Privacy Policy in accordance with the General Data Protection Regulation (GDPR)

 

I.   Name and address of the controller

ELIOG Industrieofenbau GmbH
Käthe-Kollwitz-Straße 10
98631 Römhild, Germany

 

 

II.  General information about data processing

1.   What personal data do we process and for what is it used? We collect and use your personal data (e.g. name, address) generally only inasmuch as is necessary to provide a functional website as well as our content and services.

 

2.   On which legal basis do we process your personal data? The legal basis for the processing of personal data is Art. 6 Para. 1 lit. a – f GDPR.

 

3.   How long are your personal data stored and/or when are they deleted? Your personal data is deleted or made unavailable as soon as the purpose for storing the data no longer applies. The data can also be stored if this has been provided for by the European or national legislator in union law regulations, laws, or other provisions to which the controller is subject.

 

4.    What rights do you have?You have the following rights with regard to the personal data relating to you:

–       Right to access
–       Right to rectification or erasure
–       Right to restriction of processing
–       Right to data portability
–       Right to object to the processing

You also have the right to complain about the processing of your personal data to a data protection supervisory authority.

 

III.  Provision of the website and creation of log files

1.   What personal data do we process? Every time our website is called up, our system collects automated data and information from the requesting computer’s computer system. The following data are collected:

–       Information about the browser type
–       The user’s operating system
–       The user’s internet service provider
–       The user’s IP address
–       Date and time of access
–       Websites, from which the user’s system reached out website
–       Websites, opened by the user’s system via our website

The data are also saved in our system’s log files. Unaffected by this are the user’s IP addresses or other data that enables the linking of the data to a user. These data are not saved together with any other personal data of the user.

 

2. On which legal basis do we process your personal data?  The legal basis for the temporary storage of data is Art. 6 Para. 1 lit. f GDPR.

 

3. Why do we use your personal data? t is necessary for our system to temporarily save the IP address in order to enable the provision of the website on the user’s computer. For this purpose, the user’s IP address must remain saved for the duration of the session. The data are saved in log files in order to ensure the functionality of the website. In addition, we use the data to optimize the website and ensure the security of our information technology systems. In this context, the data are not evaluated for marketing purposes. These purposes are also our legitimate interests in data processing according to Art. 6 Para. 1 lit. f GDPR.

 

4. How long are your personal data stored and/or when are they deleted? The data are deleted as soon as they are no longer required for the purpose for which they were collected. This is the case, if the data were collected for the purpose of providing the website, when the respective session is ended. This is the case, if the data are stored in log files, after seven days at the latest. Further storage of data is possible. In this case, the user’s IP addresses will be deleted or masked so that it is no longer possible to reference the accessing client.

 

5.   Can I object to my personal data being processed?  The collection of data for provision of the website and storage of the data in log files is absolutely necessary for operation of the website. As a result, the user does not have the option of objecting.

 

IV. Use of cookies

Our website uses cookies. Cookies are text files that are saved in the internet browser or by the internet browser on the user’s computer system. When a user visits a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic sequence of characters that enables clear identification of the browser when the website is visited again.

 

1. What personal data do we process? We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even after switching sites. We also use cookies on our website that enable analysis of the user’s surfing behavior. When our website is visited, the user is informed of the use of cookies for analysis purposes and their consent is obtained to process the personal data used in this context. In this context there is also a reference to this Privacy Policy.

 

2. On which legal basis do we process your personal data? The legal basis for processing personal data using technically necessary cookies is Art. 6 Para. 1 lit. f GDPR. The legal basis for processing personal data using cookies for analysis purposes with the existence of the user’s consent to this is Art 6. Para. 1 lit. a GDPR.

 

3. Why do we use your personal data? The purpose of using technically necessary cookies is to make use of the website easier for the user. Certain functions of our website cannot be offered without the use of cookies. It is necessary that the browser is recognized even after changing websites. The user data collected by technically necessary cookies are not used to create user profiles. Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies we find out how the website is used and can therefore continuously optimize our offer.

 

4. How long are your personal data stored and/or when are they deleted? Cookies are saved on the user’s computer and are transferred from there to our site. Therefore, as the user, you have full control of the use of cookies. By changing your internet browser settings, you can disable or limit the transfer of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it is possible that not all functions of the website can be used in their fully.

 

 V. Contact form and email contact

1.     What personal data do we process?
There is a contact form on our website that can be used to make contact electronically. If a user uses this option, the data entered in the input screen are transferred to us and stored. These data are:

–       Name
–       Address
–       Phone number
–       Email address
–       Your message to us

At the moment when the message is sent the following data are also saved:

–       IP address of the user
–       Date and time sent

Your consent to the processing of the data is obtained as part of the sending process and this Privacy Policy is referred to.

Alternatively, it is also possible to make contact using the email address provided. In this case, the user’s personal data transferred with the email are stored.

The data are not forwarded to third parties in this context. The data are used exclusively to process the conversation.

 

2.  On which legal basis do we process your personal data? The legal basis for processing the data with the user’s consent is Art. 6 Para. 1 lit. a GDPR. The legal basis for processing the data that are transferred with the sending of an email is Art. 6 Para. 1 lit. f GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing of data is Art. 6 Para. 1 lit. b GDPR.

 

3. Why do we use your personal data? The processing of personal data from the input screen is for the sole purpose of making contact. If contact is made via email, a necessary legitimate interest in processing the data also exists here. The other personal data processed during the sending of the email serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

4. How long are your personal data stored and/or when are they deleted? The data are deleted as soon as they are no longer required for the purpose for which they were collected. This is the case for personal data from the contact form’s input screen and the data that is sent by email, when the respective conversation with the user has ended. The conversation is ended when it is apparent from the circumstances that the issue at hand has been conclusively clarified.

 

5.  Can I object to my personal data being processed? The user has the option to revoke their consent to the processing of the personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time without stating reasons, as per Art. 21 GDPR. In such a case, the conversation cannot be continued.

All personal data that were saved as part of making contact are deleted in this case.

 

VI.  Use of social media plug-ins

We use the two-click solution. This means that when you visit our site, as a rule no personal data are forwarded to the plug-in provider initially. The plug-in provider can be recognized by the label on the box above their initial letters or by the logo. We give you the option of communicating directly with the plug-in provider via the button. The plug-in provider receives the information that you have visited the corresponding website of our online offer, only if you click on the marked field, thereby enabling it.

 

1. Data protection provisions concerning the use Facebook

Plug-ins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our website. You can recognize the Facebook plug-ins by the Facebook logo or the “Like” button on our website. You can find an overview of the Facebook plug-ins here: https://developers.facebook.com/docs/plugins/. When you visit our website, a direct connection is established between your browser and the Facebook server via the plug-in. Facebook is thereby informed that you visited our website with your IP address. When you click on the Facebook “like” button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This way Facebook can link the visit to our website to your user account. Please log out of your Facebook user account if you do not want Facebook to be able to link your visit to our website to your Facebook user account.

Facebook page
This data protection information applies to data processing by:

ELIOG Industrieofenbau GmbH
Käthe-Kollwitz-Straße 10
98631 Römhild , Thuringia, Germany

https://de-de.facebook.com/ELIOG-Industrieofenbau-GmbH-751077925051097

The controller uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland, for the information service offered here. You use the offered functions (e.g. commenting, sharing, rating) on your own responsibility.

What information is collected?
When visiting our Facebook page, Facebook automatically collected various information. What information Facebook ultimately collects is unknown to us. This information is collected whether you have a Facebook account or not or if you are logged into your Facebook account at the time of your visit. You can view the information collected by Facebook at https://www.facebook.com/about/privacy/update?ref=old_policy: “What type of information do we collect?”.

Linking the visit to our Facebook page to your Facebook account

On accessing a Facebook page, the IP address assigned to your terminal device is sent to Facebook. According to Facebook, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. In addition, Facebook also stores information about its users’ terminal devices (for instance, as part of the “Login notification” function); this may also enable Facebook to link IP addresses to individual users. If you as a user are currently logged into Facebook, there is a cookie on your terminal device with your Facebook ID. This enables Facebook to trace that you have visited this page and how you used it. This also applies to all other Facebook pages. It is possible for Facebook to record your visits to these website pages and link them to your Facebook profile via the Facebook buttons that are integrated on websites. Based on this data, individually tailored content or advertising can be offered to you. You can find more information about this at: https://www.facebook.com/policies/cookies/
If you would like to prevent this, you should log out of Facebook and/or disable the “Keep me logged in” function, delete the cookies that are present on your device, exit your browser and then restart it. In this way, Facebook information that could directly link your account to your visit to our site is deleted. Afterwards, you can use our Facebook page without your Facebook ID being disclosed. When you access the page’s interactive functions (like, comments, share, messages, etc.), a Facebook login screen appears. After logging in, you are once again identifiable by Facebook as a specific user.
Legal basis of the data processing


Legal basis of the data processing Facebook specifies the legal basis for data processing at https://www.facebook.com/about/privacy/update?ref=old_policy “What is our legal basis for processing data?”

How is the collected information used? The named data are processed by Facebook for the reasons named at https://www.facebook.com/about/privacy/update?ref=old_policy (“How do we use this information?”) and are potentially transferred to countries outside of the European Union.

Facebook Insights
Some of the information collected by Facebook is used to provide us, as the operator of the Facebook page, with statistical information about use of the Facebook page (“Facebook Insights”). Facebook provides further information on this at: http://de-de.facebook.com/help/pages/insights
We only receive this statistical information in anonymized form and therefore assume that the use of this data does not involve a data processing process that falls under the scope of the GDPR. Nonetheless, with its decision dated 05/06/2018 (ECJ C-210/16), the ECJ ruled that the operator of a Facebook page is jointly responsible for the collection of data as part of the Facebook Insights service. Since we currently cannot exclude joint responsibility for the collection of data for this reason, we would like to fulfill our information duties in the following way, insofar as technically possible. We use Facebook Insights on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR. By using the service, we would like to ensure a needs-based design and ongoing optimization of our Facebook page. In addition, we use the service to evaluate statistically the use of our Facebook page for the purpose of optimizing our offer for you. These interests are considered legitimate in line with the regulation named above.

What rights do you have? You have the right to access, rectification, portability and/or erasure of your data. You can view your precise rights at https://www.facebook.com/about/privacy/update?ref=old_policy “How can you exercise the rights granted to you pursuant to GDPR?”. If you exercise your rights with regard to data collection in conjunction with Facebook Insights, we will forward your request to Facebook since we do not have the technical options and authority to follow through completely with your request.

 

2. Data protection provisions concerning the use of YouTube

Our website uses plug-ins of the YouTube website operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you use the YouTube plug-in a link is made to the YouTube servers. The YouTube server is notified which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly link your surfing behavior to your personal profile. You can prevent this by logging out of your YouTube account.

We do not have any influence on the collected data and data processing processes, nor do we know the full extent of the data collection, the purposes of the processing or the storage periods. We also have no information on deletion of the collected data by the plug-in provider.

Further information on the purpose and extent of data collection and their processing by the plug-in provider is available in the privacy policies of this provider named in the following. There you will also obtain further information on your associated rights and setting options to protect your privacy.

–       [Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework..

–       YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. www.google.de/intl/de/policies/privacy

 

3. Data protection provisions concerning the use of Google+

The controller has integrated the Google+ button as a component on this website. Google+ is a so-called social network. A social network is a social meeting point operated on the internet, an online community, which generally enables users to communicate with each other and to interact virtually. A social network can serve as a platform for the exchange of opinions and experiences or enables the internet community to provide personal or business-related information. Among other things, Google+ enables users of the social network to create personal profiles, to upload photos and to network via friend requires.

The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA

Every time one of the individual pages of this website is called up, which is operated by the controller and on which a Google+ button has been integrated, the internet browser of the data subject’s information technology system is automatically prompted by the respective Google+ button to download a representation of the corresponding Google+ button from Google. As part of this technical procedure, Google is informed about which specific sub-page of our website is visited by the data subject. More precise information on Google+ is available at https://developers.google.com/+/.
If the data subject is logged into Google+ at the same time, Google recognizes every time the data subject visits our website and which specific sub-page of our website the data subject is visiting during the entire duration of the respective visit to our website. This information is collected by the Google+ button and is linked by Google to the respective Google+ account of the data subject.

If the data subject operates one of the Google+ buttons integrated on our website and thus gives a Google+1 recommendation, Google links this information to the personal Google+ user account of the data subject and saves these personal data. Google stores the Google+1 recommendation of the data subject and makes this publicly accessible in accordance with the associated conditions accepted by the data subject. A Google+1 recommendation given by the data subject on this website is subsequently stored and processed together with other personal data, such as the name of the Google+1 account used by the data subject and the photo stored in it in other Google services, for example, the search engine results of the Google search engine, the Google account of the data subject or in other places, for example, on websites or in conjunction with ads. Furthermore, Google is able to link the visit to this website with other personal data stored by Google. Google also records this personal information with the purpose of improving or optimizing the different services of Google.

Google always receives information via the Google+ button that the data subject visited our website if the data subject is logged into Google+ at the same time as visiting our website; this happens irrespective of whether the data subject clicks the Goggle+ button or not

If the data subject does not want their personal data to be transmitted to Google, they can prevent such a transmission by logging out of their Google+ account before visiting our website.

Further information on Google’s relevant data protection provisions is available at https://www.google.de/intl/de/policies/privacy/. Further information from Google on the Google+1 button is available at https://developers.google.com/+/web/buttons-policy.

 

4. Data protection provisions concerning the use of Instagram

The controller has integrated components of the Instagram service on this website. Instagram is a service that can be qualified as an audio-visual platform and enables users to share photos and videos and to also distribute such data in other social networks.

The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Every time one of the individual pages of this website is visited, which is operated by the controller, and on which an Instagram component has been integrated (Insta button), the internet browser of the data subject’s information technology system is automatically prompted by the respective Instagram component to download a representation of the corresponding component from Instagram. As part of this technical procedure, Instagram is informed about which specific subpage of our website is visited by the data subject.

If the data subject is logged into Instagram at the same time, Instagram recognizes which specific subpage the data subject visits every time our website is visited by the data subject and during the entire duration of their respective stay on our website. This information is collected by the Instagram component and is linked by Instagram to the respective Instagram account of the data subject. If the data subject operates one of the Instagram buttons integrated on our website, the data and information transferred are linked to the personal Instagram user account of the data subject and are saved and processed by Instagram.

Instagram always receives information that the data subject visited our website through the Instagram component if the data subject is logged into Instagram at the same time as visiting our website; this happens irrespective of whether the data subject clicks the Instagram component or not. If the data subject does not want such transmission of this information to Instagram, they can prevent the transmission by logging out of their Instagram account before visiting our website.

Further information and the relevant data protection provisions of Instagram are available at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

 

5. Data protection provisions concerning the use of Pinterest

The controller has integrated components of Pinterest Inc. on this website. Pinterest is a so-called social network. A social network is a social meeting point operated on the internet, an online community, which generally enables users to communicate with each other and to interact virtually. A social network can serve as a platform for the exchange of opinions and experiences or enables the internet community to provide personal or business-related information. Pinterest enables users of the social network, among other things, to publish photo collections and individual photos as well as descriptions on virtual pinboards (so-called pinning), which can then in turn be shared by other users (so-called repinning) or commented on.

The operating company of Pinterest is Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA.

Every time one of the individual pages of this website is visited, which is operated by the controller and on which a Pinterest component has been integrated (Pinterest plug-in), the internet browser of the data subject’s information technology system is automatically prompted by the respective Pinterest component to download a representation of the corresponding Pinterest component from Pinterest. More information on Pinterest is available at https://pinterest.com/. As part of this technical procedure, Pinterest is informed about which specific subpage of our website is visited by the data subject.

If the data subject is logged into Pinterest at the same time, Pinterest recognizes every time the data subject visits our website and which specific subpage of our website the data subject visited during the entire duration of their respective stay on our website. This information is collected by the Pinterest component and is linked by Pinterest to the respective Pinterest account of the data subject. If the data subject operates a Pinterest button integrated on our website, Pinterest links this information to the personal- user account of the data subject and stores these personal data.

Pinterest always receives information that the data subject has visited our website through the Pinterest component if the data subject is logged into Pinterest at the same time as visiting our website; this happens irrespective of whether the data subject clicks the Pinterest component or not. If the data subject does not want such transmission of this information to Pinterest, they can prevent the transmission by logging out of their Pinterest account before visiting our website.

The Privacy Policy published by Pinterest, which is available at https://about.pinterest.com/privacy-policy, provides information about the collection, processing, and use of personal data by Pinterest.

 

6. Data protection regulations concerning the use of Twitter

The controller has integrated components of Twitter on this website. Twitter is a multi-lingual publicly accessible micro-blogging service on which users can publish and distribute so-called tweets, which are short messages limited to 280 characters. These short messages can be called up by everyone, even people who are not signed up on Twitter. The tweets are also shown to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. In addition, Twitter makes it possible to address a wide audience via hashtags, links, or retweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Every time one of the individual pages of this website is visited, which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, the internet browser of the data subject’s information technology system is automatically prompted by the respective Twitter component to download a representation of the corresponding Twitter component from Twitter. Further information on the Twitter buttons is available at https://about.twitter.com/de/resources/buttons. As part of this technical procedure, Twitter is informed about which specific subpage of our website is visited by the data subject. The purpose of the integration of the Twitter component is to enable users to distribute process the content of this website, make this website known in the digital world, and increase our visitor numbers.

If the data subject is logged into Twitter at the same time, Twitter recognizes every time the data subject visits our website and which specific subpage of our website the data subject visits during the entire duration of their respective stay on our website. This information is collected by the Twitter component and is linked by Twitter to the respective Twitter account of the data subject. If the data subject presses one of the integrated Twitter buttons integrated on our website, the data and information transferred as a result are linked to the personal Twitter user account of the data subject and are stored and processed by Twitter.

Twitter always receives information that the data subject has visited our website through the Twitter component if the data subject is logged into Twitter at the same time as visiting our website; this happens irrespective of whether the data subject clicks the Twitter component or not. If the data subject does not want such transmission of this information to Twitter, they can prevent the transmission by logging out of their Twitter account before visiting our website.

Twitter’s relevant data protection provisions can be viewed at https://twitter.com/privacy?lang=de 

VII.  Web analysis services

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer and that enable analysis of your use of the website. The information generated by the cookie about your use of this website is generally transferred to a Google server in the USA and is stored there. Should IP anonymization (IP masking) be enabled on this website, however, your IP address will be shortened by Google beforehand within member states of the European Union or in the countries which are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. Google will use this information on behalf of this website’s operator to evaluate your use of the website in order to compile reports about the website activities and to provide the website operator with other services associated with website and internet use. The IP address transmitted from your browser as part of Google Analytics is not merged with other Google data. You can prevent the storage of the cookies with a corresponding setting in your browser software; however, we hereby advise you that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. You can prevent collection by Google Analytics by clicking on the following link. An opt-out cookie is set, which prevents future collection of your data when visiting this website: Deactivate Google Analytics

Sources: Beck-online, Institut für Informations-, Telekommunikations- und Medienrecht, eRecht 24, Privacy policy generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH, which is active as External Data Protection Officer Cologne, in cooperation with Christian Solmecke, Cologne Attorney for Data Protection Law.