We place great value on the protection of your personal data. To this end, we have implemented numerous technical and organisational measures to ensure end-to-end protection in accordance with the applicable EU General Data Protection Regulation (EU Regulation 2016/679, GDPR) and the German Federal Data Protection Act (BDSG).
I Data controller for data processing:
Volmerswerther Straße 41
Telephone +49 (0) 211 / 15 9 25 – 60
Fax +49 (0) 211 / 15 9 25 – 620
Jürgen Platen (Managing Director, CEO)
II Data Protection Officer of the data controller responsible for data processing:
III General information on data processing
1 Scope of the processing of personal data
As a matter of principle, we only process personal data of our users to the extent that is necessary for the provision of a functioning Web site as well as for the provision of our content and services. The processing of personal data of our users is usually only done following the user’s consent. An exception applies in those cases in which it is not possible for practical reasons to obtain consent beforehand and the processing of the data is permitted by law.
2 Legal basis for the processing of personal data
Insofar as we obtain the consent of the person concerned for processing operations of personal data, Section 6 (1) lit. a of the EU Data Protection Regulation (GDPR) constitutes the legal basis.
Section 6 (1) lit. b GDPR forms the legal basis when we process personal data required for the execution of a contract of which the person concerned is a contractual party. This also applies to processing operations that are required for the execution of pre-contractual actions.
Insofar as the processing of personal data is required for compliance with a statutory obligation that our company must comply with, Section 6 (1) lit. c GDPR is the legal basis.
In the event that the vital interests of the person concerned or another natural person require the processing of personal data, Section 6 (1) lit. d GDPR serves as the legal basis.
If processing is required for the protection of a legitimate interest of our company or a third party and the interests, fundamental rights and basic liberties of the person concerned do not outweigh the aforementioned interest, the legal basis is Section 6 (1) lit. f GDPR.
3 Data deletion and storage period
The personal data of the person concerned is deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data can be stored if the storage is provided for by European or German legislative bodies in regulations under EU law, laws or other provisions, with which the data controller must comply. The data is also blocked or deleted if a storage period specified by the aforementioned standards expires, unless there is a necessity to continue to store the data for the purpose of conclusion of a contract or execution of a contract.
4 Data transmission
The transmission of data over the Internet (e.g. when communicating by e-mail) may involve security gaps. As a provider, we cannot completely protect the transmission of data via the Internet since it might be outside the sphere of our control. For this reason, you have the option of transmitting your personal data to us through other communication channels (e.g. by phone or normal mail).
IV Provision of the Web site and creation of log files
1 Description of data processing
With each visit to our Web site, our system automatically registers data and information of the computer system of the visiting computer.
The following data is collected:
– information about the browser (type and version) with which the Web site is visited.
– the operating system of the user
– the Internet service provider of the user
– the IP address of the user
– date and time of access
– Web sites from which the user’s system gets to our Web site
– Web sites that are visited by the user’s system via our Web site
2 Log files
The data specified in Item 1 is also stored in the log files of our system.
This data is never stored together with other personal data of the user.
3 Legal basis of data processing
Section 6 (1) lit. f GDPR constitutes the legal basis for the temporary storage of data and log files.
4 Purpose of the processing of personal data
The provision of the Web site has the purpose of providing information on the activities of ekom gmbh.
4.1 Use of the Web site for information
The temporary storage of the IP address by the system is necessary in order to enable the delivery of the Web site to the user’s computer. For this, the IP address of the user must be stored for the duration of the visit.
The log files are stored so as to ensure the functionality of the Web site.
We also use the data to optimise the Web site and for ensuring the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.
Section 6 (1) lit. f GDPR forms the legal basis of the data processing.
5 Storage period
5.1 Use of the Web site for information
Personal data is only stored for the period necessary for the execution of the purpose of the processing (data minimisation).
The data is deleted as soon as it is no longer required for achieving the purpose of its collection. With respect to data collection for the provision of the Web site, this is the case when the respective visit is finished. With respect to the storage of data in log files, this is the case at the latest after seven days. Longer storage is possible. In this case, the IP addresses of the users are deleted or altered so that no assignment is possible to the visiting client any more.
6 Right of objection
6.1 Use of the Web site for information
The collection of data for provision of the Web site and the storage of data in log files is absolutely necessary for the operation of the Web site.
This means the user has no possibility to object.
6.2 Use of the Web site for contract review and the entry of contract data
In principle, the Web site can be used without giving personal data. If personal data is collected as described above, we assure you that your data will not be disclosed to third parties without your express consent (unless disclosure is required for purposes of law enforcement, the safeguarding of public order or the protection of our systems).
1 Purpose of data processing by means of cookies
Furthermore, cookies are used to improve the quality of our Web site and its content. By using cookies, we learn how the Web site is used; this allows us to optimise our range of offers constantly. The user data collected by cookies is not used for the creation of user profiles.
2 Object of data storage and data transmission by cookies
The following data is stored and transmitted in the cookies:
§ language settings
§ log-in information
§ frequency of site visits
§ use of Web site features
§ search terms entered
The data of users collected by means of cookies is pseudonymised by technical means. Therefore no assignment of the data to the visiting user is possible any more. The data is not stored together with other personal data of the users.
4 Disabling, restriction and deletion of cookies
If cookies for our Web site are disabled, you may no longer be able to use all the features of the Web site to their full extent.
6 Legal basis
Section 6 (1) lit. f GDPR constitutes the legal basis for the processing of personal data using cookies. Section 6 (1) lit. a GDPR constitutes the legal basis for the processing of personal data using cookies for purposes of analysis.
VI Web analysis by Google Analytics
Our Web site uses Google Analytics.
VII Rights of the person concerned
If your personal data is processed, you are a person concerned within the meaning of the GDPR. You have the following rights with respect to the data controller:
1 Right to information
You are entitled to request from the data controller a confirmation on whether personal data concerning you is processed by us. If such a processing exists, you are entitled to request the following information from the data controller:
1.1 the purposes for which the personal data is processed;
1.2 the categories of personal data that is being processed;
1.3 the recipients or categories of recipients to whom the personal data concerning you has been disclosed or will be disclosed;
1.4 the intended storage period for the personal data concerning you or, if specific details are not possible here, criteria for the determination of the storage period;
1.5 the existence of a right to correction or deletion of personal data concerning you; of the right to restriction of processing by the data controller; of a right to an objection to this processing;
1.6 the existence of a right to file a complaint with a supervisory authority;
1.7 all available information on the origin of the data, if the personal data is not collected from the person concerned;
1.8 the existence of an automated decision-making process, including profiling, according to Section 22 (1, 4) GDPR, and – at least in these cases – meaningful information on the logic involved as well as the scope and desired impact of such processing for the person concerned.
You are entitled to demand information on whether the personal data concerning you was transmitted to a third country or an international organisation. You can demand in this context that you be informed of suitable guarantees for the transmission pursuant to Section 46 GDPR.
2 Right to correction
You are entitled to request correction and/or completion from the data controller if the processed personal data concerning you is incorrect or incomplete. The data controller must carry out the correction/completion promptly.
3 Right to restriction of processing
You are entitled to request a restriction of the processing of personal data concerning you under the following circumstances:
3.1 if you dispute the accuracy of the personal data concerning you for a period of time that allows the data controller to check the accuracy of the personal data;
3.2 if the processing is unlawful and you reject the deletion of the personal data and, instead, demand a restriction of the use of the personal data;
3.3 if the data controller no longer needs the personal data for purposes of processing but you need it to assert, exercise or defend legal claims; or
3.4 if you object to the processing in accordance with Section 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of the personal data concerning you was restricted, this data – apart from its storage – is allowed to be processed only with your consent or for the assertion, exercise or defence of legal claims; or for the protection of the rights of another natural or legal person; or for other reasons associated with an important interest of the Union or a Member State.
If the processing was restricted according to the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.
4 Right to deletion
4.1 Obligation to delete
You can request from the data controller that the respective personal data be deleted immediately; then the data controller is obligated to delete this data immediately if one of the following reasons applies:
4.1.1 The personal data concerning you is no longer needed for the purposes for which it was collected or processed in any other way.
4.1.2 You revoke your consent on which the processing in accordance with Section 6 (1) lit. a or Section 9 (2) lit. a GDPR was based, and there is no other legal basis for the processing.
4.1.3 You object to the processing in accordance with Section 21 (1) GDPR, and there are no overriding legitimate reasons for the processing; or you object to the processing in accordance with Section 21 (2) GDPR.
4.1.4 The personal data concerning you was processed unlawfully.
4.1.5 The deletion of the personal data concerning you is required to meet a legal obligation under EU law or the law of the Member States with which the data controller must comply.
4.1.6 The personal data concerning you was collected in terms of offered information society services pursuant to Section 8 (1) GDPR.
4.2 Information to third parties
In the event that the data controller has made public the personal data concerning you and he is obligated under Section 17 (1) GDPR to delete it, the data controller shall take appropriate actions – taking in due consideration the available technology and the costs of implementation – including technical ones in order to inform the persons responsible for data processing, who process the personal data, that you as a person concerned have demanded the deletion of all links to this personal data or any copies and replications of this personal data.
The right to deletion does not apply if processing is required
4.3.1 for the exercise of the right to freedom of expression and information;
4.3.2 for compliance with a legal obligation that requires processing in accordance with the law of the Union or the Member States; or for the exercise of a task that is in the public interest or due to a public authority that was assigned to the data controller.
4.3.3 on grounds of public interest in the field of public health, pursuant to Section 9 (2) lit. h and i as well as Section 9 (3) GDPR;
4.3.4 for archiving purposes that are in the public interest; for purposes of scholarly or historical research; or for statistical purposes pursuant to Section 89 (1) GDPR to the extent that the right specified in Item a) would make the achievement of these goals impossible or would seriously impair it; or
4.3.5 for the assertion, exercise or defence of legal claims.
5 Right to information
If you have asserted your right to correction, deletion or restriction of processing to the data controller, the data controller is obligated to inform all recipients to whom the personal data concerning you was disclosed of this correction or deletion of the data or the restriction of processing, unless this is impossible or would involve disproportionate effort and expenditure.
With respect to the data controller, you have the right to be informed of these recipients.
6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the data controller, in a structured, common and machine-readable format. In addition, you are entitled to transmit this data to another data controller without interference from the original data controller to whom the data was provided if
6.1 the processing is based on consent in the meaning of Section 6 (1) lit. a GDPR or Section 9 (2) lit. a GDPR or on a contract in accordance with Section 6 (1) lit. b GDPR and
6.2 the processing uses automated procedures.
In exercising this right, you are also entitled to seek that the personal data concerning you is transmitted directly from one data controller to another data controller, insofar as this is technically feasible. Liberties and rights of other persons shall not be affected by this.
The right to data portability does not apply to the processing of personal data that is required for the exercise of a task that is in the public interest or is due to a public authority that was assigned to the data controller.
7 Right of objection
For reasons that arise from your specific situation, you have the right to object to the processing of the personal data concerning you that is carried out on the basis of Section 6 (1) lit. e or f GDPR; this also applies to any profiling based on these provisions.
The data controller shall no longer process the personal data concerning you unless he can give proof of reasons worthy of protection for the processing that outweigh your interests, rights and liberties; or if the processing serves for the assertion, exercise or defence of legal claims.
If the personal data concerning you is processed for direct advertising, you are entitled at any time to object to the processing of the personal data concerning you for such advertising purposes; this also applies to profiling insofar as it is connected to such direct advertising.
If you object to processing for purposes of direct advertising, the personal data concerning you will no longer be processed for these purposes.
Regardless of Directive 2002/58/EC, you have the possibility, in the context of the use of information society services, of exercising your right to objection by way of automated procedures for which technical specifications are used.
8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until revocation.
9 Automated decision on a case-by-case basis, including profiling
You have the right not to be subject to a decision that is solely based on automated processing – including profiling – and is legally effective with respect to you or significantly affects you in a similar way. This does not apply if the decision
9.1 is required for the conclusion or execution of a contract between you and the data controller;
9.2 is permitted based on the statutory provisions of the Union or the Member States with which the data controller must comply, and these statutory provisions contain appropriate measures for the protection of your rights and liberties as well as your legitimate interests; or
9.3 is made with your express consent.
Such decisions are not allowed to be based on special categories of personal data as defined by Section 9 (1) GDPR, however, unless Section 9 (2) lit. a or g GDPR applies and appropriate measures for the protection of rights, liberties and your legitimate interests were taken.
With regard to the cases referred to in (1) and (3), the data controller shall take appropriate actions in order to protect the rights and liberties as well as your legitimate interests; this includes, at a minimum, the right to seek the intervention of a person on the part of the data controller; the right to present your own standpoint; and the right to dispute the decision.
10 Right to file a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or location of the alleged violation, if you are of the opinion that the processing of the personal data concerning you violates the GDPR.
The supervisory authority with which the complaint was filed shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Section 78 GDPR.