The EWS GmbH & Co. KG, Am Bahnhof 20, 24983 Handewitt, Phone: +49 46 08 / 67 81, Fax: +49 46 08 / 16 63, E-Mail: email@example.com is the “controller”, as defined by the European General Data Protection Regulation (GDPR), with respect to the data processing on this website.
We respect and protect your privacy rights and the information we receive from you. We respect the protection of your personal data and will collect, store or process all data obtained exclusively in accordance with the relevant data protection regulations.
2. Definition of “personal data”
Personal data are all information relating to an identified or identifiable natural person. A natural person is considered as identifiable if it can be identified directly or indirectly, in particular by association with an identifier, such as a name, an identification number, location data, online identification data or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
3. Data deletion and retention
Your personal data will be erased as soon as the purpose for its retention ceases to exist. The retention period may be extended if this is provided for by the European or national legislators in EU regulations, laws, or other directives. Data will also be deleted if a retention period as stated by the legal rules above expires, unless there is a need for further data retention in order to conclude or fulfil a contract.
4. Collection of personal data
As a general rule, we only collect and use your personal data to the extent that is necessary for providing a functional website and our content and services. The collection and utilization of personal data generally only occurs with the user’s consent. Exceptions apply in cases where obtaining consent is impossible for factual reasons and where data processing is permitted by law.
In the following, we would like to inform you about the type, scope and purpose of our data handling within the framework of this website:
4.1 Server log files
Any time our website is accessed, the user's access data that are required for enabling and billing the use is stored on our server in a log file which is automatically transmitted to us by your browser.
- Browser type / browser version
- Operating system used
- Host name of the accessing computer
- Date and time of server request
- IP address of the computer accessing the website
- Website from which our website was accessed (Referrer URL)
- Files accessed
- Data volume transferred
The log files are stored for the following purposes:
- Evaluation of file access for statistical purposes
- System security and stability of the website
- Review for any use that violates the terms of contracts or is otherwise unlawful provided that there are actual indications for this.
This data processing operation is based on Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection. We do not use the data collected for the purpose of identifying you. We do not combine this data with other data sources.
After the user has logged in on our website, so-called "cookies" are stored on the user's computer.
A cookie is a small text file in the designated directory of the computer. This file is used to identify the user's computer for the duration of the session. Cookies cannot manipulate the user's end device and can be deleted manually at any time, most easily in the browser.
The processing of the data by cookies is required for the aforementioned purposes to safeguard our legitimate interests as well as those of third parties according to article 6 para 1 p. 1 lit. f GDPR.
4.3 Usage data
We collect and use your personal data on the basis of Article 6 para 1 p. 1 b) GDPR, as far as this is necessary to enable the use of our internet offer (usage data).
For advertising and market research purposes and the needs-appropriate design of our internet offer, we may also create usage profiles when using pseudonyms.
You have the right to object to this use of your data at any time. We are not allowed to combine the usage profiles with data regarding the person to whom the pseudonym refers.
4.4 Data in the context of your contacting us
If you use the contact form to send us inquiries, we will store your data from the form or the e-mail address provided for contacting you, including the contact data you provided there, only for processing the respective inquiry and in case we have any follow-up questions. We do not pass this data on to third parties without your consent. The corresponding data usage is based on article 6 para 1 p. 1 b) GDPR as part of the processing of your concern. In order to prevent unauthorized access to your personal data, the e-mail traffic is encrypted by SSL/TLS-technology.
We offer our planning tool "QuickPlan" on our website.
If you use "QuickPlan" as end customer and consent actively to a forwarding of your personal data, we will send those to a maximum of 1-3 cooperating installers for the purpose of submitting an offer. The legal basis for this is Article 6 para 1 p. 1 lit. b GDPR. The further and subsequent data usage by the external installers is outside our area of responsibility.
In addition, we offer a free newsletter to our partner resellers to provide them with new information. In order to receive the newsletter we ask you to provide your e-mail address and an evidence of business registration. The disclosure of additional, separately marked data is optional.
We use the so-called double-opt-in procedure for the newsletter subscription. After you have signed up, we will send you an e-mail to the provided e-mail address and ask for confirmation that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to investigate possible misuse of your personal data.
After your confirmation, we save your e-mail address only for the purpose of sending the newsletter. The legal basis for this is Article 6 (1) p. 1 lit. a GDPR.
You can unsubscribe at any time, e. g. by clicking on the correspondent link at the end of each newsletter or, for instance, by sending an e-mail to firstname.lastname@example.org.
4.7 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House Barrow Street, Dublin 4, Irland
Alternatively, click on the following link to prevent Google Analytics from collecting data about you within this website: Disable collection of Google Analytics data for this website.
The use of tracking tools is based on article 6 (1) p. 1 lit. f GDPR. In the context of our legitimate interests, we want to ensure that our website is tailored to the needs and that the ongoing optimization of our web site (through statistical evaluations) is guaranteed.
4.8 Google Maps
This websites uses the services provided by Google Maps. This allows us to display interactive maps to you directly on our website and enables you to comfortably use the map feature.
When you visit our website, Google receives information that you have accessed the respective webpage on our website. In addition, the above-mentioned data (5.1) are transmitted. This is done regardless of whether Google provides a user account through which you are logged in, or if there is no user account. If you are logged in to Google, your data will be directly allocated to your account. If you do not want this data to be allocated with your profile on Google, you must log out before activating the button. Google stores your data as a user profiles and uses it for advertising, market research and/or to design its website based on users’ needs. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of demand-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles which can only be exercised by contacting Google, though.
4.9 Google WebFont
Our website uses so-called web fonts for the uniform presentation of fonts. Google Fonts is a service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). When you access a page on our website, your browser loads the required web fonts into your browser cache to correctly display text and fonts.
For this purpose, the browser you are using has to establish a direct connection to the Google servers. As a result, Google will learn that your IP address was used to access our website.
If your browser does not support the Google fonts or if you stop accessing the Google servers, the text will be displayed in the system's default font. For more information about Google Web fonts, please visit: www.google.com/fonts#AboutPlace:about. Information on data protection can be obtained at: https://policies.google.com/privacy?hl=en&gl=de.
The use of Google Web fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest pursuant to article 6 (1) p. 1 lit. f GDPR.
4.10 YouTube Plugins
Our website uses the plugin function of the YouTube platform of Google Inc. ("Google"), San Bruno/California, USA.
Every time you access our website, you are connected to the YouTube servers. Your visit to our website will be communicated to the YouTube server. To our knowledge, this does not involve any processing of personal data. However, if you are logged in to your YouTube account, you would enable YouTube to relate your browsing history directly to your personal profile.
You can deactivate this allocation by logging out of your account before accessing our website.
5. Your rights
Where we process your personal data on our website you are a “data subject”, as defined by the GDPR. Therefore, you have the following rights vis-à-vis us:
5.1 Right of access
You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipients to whom your personal data have been disclosed or are still being disclosed;
- If possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of a right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from you, any available information as to their source;
- The existence of an automated decision-making process, including profiling pursuant to article 22 (1) and (4) of the GDPR and, at least in these cases, meaningful information on the logic involved, as well as the significance and the envisaged consequences of such a processing for you.
You also have the right to be informed as to whether your personal data is transferred to a third country or to an international organization. In this context, you have the right to be informed of the appropriate safeguards pursuant to article 46 GDPR relating to the transfer.
5.2 Right to Rectification
You have the right to obtain from us without undue delay the rectification and/or completion of your personal data, provided that your processed data is incorrect or incomplete.
5.3 Right to restriction of processing
You shall have the right to obtain from the controller restriction of processing where one of the following applies:
- You contest the accuracy of your personal data for a period of time that enables us to verify the accuracy of the data
- The processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
- We no longer need your personal data for the purposes of processing, but you require them for the establishment, exercise or defense of legal claims, or
- You have objected to the processing pursuant to article 21 (1) GDPR pending the verification whether our legitimate grounds override your legitimate grounds.
If you have requested the restriction of the processing of your personal data, these shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State. You will be informed by us before the restriction is lifted.
5.4 Right to erasure
You shall have the right to obtain from us the erasure of your personal data without undue delay. We are obliged to erase personal data without undue delay where one of the following grounds applies:
- Your personal data is no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing is based according to article 6 (1) p. 1 lit. (a) or article 9 (2) lit. a GDPR, and where there is no other legal ground for the processing.
- You object to processing pursuant to article 21 (1) GDPR and there are no overriding legitimate grounds for the processing.
- In accordance with article 21 (2) GDPR, you object to the processing by means of direct marketing.
- The personal data have been unlawfully processed.
- Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
- Your personal data have been collected in relation to information society services referred to in article 8 (1) GDPR.
If we have made your personal data public and we are obliged to erase it pursuant to article 17 (1) GDPR, we shall take reasonable steps, taking into account the available technology and the implementation costs, to inform responsible person/s which is/are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Your right to erasure shall not apply to the extent that processing is necessary:
- for exercising the right to freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or of the Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- For reasons of public interest in the area of public health in accordance with article 9 (2) lit. (h) and (i) and article 9 (3) GDPR;
- For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to article 89 (1) of the GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
- For the establishment, exercise or defense of legal claims.
5.5 Right of information
Where you have exercised your right to the rectification or erasure of data or the restriction of its processing vis-à-vis us, we have a duty to communicate this rectification or erasure of the data or the restriction of its processing to all recipients to whom your personal data was disclosed, unless this proves impossible or involves disproportionate effort. You have a right to be informed about these recipients.
5.6 Right to data portability
You have the right to receive your personal data, which you may have provided us, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another responsible person without hindrance, provided that
- the processing is based on consent pursuant to article 6 (1) p. 1 lit. (a) GDPR or article 9 (2) lit. (a) GDPR or on a contract pursuant to article 6 (1) p. 1 lit. b GDPR
- the processing is carried out by automated means.
You also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
We do not believe that the data currently being processed within the offering of our website include data that is subject to the right of data portability.
5.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, which is based on article 6 (1) p. 1 lit. e or f GDPR at any time, including profiling based on those provisions.
We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
5.8 Right to revoke the consent under data protection declaration law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
5.9 Automated individual decision-making, including profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects for you or has similar significant negative effects for you. We do not perform such processing operations.
5.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other rights of administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or the place of the alleged infringement, if you feel that the processing of your personal data violates the GDPR.
6. Responsibility for linked content
7. Transfer of personal data to third parties
Your personal data will be stored exclusively on our servers or on servers used on our behalf. Access to and use of the data is only possible for an authorized group of employees or service providers and is only limited to those data which are necessary for the completion of the respective task.
Your data will not be transferred to third parties without your consent. When using our planning tool "QuickPlan", a transfer will only take place within the framework of the required involvement of an installer. Unless otherwise stated in this privacy notice, a transfer of data to third countries (countries outside the European Economic Area - EEA) does not take place and there are no plans for doing so in the future.
8. Data security
We use technical and organizational security measures to protect your data processed by us or on our behalf against manipulation, loss, destruction or access by unauthorized persons. We strive to continually adapt and improve our security measures in line with technological developments and the current data privacy laws.
9. Contact details for data protection and security
If you have any further questions regarding the processing of your personal data, please contact our Data Protection Officer:
EWS GmbH & Co. KG
Am Bahnhof 20
Phone: +49 4608 / 60 75 162
Fax: +49 4608 / 1663
Version: August 2018