Privacy

Data Protection (Privacy) Information

§1 Information on the Collection of Personal Data

1. The following is to inform you of the collection of personal data while using our website. Personal data is all data that can be attributed to you personally such as name, address, email addresses, user behaviour.
2. The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is the company elobau GmbH & Co KG, Zeppelinstr. 44, D-88299 Leutkirch, Germany, info@elobau.de (see our Legal Notice).
   Our data protection officer is contactable at datenschutz@elobau.de or our postal address with the addition “the data protection officer”.
3. In the event in which you contact us by email, we will store the data you communicate (your email address, your name and your telephone number, as the case may be) in order to answer your questions. We will erase the data collected in this connection once their storage is no longer required or we restrict the processing if statutory compulsory retention periods apply. The legal basis depends on the type of your request. If it is about the purchase of any of our products or the use of our services, Art. 6 (1)(b) GDPR is the appropriate legal basis. If you desire general information from us, you give us your consent to data processing pursuant to Art. 6 (1)(a) GDPR in sending us your request.
4. If we resort to contracted service providers for individual functions of our offer or if we wish to use your data for advertising purposes, we will inform you below of the respective processes in detail. In doing so, we also inform you of the criteria determined for the storage period.

§2 Legal Basis for Processing

Our company applies Art. 6 (1)(1)(a) GDPR as legal basis for processing procedures for which we obtain the consent for a specific processing purpose. If the processing of personal data is required to perform a contract to which the data subject is a party, as e.g., in cases of processing procedures required for the delivery of goods or the provision of any other service or return service, the processing is based on Art. 6 (1)(1)(b) GDPR. The same is applicable to such processing procedures required for the performance of pre-contractual measures such as in cases of requests regarding our products or services. If our company is subject to a legal obligation requiring the processing of personal data such as e.g., the satisfaction of tax obligations, the processing is based on Art. 6 (1)(1)(c) GDPR. In rare cases, the processing of personal data may become required to protect vital interests of the data subject or another natural person, Art. 6 (1)(1)(d) GDPR. Finally, processing procedures could as well be based on Art. 6 (1)(1)(f) GDPR. Processing procedures that are not covered by any of the aforementioned legal bases rest on this legal basis if processing is required to safeguard a legitimate interest of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the data subject prevail.

§3 Transfer of Data

There will not be any transfer of your personal data to third parties for purposes other than the ones listed below. We transfer your personal data to third parties only if you gave your express consent pursuant to Art. 6 (1)(1)(a) GDPR, the transfer is required for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worth being protected in the avoidance of the transfer of your data in case that there is a legal obligation to carry out the transfer pursuant to Art. 6 (1)(1)(c) GDPR as well as that this is legally permitted and required for the transaction of contractual relationships with you pursuant to Art. 6 (1)(1)(b) GDPR.

§4 Your Rights

1. In your dealings with us, you have the following rights concerning personal data relating to you:
   • Right of access to information;
   • Right of rectification or erasure;
   • Right to restriction of processing;
   • Right to object to the processing;
   • Right to data portability.
2. Moreover, you have the right to complain to a data protection supervisory authority about our processing of your personal data.

§5 Collection of Personal Data when Visiting our Websites

1. 1. Our website is hosted on the servers of the company
   ALL-INKL.COM – Neue Medien Münnich
   Hauptstraße 68
   02742 Friedersdorf
   We entered into an agreement on data processing pursuant to Art. 28 GDPR with the service provider.
   In case of use of the website for information purposes only i.e., if you do not register or transfer information to us in any other manner, we only collect the personal data your browser transmits to our server. If you want to view our website, we collect the following data we need for technical reasons to show you our website and to ensure the stability and security (legal basis is Art. 6 (1)(1)(f) GDPR):
   • IP addresses;
   • Date and time of the requests;
   • Time zone difference to Greenwich Mean Time (GMT);
   • Content of the request (specific page);
   • Access status/http status code;
   • Data volume transferred each time;
   • Website from where the request arrives;
   • Browsers;
   • Operating system and its surfaces;
   • Language and version of the browser software.
2. In addition to the data listed above, cookies are stored on your computer when you use our website. Cookies are small text files, which are stored on your hard drive assigned to the browser you use and which the entity placing the cookie (we in this case) uses to obtain specific information. Cookies cannot run any programmes or transfer viruses to your computer. Their purpose is to make the web offer more user-friendly and more effective altogether.
3. Use of cookies:
   • a) This website uses the following types of cookies, the scope and functions of which are explained below: – Transient cookies (see b) – Persistent cookies (see c).
   • b) Transient cookies are erased in an automated manner once you close the browser. They include but are not limited to the session cookies. They store a so-called session ID used to assign various requests of your browser to the common session. This makes it possible to recognise your computer again when you return to our website. The session cookies are erased when you log out or close the browser.
   • c) Persistent cookies are erased in an automated manner after a determined period that can differ depending on the cookie. You may erase the cookies in the security settings of your browser at any time.
   • d) To allow us – elobau.com – adjusting to your personal needs and your use, we also use the so-called local storage technology (also known as “local data” and “local storage”) in addition to cookies. With this technology, data is stored locally in the web cache of your browser, which persist also after closing the browser window or exiting the programme – unless you erase the cache content –and can be read. Local Storage enables elobau.com to store your preferences in using the request list of elobau.com on your computer and your corresponding use.
     Cookies are necessary in some cases to enable the functionality of our website operation. The legal basis for such necessary cookies is Art. 6 (1)(f) GDPR. We have a legitimate interest in presenting our company via this website. All other cookies will only be placed upon the consent in the consent banner. The legal basis is Art. 6 (1)(a) GDPR. (Name, purpose, functioning, storage period) of such cookies are set out below.

§6 Contact Forms

If you send us your requests using the contact form, we will store and process your data provided in the contact form, including the contact data indicated there, on our systems for the processing of the request, and to be able to answer follow-up questions, if any. Your data will be used for the specific purpose of answering and processing your question on an exclusive basis. In this context, data processing is made pursuant to Art. 6 (1)(1)(a) GDPR based on your voluntarily given consent. You may object to this procedure at any time (right of withdrawal).

§7 Other Functions and Offers of our Website

1. In addition to the use of our website for pure information purposes, we offer various services you may use if interested. As a rule, this requires that you provide further personal data, which we need to provide the respective service and which are subject to the aforementioned data processing principles.
2. In some cases, we use external service providers to process your data. We selected and contracted them carefully and they are bound by our instructions and monitored on a regular basis.
3. In the case of our service providers or partners having their places of business in a state outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

§8 Objection to or Withdrawal of the Consent for the Processing of Your Data

1. If you have given consent to the processing of your data, you may withdraw it at any time. Such a withdrawal affects the permissibility of the processing of your personal data once you notify us.
2. To the extent we base the processing of your personal data on the weighing of interests, you may raise an objection against the processing. This is the case if the processing is not particularly required to fulfil a contract with you, which we outline in each of the following descriptions of the functions. If you raise such an objection, we ask for the statement of the reasons for which we should not process your personal data in the manner we do it. In case of a justified objection, we assess the situation of facts and will either discontinue or adjust the data processing or illustrate our compulsory reasons worth being protected on the basis of which we continue the processing.
3. As a matter of course, you may object to the processing of your personal data for purposes of advertisement and data analysis at any time. For your objection to advertisements, you can inform us using the following email address: datenschutz@elobau.de.

§9 Newsletter

1. You may subscribe to our newsletter in which we will inform you of our current interesting offers by giving your consent. The promoted goods and services are specified in the statement of consent.
2. To register for our newsletter, we use the so-called double ​opt-​in procedure. This means that after your registration, we send an email to the email address you provided, in which we ask you to confirm that you request the receipt of our newsletter. If you do not confirm your registration within 30 days, your information will be blocked and erased automatically. Moreover, we store the IP addresses used and the time of the registration and confirmation. The purpose of this procedure is to document your registration and to be able to clarify a possible misuse of your personal data, as the case may be.
3. The only compulsory information for sending you the newsletter is your email address. The provision of other, specifically marked data is made on a voluntary basis and is used to address you personally. After your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is Art. 6 (1)(1)(a) GDPR.
4. You may withdraw your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You may communicate the withdrawal by clicking the link provided in each newsletter email, by email to datenschutz@elobau.de or by notice using the contact data indicated in the legal notice.
5. Please note that in sending out the newsletter, we evaluate your user behaviour. For such evaluation, the distributed emails contain so-called web beacons or tracking pixels, respectively, representing one-pixel picture files. The data is collected in a pseudonymised manner only i.e., the IDs are not linked with your other personal data, thus excluding any direct assignability to a person. The data is collected to optimise the contents and the distribution date. Furthermore, such tracking is not possible if you disabled the display of pictures by your email programme in your default settings. If so, the newsletter will not be shown to you completely and you may not be able to use all functions. If you allow the display of the pictures manually, the tracking as mentioned above will take place.
6. CleverReach
   This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede.CleverReach is a service with which the newsletter dispatch can be organized and analyzed. Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. Among other things, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. For more information on data analysis by CleverReach newsletters, please visit: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website.The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of CleverReach after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.For more details, please refer to the data protection provisions of CleverReach at: https://www.cleverreach.com/de/datenschutz/.Conclusion of a contract for commissioned data processingWe have concluded an order data processing contract with CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.

§10 Use of Our Application Portal

We operate an application portal using the Workday platform (www.work-day.com). The purpose of data collection is the selection of applicants for the possible establishment of an employment relationship. The data you provide (title, first and last name, address, e-mail address, application documents such as CV, mobile phone number) will be processed by us for the selection process.

As part of the application process, the applications received will be reviewed, any queries made using the above information, invitations to interviews sent out and further personal data collected in interviews as part of the selection process in order to make a decision.

The legal basis for the processing of applicant data is Art. 6 para. 1 lit. b) GDPR.

If no employment relationship is established following the application procedure, the application documents will be deleted no later than six months after notification of the rejection decision, unless you consent to us storing your applicant data for longer than six months.

If your application is followed by the conclusion of an employment contract, your data will be stored and used in compliance with the relevant legal provisions pursuant to Art. 6 para. 1 lit. b) GDPR.

We assure you that your data will be collected, processed and used in accordance with the principles of the GDPR and all other legal provisions and that your data will be treated in strict confidence. As part of the application process, your data will be viewed by the HR department, the supervisor of the position for which you have applied and the management. Your data will not be passed on to third parties, with the exception of our service providers as part of order processing. As an applicant, you will receive information in accordance with Art. 13 GDPR on the use of your data in the application process.

§11 Notice in accordance with Art. 13 of the General Data Protection Regulation (GDPR) about the processing of personal data in connection with the whistleblower system

In what follows we inform you about the processing of personal data by elobau GmbH & Co. KG (hereinafter “elobau”) in connection with the whistleblower system and about the associated data protection regulations, claims and rights.

elobau uses web-based software, a cloud solution hosted in Germany, which supports the detection of operational abuses. The introduction of such a system can facilitate the early detection and prevention of criminal, illegal, ethically reprehensible or dishonest actions. In this way, possibly incalculable material and immaterial damage as well as reputational damage can be averted.

Purpose of data processing
elobau processes the personal data of the respective whistleblower, unless the tip was made anonymously, as well as the personal data of the person(s) accused of misdemeanours: this data consists of names and other communication and content data, exclusively for the purpose of obtaining information on criminal, illegal, unethical or improper activity in a safe and confidential manner.

Categories of data processing in connection with the whistleblower system
Information about the whistleblower (if he/she does not wish to remain anonymous) and the accused party, such as

first and last name
job title
contact details
possibly other personal data related to the employment relationship

personal information identified in the investigating team’s reports (see Section 4), including details of the allegations made and the evidence supporting them

date and time of calls (when notification is received via the telephone hotline)

any other information identified in the investigation results and in the follow-up procedure following the report, e.g. information about criminal conduct or data about unlawful or improper conduct where reported

Legal basis for data processing
The collection of the personal data of the whistleblower (in the case of a non-anonymous tip) takes place on the basis of consent to the processing through the transmission of the data (implicit consent) (Art. 6 (1) 1a GDPR).

The collection, processing and disclosure of personal data of the persons named in a report serves to protect the legitimate interests of elobau (Art. 6 (1) 1f GDPR). It is in elobau’s legitimate interest to expose, process, stop and sanction violations of the law and serious breaches of duty by employees wherever these occur in the company, effectively and with a high degree of confidentiality, and to avert associated damage and liability risks for elobau (§§ 30, 130 OWiG (Administrative Offences Act)). Directive (EU) 2019/1937 (“EU Whistleblower Directive”) and the future Whistleblower Protection Act (“HinSchG”) (currently in draft form) also require the establishment of a whistleblower system in order to give employees and third parties the opportunity to report violations of the law in a suitable manner to give in the company.

The transfer of personal data to other recipients in the case of non-anonymous reports may be necessary due to legal obligations (Article 6 (1) 1c GDPR).

Recipients of the data and transfer to third countries (EU/EEA countries)
Any personal information collected through the web-based software is only made available to those individuals who, by virtue of their role, have a legitimate need to process that information.

The Compliance & Integrity Manager is responsible for the initial processing of new reports.

If the tip is received via the telephone hotline, the tip will be recorded in the whistleblower system while maintaining the anonymity of the whistleblower. The hotline staff is bound to secrecy (see below).

At elobau, only authorised employees from the following departments have access to the data (investigation team):

Compliance & Integrity
HR (in specific cases)

In some cases, the company is required to disclose the data to public authorities (such as those with legal or regulatory jurisdiction over the employer as well as law enforcement and judicial bodies) or external consultants (such as accountants, auditors, attorneys).

If the whistleblower has provided his/her name or other personal data (not anonymous information), the identity will not be disclosed – as far as legally possible – and it will also be ensured that it will not be possible to deduce the whistleblower’s identity.

If personal data is processed by external service providers, this is generally done on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR and that all persons authorised to process personal data have made personal confidentiality declarations or are subject to an appropriate statutory duty of confidentiality. The whistleblower system is operated on our behalf by LegalTegrity GmbH, Platz der Einheit 2, 60327 Frankfurt/Main.

No transfer of personal data to third countries takes place (EU/EEA countries).

Duration of processing, deletion of data
The personal data will be held in the respective process for as long as required for the purposes of investigation and final assessment or as long a as a legitimate interest of elobau exists or where there is a legal requirement. Thereafter, this data will be deleted in accordance with legal requirements. The duration of the storage depends in particular on the severity of the suspicion and the reported breach of duty.

Technical information on using the whistleblower system
Communication between your computer and the whistleblower system takes place via an encrypted connection (SSL). The IP address of your computer will not be saved when you use the whistleblower system. To maintain the connection between your computer and the whistleblower system, a cookie is stored on your computer, which only contains the session ID. The cookie is only valid until the end of your session and becomes invalid when the browser is closed.

Rights of data subjects according to the GDPR
You have the following rights in connection with the processing of your personal data:

In accordance with Art. 7 GDPR, you have the right to revoke your consent to data processing at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

According to Art. 14 GDPR, if your data is collected without your knowledge (e.g. because you are involved as an accused person in the procedure for clarifying the notification), you have the right to be informed about the storage, the type of data, the purpose of the processing and of the identity of the person responsible and, if applicable, of the whistleblower (unless the tip-off was submitted anonymously). However, if there was a significant risk that such notification would jeopardise elobau’s ability to effectively investigate the allegation or to collect the necessary evidence, this information can be deferred according to Article 14 (5) 1b GDPR as long as this danger exists. The information must then be provided as soon as the reason for the postponement no longer applies.

In accordance with Art. 15 GDPR, you have the right to request information about your personal data that is processed by elobau.

In accordance with Art. 16 GDPR, you have the right to demand the immediate correction of incorrect information or the supplementing of incomplete information stored by us.

In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, provided that such processing is not in connection with exercising the right to freedom of expression and information, fulfilling a legal obligation to which elobau is subject , performing a task that is in the public interest or asserting, exercising or defending legal claims.

In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if you dispute the accuracy of this data or if the processing of this data is unlawful.

In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format and to transmit this data to another responsible part without hindrance or to have this data transmitted by us.

In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data if there are reasons for this that arise from your particular situation. Your data will then no longer be processed unless elobau can demonstrate compelling reasons for processing that outweigh the interests, rights and freedoms of the data subject, or that the processing serves to assert or defend legal claims.

According to Art. 77 GDPR in conjunction with Section 17 BDSG (Federal Data Protection Act), you have the right to lodge a complaint against elobau with the competent supervisory authority. This is:

The State Commissioner for Data Protection and
Freedom of Information in Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Tel.: 0711/61 55 41 – 0

Responsible in the meaning of data protection law
The entity responsible for processing the above personal data and your related applications and inquiries is:

elobau GmbH & Co KG, Zeppelinstr. 44, 88299 Leutkirch, Germany, info@elobau.de

If you have any questions regarding data protection, please contact our data protection officer:

Data Protection Officer
Datenschutzberatung Walliser GbR
Altenwaldstr. 8, 72768 Reutlingen
datenschutz@elobau.de

§12 Google Products

We use various products of the company Google Ireland Ltd.; Gordon House, Barrow Street, Dublin 4, Ireland, which are described in more detail as follows.

As it cannot be excluded that Google processes personal data at their headquarters in the USA too, we approached both the company proper and our appropriate supervisory authority with the aim of enabling data transfer to the USA in conformity with the law.

For the time being, the data transfer is at least partially still based on the EU-US Privacy Shield. On 5 August 2020, however, Google communicated that they intended to prepare standard contract clauses in conformity with data protection law.

For the current state of affairs, please consult Google’s privacy information: https://policies.google.com/privacy?hl=de#infosharing

12.1. Google Analytics

Our website uses the Google Analytics analysis service. This web analysis service is operated by the company Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). We use Google Analytics to evaluate your use of our website and to prepare reports on user activities. This analysis tool works based on cookies. A cookie is a text file transmitted to and stored on the user’s hard drive on the occasion of the visit of a website to enable an analysis of your use of the website. As a rule, the information stored by the cookie is transferred to and stored on a server of Google in the USA. In the process of IP anonymisation, your IP address is previously truncated by Google in a member state of the EU or another contracting state of the European Economic Area. On our instructions, Google will use the transferred information to prepare a report on the use of the website. We entered into a contract with Google based on a template of the supervisory authorities. If you want to prevent the use of cookies, you may do so locally by changing your settings of the browser used on your computer (e.g. Safari, Internet Explorer, Opera, Firefox etc.) i.e., the programme to open and show websites. Moreover, you may prevent the collection and processing of your data by Goole’s cookie by downloading and installing a browser plugin offered by Google, which can be found following this link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can prevent the recording by Google Analytics by clicking the link below. Then, a so-called opt-out cookie will be placed preventing the future recording of your data when you visit this website:

Disable Google Analytics

For more information on the terms of use and data privacy of Google and Google Analytics, please follow this link http://www.google.com/analytics/terms/de.html as well as: https://www.google.de/intl/de/policies/.

The legal basis for the processing of your data is Art. 6 (1)(1)(a) GDPR. Consent via the consent banner.

Information on cookies:

Categorisation for consent: Marketing
Cookies used (lifetime in brackets): _ga (2 years), _gid (1 day), _gat_UA-* (1 minute),_utma (2 years), _utmb (30 minutes), _utmc (session), _utmt (10 minutes), _utmz (6 months)

12.2 Google Tag Manager

We use the Google Tag Manager of the company Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The Google Tag Manager is a cookie-free domain and does not record any personal data. The tool makes sure that other components are triggered, which in their turn could record data, as the case may be. The Google Tag Manager does not access such data. In case of deactivation on domain level or on cookie level, this will maintain its effect on all tracking tags implemented together with the Google Tag Manager.

12.3 Google Remarketing via Double Click

We use the remarketing function of the company Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of this function is to show visitors of the website interest-related ads in the context of the Google advertising network Double Click. To that end, the browser of the website visitor stores cookies that enable the recognition of the visitor once he/she views websites that are part of Google’s advertising network. Then, ads can be presented to the visitor on those websites relating to contents the visitor viewed previously on websites using the Google remarketing function.

The legal basis for the processing of your data is Art. 6 (1)(1)(a) GDPR. Consent via the consent banner (activation by Google Analytics).

12.4 Google Safeframe

We use the marketing function “Google Safeframe” of the company Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Safeframe stores and processes information about your user behaviour on our website. To that end, Google Safeframe uses cookies, among other things, i.e., small text files stored locally in the buffer memory of your web browser on your terminal device enabling us to conduct an analysis of your use of our website.

We use Google Safeframe for marketing​ and optimisation purposes, in particular, to analyse the use of our website and to improve individual functions and offers as well as the user experience on a continuous basis. By way of the statistical evaluation of the user behaviour, we can improve our offer and present it in a more interesting arrangement for you as the user.

For more information on the third-party provider concerning data protection, please consult the following website: https://policies.google.com/privacy?hl=de&gl=de

The legal basis for the processing of your data is Art. 6 (1)(1)(a) GDPR. Consent via the consent banner (activation by Google Analytics).

12.5 Google Adwords Conversion

1. We use the offer of Google Adwords in order to attract attention to our offers on external websites with the assistance of advertising tools (so-called Google Adwords). We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We do so as we are interested in showing you ads of interest to you, presenting our website in a more interesting arrangement for you and achieving a fair calculation of advertising costs.
2. Google delivers the said advertising tools by means of so-called “ad servers”. In this connection, we use ad server cookies, which enable the measurement of specific parameters for success measurement such as the pop-up of ads or clicks by the users. If you come to our website via a Google ad, Google Adwords stores a cookie on your computer. As a rule, such cookies lose their validity after 30 days and are not intended to identify you personally. In connection with that cookie, the unique cookie ID, the number of ad impressions per placement (frequency), last impression (relevant for post-​view conversions), as well as opt-​out information (tag to show that the user no longer wishes to be approached) are generally stored as analysis values.
3. Such cookies enable Google to recognise your web browser again. If a user visits specific pages of the website of an Adwords customer and the cookie stored on his/her computer has not expired yet, Google and the customer can recognise that the user clicked the ad and was redirected to that page. Each Adwords customer is assigned another cookie. According to Google, cookies can therefore not be traced via the websites of Adwords customers. As far as we are concerned, we do not use the mentioned advertising tools to collect and process any personal data. We just receive statistical evaluations from Google. Based on those evaluations, we can recognise which of the advertising tools we employed are particularly effective. We do not receive any further data from the use of the advertising tools and, in particular, we cannot identify the users with that information.
4. Owing to the employed marketing tools, your browser establishes a connection to Google’s server automatically. We have no influence on the volume and the further processing of the data collected by Google using this tool and therefore we inform you in accordance with our state of information: By way of incorporation of AdWords Conversion, Google receives the information that you accessed the corresponding part of our website or clicked any of our ads. If you are registered with a service of Google, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider finds out and stores your IP address.
5. The legal basis for the processing of your data is Art. 6 (1)(1)(a) GDPR. Consent via the consent banner (activation by Google Analytics).

§13 Referrals to Websites of Third Parties

On this website, referrals to third-party websites are offered in the form of links. They include but are not limited to, our Facebook site, our profiles in XING, LinkedIn and Instagram, as well as our YouTube channel.

Data will be transferred to the link destination only when you click any of the links. This is a technical requirement. The technical data include, but are not limited to: your IP address, the time at which you clicked the link, the page where you clicked the link, information on your web browser. If you do not wish the transfer of such data to the link destination, do not click the link.

§14 SSL Encryption

This website uses SSL encryption (Secure Socket Layer) for the transfer of data of your browser to our server and to servers providing the files we incorporate on our website.

SSL is used to transfer data in an encrypted condition. The data cannot be altered and the sender can be identified.

You can recognise the existence of the SSL encryption if there is the prefix “https” in front of the website address you call up in the browser.

§15 Comment Function

Some of the pages or articles come with a voluntary comment function for users wishing to communicate their opinion about the respective page or an article. After a positive review, the comment is released and appears for the public on the page where the comment was submitted. There is no entitlement to release of a comment. The commenting person has to indicate a name, which can be a pseudonym. Likewise, the commenting person has to indicate an email address. This is required to inform him/her in respect of the status of his/her comment and also in particular if he/she asked a question in the comment and waits for an answer. That email address is not disclosed to the public, is not passed on to third parties, and is not evaluated manually. The IP address of the commenting person is stored in anonymised form only. The comment is stored on a permanent basis until you (or an administrator) erase(s) it. The email address indicated for the comment is stored for the only purpose of informing you in case of an answer to your comment. Any additional data provided in connection with the comment will be published with the comment. If you are requested to provide a name, you may choose to use a pseudonym.

The legal basis is Art. 6 (1)(a) GDPR. In submitting the voluntary comment, you give us your consent to publication.

§16 Other Tools of Third-Party Providers

16.1 YouTube Videos

We incorporate YouTube videos on our website, which are stored on the servers of the provider YouTube and which can be played from our website based on an embedding feature. The embedding of the videos is made with an activated option for extended data protection settings.

If you did not give your consent to the use of the YouTube videos in the consent banner and if you try to view a YouTube video, you will be redirected to the consent banner for your release.

If you have given your consent to the use of the YouTube videos in the consent banner, YouTube/Google will receive the information that you accessed the corresponding website of our online offer. In the process, YouTube cookies and DoubleClick cookies will be stored on your computer and data could be transferred to Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA, as the YouTube operator.

According to the current status, when playing videos stored on YouTube, at least the following data will be transferred to Google Inc. as the YouTube operator and operator of the DoubleClick network: IP address and cookie, the specific address of the page accessed on our website, system date and time of access, the identifier of your browser.

The transfer of such data is made irrespective of whether you have a Google user account that you used to log in or whether you do not have any user account. If you are logged in as mentioned above, Google could assign such data directly to your account. If do not wish the assignment to your profile, you have to log out prior to activating the play button for the video.

YouTube or Google Inc., respectively, store such data as user profiles and uses them for the purposes of advertising, market research and/or adequate configuration of their websites. Such an evaluation is made in particular (also for users not logged in) in order to present adequate advertising and to inform other users of your activities on our website. You have the right to object to the creation of such user profiles; if you wish to exercise this right, you have to contact Google as the operator of YouTube.

For more information on the purpose and volume of the collection of data and their processing by Google, please consult this website: https://policies.google.com/privacy?hl=de#infosharing

The legal basis for the processing of your data is Art. 6 (1)(1)(a) GDPR. Consent via the consent banner.

Disable YouTube

16.2 Google Maps

1. On this website, we use the offer of Google Maps. In doing so, we can show you interactive maps directly on the website, thus enabling you to use the map function in a comfortable manner.
2. If you did not give your consent to the use of Google Maps in the consent banner and if you try to access Google Maps, you will be redirected to the consent banner for your release of the use.
   If you have given your consent to the use of Google Maps in the consent banner, Google will receive the information that you accessed the corresponding website of our online offer. In the process, Google Maps cookies will be stored on your computer and data could be transferred to Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA, as the Google ​Maps operator.
   This is made irrespective of whether Google provides a user account that you used to log in or whether there is no user account. If you are logged in with Google, your data will be assigned directly to your account. If you do not wish the assignment to your Google profile, you have to log out prior to activating the button. Google will store your data as user profiles and uses them for the purposes of advertising, market research and/or adequate configuration of its website. Such an evaluation is made in particular (even for users who are not logged in) in order to present adequate advertising and to inform other users of the social network of your activities on our website. You have the right to object to the creation of such user profiles; if you wish to exercise this right, you have to contact Google.
3. For more information on the purpose and the volume of the collection of data and their processing by the plug-in provider, please consult the privacy policies of the provider. There you will also receive additional information on your rights in this respect and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.
   The legal basis for the processing of your data is Art. 6 (1)(1)(a) GDPR. Consent via the consent banner.

Disable Google Maps

16.3 Web Fonts

We use external fonts of the company Monotype, 600 Unicorn Park Drive, Woburn, MA 01801 and Monotype GmbH, Werner-​Reimers-Strasse 2–4, 61352 Bad Homburg (Monotype). The incorporation of these web fonts is made by way of a server call, which is generally a server of Monotype in the European Union. In doing so, information is transferred to the server as to which of our websites was visited. This is required for invoicing (licence model). The collected data are used for invoicing purposes only and will not be passed on to any third party. For more information, please consult the data protection information of Monotype, which you can access here: https://www.monotype.com/legal/privacy-policy

The legal basis for the processing of your data is Art. 6 (1)(1)(f) GDPR. Legitimate interest of the website operator.
(uniform display on all devices and browsers as well as short loading times)

16.4 Fast Fonts

Type and scope of processing
We use Fast Fonts of Monotype Imaging Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA, as a service to provide fonts for our online offering. To obtain these fonts, connect to servers from Monotype Imaging Inc., transferring your IP address.

Purpose and legal basis
The use of Fast Fonts is based on our legitimate interests, i.e. interest in a uniform provision and the optimization of our online offer in accordance with Art. 6 sec. 1 lit. f. GDPR.

Storage time
The actual storage time of the processed data is not influenced by us, but is determined by Monotype Imaging Inc.. For more information, see the privacy policy for Fast Fonts: https://www.monotype.com/legal/privacy-policy.

16.5 Crazy Egg

This website uses the web analysis service “Crazy Egg” from Crazy Egg Inc. USA to collect statistical data on the use of the elobau website. With the help of Crazy Egg Inc. technologies, user information is collected and transmitted to the Crazy Egg Inc. servers. If personal data is processed in this process, this is done in accordance with Art. 6 para. 1 lit. f of the German Data Protection Act (DSGVO) on the basis of elobau’s legitimate interest in the statistical analysis of user behaviour for optimisation purposes.

The technology makes it possible to collect, analyse and visualise the activities of users during their visit to the elobau website. For example, elobau has the option of using a “heat map” to identify which areas of the website are visited and clicked on the most. Cookies are also used for this purpose. Users can object to the collection and storage of data by Crazy Egg Inc. by making certain settings in their browser: https://www.crazyegg.com/opt-out. The purpose and scope of the data collection and the further processing and use of the data by Crazy Egg, as well as users’ rights in this regard and settings options for protecting their privacy, can be found in the data protection information of Crazy Egg, Inc. USA at https://www.crazyegg.com/privacy.

Disable Crazy Egg

16.6 LinkedIn

This website uses LinkedIn Insights Tag, a tool from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For this purpose, the LinkedIn Insight tag is integrated on our website and a cookie is set on your device by LinkedIn. LinkedIn is informed that you have visited our website and your IP address is collected. Timestamps and events such as page views are also stored. This enables us to statistically evaluate the use of our website in order to constantly optimize it. We learn, for example, which LinkedIn ad or interaction on LinkedIn brought you to our website. This allows us to better control how our ads are displayed.

For more information on Conversion Tracking, see https://www.linkedin.com/help/linkedin/answer/67595/linkedin-conversion-trackingubersicht. Please be aware that LinkedIn’s data can be stored and processed so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. For more information, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy. You can prevent LinkedIn from analyzing your usage behavior and from displaying interest-based recommendations at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

16.7 Facebook Pixel

We use Facebook’s Facebook pixel on our website. For that, we have implemented a code on our website. The Facebook pixel is a segment of a JavaScript code, which, in case you came to our website via Facebook ads, loads an array or functions that enable Facebook to track your user actions. For example, if you buy a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to match your user data (customer data such as IP address, user ID) with the data of your Facebook account. After that, Facebook deletes your data again. The collected data is anonymous as well as inaccessible and can only be used for ad placement purposes. If you are a Facebook user and you are logged in, your visit to our website is automatically assigned to your Facebook user account.

We exclusively want to show our products or services to persons, who are interested in them. With the aid of the Facebook pixel, our advertising measures can get better adjusted to your wishes and interests. Therefore, Facebook users get to see suitable advertisement (if they allowed personalised advertisement). Moreover, Facebook uses the collected data for analytical purposes and for its own advertisements.

In the following we will show you the cookies, which were set on a test page with the Facebook pixel integrated to it. Please consider that these cookies are only examples. Depending on the interaction that is made on our website, different cookies are set.

Name: _fbp
Value: fb.1.1568287647279.257405483-6311829507-7
Purpose: Facebook uses this cookie to display advertising products.
Expiration date: after 3 months

Name: fr
Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf.
Purpose: This cookie is used for Facebook pixels to function properly.
Expiration date: after 3 months

Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062311829507-3
Value: Name of the author
Purpose: This cookie saves the text and name of a user who e.g. leaves a comment.
Expiration date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
Value: https%3A%2F%2Fwww.testseite…%2F (URL of the author)
Purpose: This cookie saved the URL of the website that the user types into a text box on our website.
Expiration date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
Value: email address of the author
Purpose: This cookie saves the email address of the user, if they provided it on the website.
Expiration date: after 12 months

Note: The above-mentioned cookies relate to an individual user behaviour. Moreover, especially concerning the usage of cookies, changes at Facebook can never be ruled out.

If you are registered on Facebook, you can change the settings for advertisements yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can manage your user based online advertising at https://www.youronlinechoices.com/uk/your-ad-choices. You have the option to activate or deactivate any providers there.

We would like to note, that according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing is done mainly through Facebook Pixel. This may lead to data not being anonymously processed and stored. Furthermore, US government authorities may get access to individual data. The data may also get linked to data from other Facebook services you have a user account with.

If you want to learn more about Facebook’s data protection, we recommend you the view the company’s in-house data policies at https://www.facebook.com/policy.php.

§17 Security Information

We secure our website and other IT systems by way of adequate technical and organisational measures against loss, destruction, unauthorised access, unauthorised alteration or unauthorised distribution of your data. In practice, however, absolute protection against all risks is not possible in every case despite the highest level of caution. Due to the fact that in communications via email we cannot guarantee complete data security, we recommend sending confidential information by post.

§18 WordPress

We use WordPress as the content management system for our website. WordPress uses functional (necessary) cookies to ensure the login process for editors and administrators.

In particular, in case of the attempt of logging in to the administration surface of WordPress, a cookie is placed known as wordpress_test_cookie. That cookie is used for the active session only and is erased once you close the browser.

The cookie is not used to evaluate users.

The legal basis is Art. 6 (1)(f) GDPR (legitimate interest: ensuring the login process).

§19 Modifications of this Data Protection Information

If required, please obtain information about this Data Protection Information, in particular, if you disclose personal data.

Revision of: 1st April 2021

Edit consent settings