With this declaration, we inform you about the type and scope, as well as the purpose and legal basis of the processing of personal data on this website and on any online presences in social networks. In addition, we communicate here our information and notification obligations for the use of personal data in our company.
Name and address of the person responsible
The responsible party within the meaning of the General Data Protection Regulation (DSGVO) and other national data protection laws of the member states as well as other data protection regulations is the company named in the imprint.
Contact the Data Protection Officer
The data protection officer of the controller is:
ER Secure GmbH
In der Knackenau 4
Basic information on the processing of personal data
We collect and process personal data of our users only insofar as this is necessary for the provision of a functional website or the provision of services of our company. The processing only takes place with your consent, or if permitted or required by law.
The security of your personal data has a high priority for us. We therefore protect your data by technical and organisational measures in order to prevent misuse. We regularly review the measures taken and adapt them to current technical conditions. Furthermore, we oblige all employees to maintain confidentiality in accordance with §28 DSGVO.
Purposes and legal basis of processing, transfer to third parties and abroad
We process your data for the following purposes:
- Fullfilment of new or existing contractual relationships or to carry out pre-contractual measures, e.g. the preparation of offers.
- Sending marketing information.
- Processing enquiries, e.g. as part of our core activity or for application letters.
- Providing telemedia, e.g. our website or email.
In doing so, we process the data on the legal basis of Art. 6 para. 1 DSGVO:
- 6 para. 1 lit. a DSGVO: Processing operations based on their consent.
- 6 para. 1 lit. b DSGVO: Processing operations for the performance of a contract or pre-contractual measures, e.g. a sales or service contract or the request for a quote.
- 6 (1) lit. c DSGVO: Processing operations for which we are legally obliged, e.g. storage for tax reasons.
- 6 (1) lit. f DSGVO: Processing operations that we carry out on the basis of our legitimate interests, e.g. the transfer of your data to postal service providers for the purpose of sending mail or to a tax advisor. This also includes saving information on website usage for the purpose of optimising our website.
The transfer of your data to third parties is also based on the above permissions and only takes place within the framework of a contract processing agreement or if other confidentiality obligations exist, such as professional secrecy providers or shipping service providers. If data is transferred to third countries outside the European Economic Area, the recipients have corresponding guarantees in accordance with Art. 44 ff of the GDPR, e.g. certification under the Privacy Shield.
Duration of storage, deletion of personal data
Personal data is only processed and stored for the period of time required to fulfil the processing purposes. After fulfilment of the purpose, their data will be deleted or blocked by us, provided that we are no longer subject to a legal storage obligation.
We send newsletters with promotional content to our customers. The legal basis for the dispatch is either the consent according to Art. 6 para. 1 lit. a, provided that they have registered themselves for the newsletter via the newsletter function. The entry is made using the double opt-in procedure, i.e. they receive a confirmation e-mail in which they must click a confirmation link. You can revoke your consent at any time; each newsletter contains an unsubscribe function for this purpose.
If we have received your contact via a contractual relationship, we will send you the newsletter with product information to protect our legitimate interest in accordance with Art. 6 Para. 1 lit. f in conjunction with § 7 Para. 3 UWG. You can object to the use of your e-mail address for advertising purposes; each newsletter contains an unsubscribe function for this purpose.
If we have saved your name, we will use it to address you. If it is possible for us to do so, we send the newsletter in a gender-specific manner.
We use the external newsletter for advertising purposes.
We use the external service provider RapidMail to send the newsletter. The provider maintains a database in which we can see information about subscription and unsubscription and an objection or revocation of consent.
The logging is done by the provider.
The logging serves to protect our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to offer a user-friendly and legally compliant newsletter, e.g. with regard to proof obligations.
Collection of access data and log files
We collect access data (log files) on every server access on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f. DSGVO. This includes the name of the retrieved website, the date and time of the retrieval, the transferred file and data volume, the message about the retrieval success or failure, browser type and browser version, the operating system, referrer URL (the previously visited page), and their IP address. Log files are collected for security purposes (for example, to investigate crimes) and stored for a period of 7 days and then deleted. If data are still required for evidence, they will be exempted from the cancellation until the final clarification of the incident.
To ensure a fast and stable connection, we have outsourced the hosting to an external service provider. This process the above-mentioned log data according to our specifications. The disclosure is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO i.V.m. Art. 28 GDPR.
Cookies are files stored by the Internet browser on the user's computer system. When accessing this website, cookies are stored in the browser memory of the person concerned.
You can prevent the storage of cookies in the browser, the page may possibly only work to a limited extent. It makes more sense at this point to set the deletion of all cookies after the end of each browser session, which works on our site without restriction and a recognition at the next visit with all positive and negative consequences is prevented.
We use technical cookies, as this is technically necessary for the operation of the service offered in accordance with Art. 6 (1) lit. f DSGVO, i. to safeguard our legitimate interest.
Technical cookies are used to recognize a user when the website is called up again and so to store for example. made language settings, shopping cart information or similar beyond a surfing session.
When making contact (eg via contact form, e-mail, telephone or via social networks), the personal data of the user for processing the contact request according to. Art. 6 para. 1 lit. b DSGVO, i. to fulfill a contract or precontractual measures. If necessary, your data will be transferred to a customer management program (CRM system). Please note that we are committed to e-mail archiving according to the GoBD; a complete deletion of e-mails sent to us (from our archive system) is therefore not possible.
Information transmitted via our contact form on our website is securely encrypted in accordance with the requirements of TMG §13 (7).
Transfer of personal data
Your data will be forwarded to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods. To process payments, we pass on your payment data to the bank responsible for the payment.
Processing of applicant data
If you send us application documents via e-mail, the information sent to us will be archived by us to protect our legitimate interest for up to 6 months in order to contact you in case of a vacancy. After 6 months the emails will be deleted from our active system. You have the possibility of objecting to the storage directly or subsequently. If necessary, contact us again.
Reference to the persons concerned
In case we process your personal data, you are the person concerned and in terms oft he GDPR you have the following rights towards the responsible body:
Right to information and data portability
You have the right to request information about the personal data stored about you. You have the right to receive the requested data in a common, machine-readable format.
Right to rectification
You have the right to ask the person responsible for the correction of incorrect personal data concerning you. Taking into account the purposes of processing, they have the right to ask for the completion of incomplete personal data.
Right to restriction
Under the following conditions, they may request the restriction of the processing of personal data concerning them:
- The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of the use of the personal data.
- The controller no longer needs the personal data for the purposes of processing, but the data subject requires them to assert, exercise or defend legal claims, or if
- the person concerned objects to the processing, as long as it is not certain that the legitimate reasons of the person responsible outweigh those of the data subject.
If the processing has been restricted, these personal data may be stored only with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of significant public interest Union or a Member State. We will inform you before the restriction is lifted.
Right to delete
You may request the deletion of the processing of your personal data under the following conditions:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- The data subject revokes their consent and there is no other legal basis for processing.
- The data subject objects to the processing and there are no overriding legitimate grounds for processing.
- The personal data were processed unlawfully.
- The erasure of personal data is necessary to fulfill a legal obligation under Union or national law to which the controller is subject.
- The personal data was collected in relation to the use of web services.
Right to revoke a declaration of consent
You have the right to revoke your consent to the processing of personal data at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Right to information
If you have used the right to correct, delete or restrict the processing, we are obliged to notify all recipients to whom this information has been transmitted about the correction, deletion or restriction of the data, unless this is a disproportionate effort or impossible.
Right of objection
You have the right, at any time, to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The controller no longer processes the personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
If personal data are processed in order to operate direct mail, they have the right to object at any time to the processing of personal data concerning them for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
Right to complain to a supervisory authority
You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, in particular in the Member State of its habitual residence, employment or the place of alleged infringement, if you consider that the processing of the personal data concerning you is against the GPDR violates.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Non-provision of personal data
If you do not provide us with personal data that we need for contractual purposes, this non-provisioning generally means that the contract can not be closed. In individual cases, we can inform you whether a provision is legally binding or contractually required and what would be the consequences of non-provision in individual cases.
As of: 24.06.2021