safety.google/adsprocessorterms. The basis for the transfer to third countries is the EU-US Data Privacy Framework (DPF) and standard contractual clauses (https://business.safety.google/adsprocessorterms). You can object to this use of your personal data as follows: Opt-Out-Plugin: ttps://tools.google.com/dlpage/gaoptout?hl=en; Settings for the display of advertisements: https://adssettings.google.com/authenticated. For more information about Google Analytics, the types of processing and the data processed, please see https://privacy.google.com/businesses/adsservices
6. Google Consent Mode
We use Google Consent Mode on our website, a function provided by Google that enables us to ensure compliance with data protection regulations and cookie consent regulations. Google Consent Mode enables us to take your consent settings into account, particularly in connection with the use of Google products such as Google Analytics and Google Ads.
Google Consent Mode works by collecting information about whether you have consented to the use of cookies and other tracking technologies on our website. Based on this information, Google Analytics will collect and send data from your current session or not.
If you have not consented to the use of cookies, no information about your online activities will be passed on to Google Analytics or Google Ads.
7. Friendly-Captcha
We use the "Friendly Captcha" service on our website (www.friendlycaptcha.com). This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.
Friendly Captcha is a new type of privacy-friendly security solution to make it increasingly difficult for automated programs and scripts (so-called "bots") to use our website. For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's end device can establish a connection to Friendly Captcha's servers in order to receive a computational task from Friendly Captcha. The visitor's end device solves the computational task, which requires certain system resources, and sends the computational results to our web server. Our server contacts the Friendly Captcha server via an API and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, further process or reject them. The data is used exclusively for the protection against spam and bots as described above.
Friendly Captcha does not set or read cookies on the visitor's end device. IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person.
If personal data is stored, this data will be deleted after 30 days.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in protecting our website against abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests).
Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
8. Integration of third-party services
(1) We have integrated YouTube videos into our online offering, which are stored on www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transfer. We have also integrated content from the following third-party providers on this website: Google Maps.
(2) By visiting the website, the third-party provider receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under 1.(1) of this declaration will be transmitted. This takes place regardless of whether this third-party provider provides a user account through which you are logged in or whether no user account exists. If you are logged in to the plug-in provider, this data will be assigned directly to your account. If you do not wish to be associated with your profile with the third-party provider, you must log out before activating the button.
(3) The third-party provider stores this data as user profiles and uses it for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to provide needs-based advertising. You have the right to object to the creation of these user profiles, whereby you must contact the respective third-party provider to exercise this right.
(4) Further information on the purpose and scope of the data collection and its processing by the third-party provider can be found in the data privacy statements of these third-party providers provided below. There you will also find further information about your rights in this regard and setting options to protect your privacy.
(5) Addresses of the respective providers and URL with their data privacy statements:
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl.
9. Subcontractors
We use subcontractors as part of the processing of personal data and conclude a contract with these processors in accordance with the requirements of Art. 28 GDPR.
The following is used as subcontractor for hosting the website:
Deutsche Telekom MMS GmbH
Riesaer Straße 5
DE-01129 Dresden
https://www.telekom-mms.com/
10. Presence in social networks (social media)
As part of our online presence within social networks, we process data of the users active there. Personal data may also be processed outside the European Union. This can result in risks for the users because it could, for example, make it more difficult to enforce the rights of the users. Furthermore, user data is usually processed within social networks for market research and advertising purposes. For a detailed description of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data privacy statements and information provided by the operators of the respective networks.
Requests for information and the assertion of data subject rights can most effectively be asserted with the providers themselves. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.
11. Protection of personal data
We take technical and organizational measures in accordance with the data protection requirements to protect the user's personal data. All our employees who are involved in the processing of personal data are obliged to maintain data secrecy and are trained accordingly. The user's personal data is encrypted using HTTPS when transmitted to the website.
12. Rights of data subjects
The user and other data subjects may demand from us the following rights in respect of their personal data under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
Right of access to the personal data concerned (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure ('right to be forgotten') (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to object to processing if data processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR (Art. 21 GDPR): see also the following reference to the right of objection pursuant to Art. 21 GDPR
Right to data portability (Art. 20 GDPR)
Right to revoke a given consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation, if the data processing is based on consent pursuant to Art. 6 (1) (a) or Article 9 (2) (a) GDPR
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us (Art. 77 GDPR).
Reference to the right of objection according to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is related to such direct marketing.
13. Data protection supervisory authority and right of appeal
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the provisions of the GDPR. The data protection supervisory authority responsible for us is:
Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz
Telephone: +49 (0) 6131 208-2449
Fax: +49 (0) 6131 208-2497
Website: https://www.datenschutz.rlp.de/
E-mail: poststelle@datenschutz.rlp.de
14. Data Protection Officer
You can contact our data protection officer at privacy@eckes-granini.com or our postal address with the addition "The data protection officer".
15. Updates to this Privacy Policy
From time to time, it is necessary to adapt the content of this privacy policy. We therefore reserve the right to change them at any time. We will post it in the same place as this Privacy Notice.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and that the information should be checked before contacting us.