Privacy


Privacy Information

Our privacy information is structured as follows:

A. General Information

  1. Controller
  2. Disclosure of Data to Third Parties
  3. Retention Period
  4. Your Rights


B. Supplementary Information on Data Processing When Visiting the Website, Contacting Us, and for Advertising Purposes

  1. Access to Our Websites and Server Log Files
  2. Cookies for Website Provision
  3. Contact
  4. Advertising Activities


C. Supplementary Information on Data Processing on Our Social Media Company Pages

  1. General Information on Company Pages, Legal Basis
  2. Agreements Pursuant to Art. 26 GDPR

For the sake of better readability, the simultaneous use of male and female language forms is omitted. All designations apply to all genders.

A. General Information

1. Controller

The controller responsible for processing personal data is:

Engelhardt Kaupp Kiefer & Co. Management GmbH
Marienstr. 39
70178 Stuttgart
Phone: +49 711-518 764 00
Fax: +49 711-518 764 01
Email: info@ekkco.de

Contact details of the company's data protection officer:

OBSECOM GmbH
Königstr. 40
70173 Stuttgart
Germany
Phone: +49 711 / 4605025-40
Fax: +49 711 / 4605025-49
E-Mail: ekkco@obsecom.eu
Webseite: https://www.obsecom.eu

2. Disclosure of Data to Third Parties

Your personal data is only disclosed to third parties insofar as data protection law allows such disclosure, in particular, if you have consented to it (Art. 6(1)(a) GDPR) or if disclosure is necessary for the performance of a contract (Art. 6(1)(b) GDPR). Categories of authorized and contractually bound service providers who are not permitted to use the data for other purposes include: providers for the maintenance and hosting of the website.

3. Retention Period

Personal data processed by us is stored for as long as necessary for the respective purpose, especially for the processing of requests and orders. After that, personal data is deleted. Extended storage is possible if you have given your consent pursuant to Art. 6(1)(a) GDPR or if we are legally obligated to store the data (e.g., in accordance with commercial code and tax code, which require storing business-related documents for ten years and other business letters for six years) (Art. 6(1)(c) GDPR).

4. Your Rights

4.1. Deactivation and Deletion of Cookies

When you visit our website, cookies may be stored on your device. You can deactivate the storage of cookies on your device in your browser settings. Furthermore, you can delete previously stored cookies at any time using your browser settings. Please note that disabling cookies may limit the functionality of our website.

4.2. Right of Withdrawal

Some of the processing operations described in these data protection information are based on your consent. You can withdraw your consent for these processing operations at any time with future effect by notifying us at the contact information provided above.

4.3. Right to Object

You have the right to object at any time to the processing of your personal data for direct marketing purposes or for processing based on Art. 6(1)(e) or (f) GDPR. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

4.4. Right of Access, Correction, Deletion, and Restriction of Processing and Data Portability

You have the right, under the conditions set out in Art. 15 to 20 GDPR, to obtain information free of charge about the personal data we store about you, to have incorrect data corrected, to have data deleted or processing restricted, and to have your personal data transferred. In some cases, we cannot delete user data due to legal retention requirements.

4.5. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates data protection laws.

B. Supplementary Information on Data Processing When Visiting the Website, Contacting Us, and for Advertising Purposes

1. Access to Our Websites and Server Log Files

To access our websites and display them correctly on your device, your browser automatically sends data requests to our servers. Each data request sent by your browser includes, among other things, this information: (dynamic) IP address, browser type and version, operating system and version, accessed domain, previously visited website, and date and time of access. The data requests made by your browser are automatically stored in so-called "server log files." The data processing described is absolutely necessary to ensure the availability and correct display of our websites on your device. In addition, cyberattacks can be detected based on the log files, ensuring the availability of our websites (Art. 6(1)(b) GDPR).

2. Cookies for Website Provision

When you open our website, cookies, i.e., small text files, may be stored on your device: – pll_language: Sets the language in which the website is displayed; storage period is 1 year; third parties cannot access the processed data. Storing cookies on your device is absolutely necessary to provide our website (§ 25 para. 2 no. 2 TTDSG).

3. Contact

We collect personal data that you provide us with when you contact us. The processing of this data is based on Art. 6 para. 1 sentence 1 lit. b GDPR if it is necessary for the execution of a measure you requested. In all other cases, processing is based on our legitimate interest in effectively processing requests directed to us (Art. 6 para. 1 sentence 1 lit. f GDPR).

4. Advertising Measures

We have a legitimate interest in using your data for direct advertising purposes within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. You may object to the processing of your personal data for advertising purposes at any time in writing, by fax, by email, or by telephone, with effect for the future. Only transmission costs according to the basic tariffs will be incurred for the objection. The lawfulness of the data processing already carried out remains unaffected.

C. Supplementary Information on Data Processing on Our Social Media Company Pages

We operate a "company page" on these social media platforms: LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland In addition to our general information (see section A), we provide information here on data processing when visiting one of our company pages.

1. General Information on Company Pages, Legal Basis

As the operator of an online presence on a social media platform, we process personal data when you contact us directly through a personal message or via the public comment function on the platform. The data collected depends on the information you provide and the contact details you provide or make available. The processing of this data is based on Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as this is necessary to carry out a measure requested by you. In all other cases, the processing is based on our legitimate interest in effectively processing requests directed to us (Art. 6 para. 1 sentence 1 lit. f GDPR).

When visiting a company page, the respective platform operator ("provider") collects information that allows them to recognize users and comprehensively analyze user behavior. On the basis of the data collected, the provider of the social media platform can also create user profiles. If you are logged into your corresponding social media account when visiting a company page, the provider can also link this visit to your account.

Based on the data that we collect, the provider only provides us with an anonymized statistical evaluation of the use of our company page. This allows us to design our posts even more targeted in the future. We have a legitimate interest in collecting and processing this data to this extent. Furthermore, we have a legitimate interest in using as many communication options as possible to reach as many interested parties personally as possible. The legal basis for the data processing associated with the operation of a company page is Art. 6 para. 1 sentence 1 lit. f GDPR.

We do not pass on personal data that we collect through our company pages to third parties. However, we cannot influence or rule out that the providers mentioned transmit the data collected to third parties, especially to their partner companies, which may also be located in EU countries. Currently, many third countries outside the EU do not have a level of data protection equivalent to that of the EU.

You can exercise your data subject rights (see also section A.4) regarding the data processing through our company pages against us as well as against the respective provider. However, we would like to point out that these rights can be most effectively exercised with the respective provider, as only the provider has access to the user's data and can directly take appropriate measures and provide information.

Further information on data processing by the respective provider can be found at: LinkedIn: https://www.linkedin.com/legal/privacy-policy

2. Agreements under Article 26 GDPR

We have concluded an agreement under Article 26 GDPR with LinkedIn, which divides the data protection obligations arising from the operation of our company page between us and LinkedIn. LinkedIn has assumed the majority of data protection obligations, such as fulfilling the data subject rights under Article 12 et seq. GDPR, the obligation to maintain appropriate technical and organizational measures to protect the security of personal data, as well as the reporting and notification obligations in the event of a data protection breach. If you contact us regarding your data subject rights, we will immediately forward your request to LinkedIn in accordance with the agreement with LinkedIn.

Further information on the agreement between us and LinkedIn can be found at: https://www.linkedin.com/help/linkedin/answer/124838?lang=de https://legal.linkedin.com/pages-joint-controller-addendum