Your trust is important to us. ESA Eppinger GmbH referred to as ESA Eppinger, takes the protection of your personal data very seriously. Personal data are only collected, processed or used if the data subject has given their consent, if it is necessary for the performance of a contract or if a law permits the collection, processing or use.
1. Name and address of the responsible company
The authorized representative regarding the general data protection regulation (German: Datenschutz grundverordnung) as well as other European union member states data (protection) regulations is:
2. Name and address of the data protection representative
Every affected person can contact our data protection representative at all times with questions concerning the matter.
3. Fundamentals for the processing of personal data
The processing of personal data is being regarded to be lawful where it is necessary to protect an interest which is essential for the life of the data subject or that of another natural person.
A natural person is considered as identifiable in directly or indirectly way. A name, an identification number, location data, an online identifier or one or more special features are considered as identifiers by association. Furthermore, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity are also considered in respect to identifying a natural person.
ESA Eppinger only processes personal data when the data subject consent is given or when the data is permitted by applicable law. The legal basis of its’ kind comes from Article 6, § 1 of EU Data Protection Regulation (GDPR). According to this Prescription, the processing of personal data is only permitted if the data subject has given consent to the processing of their personal data (hence Article 6, § 1a of GDPR) or if processing is necessary for one of the following purposes:
For the performance of a specific procedure e.g. contract (hence Article 6, § 1b of GDPR).
For the fulfilment of a legal obligation of our company (hence Article 6, § 1c of GDPR).
For the protection of vital interests of the data subject or of another natural person (hence Article 6, § 1d of GDPR).
To perform tasks, that is in the public interest or that has been entrusted to our company by the public administration (hence Article 6, § 1e of GDPR)
To safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject for the protection of personal data outweigh them (hence Article 6, § 1f of GDPR).
4. erasure of Data and Duration of Retention
Your personal data will be erasure or blocked as soon as the purpose of withholding such data no longer applies. Data may be stored if such withholdings is provided by law for the European or national legislation in European Union, regulations or other legal provisions to which ESA Eppinger is subjected to. The data will also be erasure or blocked when a storage period specified in the mentioned laws and regulations are expired, except for where further withholding of the data is necessary for the conclusion of a contract or for fulfilling a contractual obligation.
In terms of prescribed withholding data, we refer to tax or commercial withholding periods.
5. Acquisition of access data (creation of log files)
As the webpages from ESA Eppinger website are being accessed, the system automatically collects data and information of the accessing computer system. In this context, the following data will be collected:
- The type of browser including the current version
- The operating system of the current user
- The Internet service provider of the current user
- The IP address of the accessing computer
- Date and time the pages are visited
- Websites from which the user's system is referred to our website
- The webpages from which our website is accessed
- Webpages which are accessed from our website
- Other similar data and information that will help prevent attacks on our system
The data are stored anonymously in log files in our system. However, there is no link with other personal data of the user such that ESA Eppinger does not draw any conclusions about the person concerned.
The legal basis for the data processing is referred to Article 6, § 1f of the GDPR. The storage is necessary to ensure the functionality and the correct presentation of the content on our website. Furthermore, the data that are stored and used for our statistics and the constant optimization of our website content are to ensure the security of the systems. Finally, it is stored in order to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.
A transfer of the affiliated company Eppinger Gearing Mechanism GmbH are carried out on the same basis of joint business activity. There is no disclosure of data to third parties, unless there is a legitimate disclosure obligation.
For a trouble-free operation environment of the website, the collection and storage of the data in log files are absolute necessary such that there is no possibility for the user to object.
The data will be erasure as soon as it’s no longer required to withhold the storage collection. In that case of the internet session is terminated, the data will also not be kept.
Cookies help us to make it easier for you to use the website, by recognizing the browser and storing previously entered data. The offers and contents of our website can be optimized individually, so that you do not have to re-enter data entered by you (e.g. access data, search terms ect.) each time you visit the website. Hence the legal basis Article 6, § 1f of GDPR.
7. Contact form and e-mail contact
The website of ESA Eppinger has a contact form ready, which can be used for making an electronic contact to our company. The data entered by the user in the input mask are transmitted to us and stored. In addition, the IP address of the user as well as the date and time of the transmission are stored. For the processing of the data, the consent of the user is obtained as part of the sending process. Hence the legal basis for the processing Article 6, § 1a of GDPR. In addition, for the legal basis where the storage of the IP address is concerned is therefore Article 6, § 1f of GDPR.
Alternatively, you can contact us using the e-mail address provided on our website. In this case, in addition to the e-mail address, the personal data provided by the user in the e-mail will be transmitted. Hence the legal basis is in respect to Article 6, § 1f of GDPR.
The processing of the data transmitted via the contact form or by e-mail is solely for carrying out the desired contact. Other data are stored in order to prevent or detect misuse of the website and to ensure the security of our system. There is no disclosure of data to third parties, unless there is a legitimate disclosure obligation.
The data will be deleted as soon as it is no longer required to withhold its collection. As far as the data transmitted by the user in the contact form or in the e-mail is concerned. this is the case if the relevant communication is terminated, unless the communication content is still of legal significance.
The data subject has the option to revoke consent to data processing or to object to the use of the data at any time. In this case, the intended contact with the user is no longer possible or an already started communication cannot be continued.
8. Use of social plug-ins
On our website we have plug-ins of social networks integrated. As the data subject is registered with the respective social network when visiting our website and logged in, this person recognizes which specific subpage of our website of the person concerned. This information is collected by the operator of the social network and assigned to the local account of the person concerned. We have no control over the nature and extent of the data collected, stored and processed by the operator of the social network. For more information, please contact the operator of the respective social network.
To prevent the operator of the respective social network from processing data about you, you must log out of the relevant network before you visit our website. In addition, you can use special tools that block data transfer (for example, Facebook Blocker). On our website, we have integrated the social media plug-ins of the following companies:
Facebook Inc. https://de-de.facebook.com/about/privacy/
9. Analysis by Wiredminds
Our website uses the counting pixel technology of Wiredminds GmbH (www.wiredminds.de) to analyse visitor behaviours. This data may be collected, processed and stored from which a pseudonym usage profiles are created. Wherever possible and meaningful, these usage profiles are completely anonymised. Cookies can be used for this purpose. Cookies are small text files that are stored in the visitor's internet browser and serve to recognize the internet browser. The collected data, which may also contain personal data, are transmitted to Wiredminds or collected directly from Wiredminds. Wiredminds may use information that is left by visits to the websites to create anonymous user profiles. The data obtained will not be used without the separately granted consent of the person concerned to personally identify the visitor to this website and they are not merged with personal data about the bearer of the pseudonym. As far as IP addresses are recorded, their immediate anonymisation takes place by deleting the last number block.
10. Your rights as an affected person
If you are an affected data subject, you then have the following rights as an individual against us according to GDPR:
a) Right of access by the data subject
You have the right to be informed about the collection and use of personal data from us. How it is being processed and the rationale for such processing. If this is the case, your request for information can be informed by us regarding following circumstances:
- the purposes of the processing
- the categories of personal data concerned
- the recipients respectively the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
- the existence of the right to request from the responsible rectification or erasure of personal data or restriction of processing personal data concerning the data subject or to object to such processing.
- the right to lodge a complaint or appeal to a supervisory authority.
- all available information on the source of the data (if the personal data are not collected from the data subject).
- rights to know the existence of automated decision-making including profiling hence Article 22, § 1 and § 4 of the GDPR. At least in these cases - meaningful information about the logic involved, the scope and intended impact of such processing on the data subject. In addition, you have a right to the information about whether personal data is transferred to a non-EU state (so-called third country) or to an international organization. In this connection, you can request the appropriate guarantees in accordance with Article 46 of the GDPR.
b) Right to rectification
You have the right to demand immediate modification of any inaccurate personal data concerning you. You also have the right to request that we complete incomplete personal data, including by means of a supplementary statement, considering the purposes of processing.
c) Right to erasure (right to be forgotten)
You may request that the personal data concerning you to be deleted immediately, if any of the following occur:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed
- You revoke your consent of the processing and there is no other legal basis for the processing hence Article 6, § 1a or Article 9, § 2a of the GDPR
- You are under the objection to the processing and there are no prior justifiable reasons for the processing hence Article 21, § 1 of the GDPR or you are under opposition to the processing hence Article 21, § 2 of the GDPR
- Your personal data has been processed unlawfully
- The erasure of personal data concerning you is required to fulfill a legal obligation under the Union or national law of the Member States to which the responsible company is subjected to
- The personal data concerning you were collected in relation to information society services offered hence Article 8, § 1 of the GDPR
ESA Eppinger are committed to the above principles for the erasure of personal data, If the personal data concerned have been made public. We also have the obligation to inform other responsible parties, that you as the data subject, have requested to erasure all links, copies, personal data, or replications of such personal data.
In this regard, considering the available technology and the implementation costs, we take appropriate measures, including technical, to comply with these obligations, at least to such an extent as processing is no longer required, e.g. if the legal requirements prescribe it or preclude legitimate interests are there for the erasure.
d) Right to restriction of processing
You may request to restrict the processing of your personal information under the following conditions:
- the accuracy of the personal data is contested by you, for a period enabling the responsible person to verify the accuracy of the personal data
- the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
- we no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
- You have objection to the processing according to Article 21, §. 1 of the GDPR and it is not yet clear whether the legitimate reasons of ESA Eppinger outweigh their reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural, legal person or for reasons of important public interest Union or a Member State. In that case, you will also to be notified by us before the restrictions are lifted.
e) Notification obligation regarding rectification, erasure of personal data or restriction processing
At ESA Eppinger we are obligated to communicate any rectification, erasure of personal data or restriction of processing carried out hence Article 19 of the GDPR to recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We are also obligated to inform the you about those recipients if the you request it.
f) Right to data portability
You have the right to receive personally identifiable information you provide us in a structured, common and readable format. Furthermore, you have the right to transfer this data to another responsible person without hindrance by the responsible person for providing the personal data, provided that the processing is based on the consent hence Article 6, § 1a or Article 9, § 2a of the GDPR or based on a contract in accordance with Article 6, § 1b of the GDPR and processing by means of automated procedures, unless the processing is necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the responsible company. In addition, in exercising your right to data portability under Article 20, § 1 of the GDPR, you may request that the personal data be transmitted directly from one responsible person to another, to such an extent as this is technically feasible and provided that this does not adversely affect the rights and freedoms of others.
g) Right to object
You have the right, on ground relating to your situation, to object to the processing of personal data concerning you hence Article 6, § 1e or §1f of the GDPR at any time. This also applies to profiling based on these provisions. ESA Eppinger will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for establishment, exercise or defence of legal claims.
h) Right to revoke a data protection consent
If you have granted a data protection consent, you have the right to revoke this consent at any time with effect for the future.
i) Automated individual decision making, including profiling
you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning or similarly significantly affects it, provided the decision
- is not required for the conclusion or performance of a contract between you and ESA Eppinger or
- is authorized by Union or Member State legislation to which the responsible person is subjected to, and where such legislation contains appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject or with the express consent of the person concerned.
However, these decisions must not be based on specific categories of personal data hence Article 9, § 1 of the GDPR unless Article 9, § 2a or § g of the GDPR is applicable and appropriate measures have been taken to protect the rights and freedoms and their legitimate interests.
If the decision to conclude or execute a contract between the data subject and the person responsible is required or is done with the express consent of the data subject, ESA Eppinger will then take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, which includes at least the right to obtain the intervention of a person on the part of the person responsible, to express one's own position and to contest the decision.
j) Right to complain to the supervisory authority
Regardless the rights we have in relation to you, you also have the right to lodge a complaint with a supervisory authority, in the Member State of your residence, place of work or place of alleged infringement, if you believe that the processing of your personal data concerns you violates the GDPR. The supervisory authority to which the complaint has been submitted will inform you of the status and results of the complaint, including the possibility of a judicial remedy hence Article 78 of the GDPR.