Created with Sketch.
Data Protection

Important information!

Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States, as well as other data protection regulations, is:

eck*cellent IT GmbH
Theodor-Heuss-Straße 2
38122 Braunschweig

Ph.: +49 (0)531/7022-2000
E-mail:
info@eckcellent-it.de
Website: www.eckcellent-it.de

Name and address of the data protection officer

The data protection officer of the data controller is:

Kämmer Consulting GmbH
Phone: 0531 70 22 49 0
E-mail: dsb-team@kaemmer-consulting.de

General information on data processing

1. Scope of the processing of personal data

We collect and utilise our users’ personal data only insofar as this is necessary to provide a functioning website, our content and our services. We regularly collect and use our users’ personal data, but only with the user’s consent. An exception applies in cases in which circumstances prevent us from obtaining prior consent and the processing of the data is permitted by law.

2. The legal basis for the processing of personal data

Insofar as we obtain consent to process personal data, Art. 6 (1)(a) General Data Protection Regulation (GDPR) serves as the legal basis for the processing of this data.

When processing the personal data required for the performance of a contract to which the data subject is a party, Art. 6 (1)(b) GDPR serves as the legal basis. This also applies to the processing necessary to implement pre-contractual measures.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1)(f) GDPR serves as the legal basis for processing.

3. Deletion and storage of data

The personal data of the data subject will be deleted or blocked as soon as the purpose for its storage no longer applies. In addition, the data may be stored if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the data controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations has elapsed, unless further storage of the data is necessary for the conclusion or fulfilment of a contract.

Provision of the website and the creation of log files

Every time our website is visited, our system automatically collects data and information from the computer system of the accessing computer.

In this context, the following data is collected:

  • the date and time of the request
  • the IP address, browser, operating system, desired access method/function, transmitted input values (e.g. URL, file name) of the requesting computer
  • the access status of the web server (file transferred, file not found, command not executed, etc.)

The data is also stored in our system’s log files. This data is not stored together with any other personal data pertaining to the user. The legal basis for the temporary storage of data and log files is Art. 6 (1)(f) GDPR.

The system needs to temporarily store the IP address to enable the website to be delivered to the user’s computer. To this end, the IP address of the user must be stored for the duration of the session. Our legitimate interest in data processing pursuant to Art. 6 (1)(f) GDPR also lies within these purposes.

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the data was collected in order to deliver the website, it will be deleted once the relevant session on our site ends.

However, it may be retained for a longer period. In this case, the user’s IP address will be deleted or distorted, so that the accessing client can no longer be identified.

The collection of data required to make the website available and the storage of the data in log files is essential for the operation of the website. Consequently, users have cannot object to its collection.

Use of cookies

Our website uses cookies. Cookies are text files that are stored within or by the internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.

When accessing our website, the user will be informed of the use of cookies for analytical purposes and we will obtain the user’s consent for the processing of the personal data used in this context. In this context we will also make reference to this privacy policy.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1)(f) GDPR.
 The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1)(a) DSGVO if the user has consented to this.

For this purpose, we, as the site operator, also have a legitimate interest in the processing of personal data in accordance with Art. 6 (1)(f) GDPR in order to ensure the technically error-free delivery of our website.

Cookies are stored on the user’s computer and transmitted by this computer to our site. The user, therefore, retains full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies which have already been saved may be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it is possible that you will no longer be able to use all of the features of the website.

Web analysis by Matomo/PIWIK

We occasionally use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software places a cookie on the user’s computer (see above for cookies). If individual pages of our website are accessed, the following data is stored:

  1. two bytes of the IP address of the user’s accessing system
  2. the website called up
  3. the website from which the user has called up the website accessed (the referrer)
  4. the sub-pages called up from the website that is accessed
  5. the time spent on the website
  6. the frequency with which the website is accessed

The software runs exclusively on the servers of our website. The personal data of users is only stored there. Data will not be disclosed to third parties. The software is set so that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). This renders attribution of the shortened IP address to the computer accessing the website impossible. The legal basis for the processing of users’ personal data is Art. 6 (1)(f) GDPR.

The processing of users’ personal data enables us to analyse the surfing behaviour of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and to make it more user-friendly. For these purposes, our legitimate interest lies in the processing of personal data according to Art. 6 (1)(f) GDPR. By anonymising the IP address, the user’s interest in protecting their personal data is sufficiently taken into account.

The data will be deleted as soon as it is no longer needed for our recording purposes. In our case, this will be after 180 days.

Cookies are stored on the user’s computer and transmitted by this computer to our site. The user, therefore, retains full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies which have already been saved may be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it is possible that you will no longer be able to use all of the features of the website.

We offer our users on our website the option of an opt-out from the analysis procedure. To do so, you must follow the corresponding link. By doing so, another cookie is placed on your system, which signals to our system not to store the user’s data. If the user deletes the corresponding cookie from their system in the meantime, they must set another opt-out cookie.

More information about the privacy settings of the Matomo software can be found under the following link: https://matomo.org/docs/privacy/.

Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (a borlabs cookie) to store your cookie consents. Borlabs Cookie does not process any personal data.

The borlabs cookie stores your consents that you gave when you entered the website. If you would like to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.

Facebook plug-ins

This website uses plug-ins from the provider Facebook.com that are provided by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304 in the USA. Users of our website, on which the Facebook plug-in (“Like” button) is installed, are hereby informed that the plug-in establishes a connection to Facebook, whereby there is transmission to your browser so that the plug-in appears on the website. Furthermore, data is forwarded to the Facebook servers through use, which contains information about your website visits to our homepage. For logged-in Facebook users, this means that the usage data is assigned to their personal Facebook account.

As soon as you are logged in to Facebook and actively use the Facebook plug-in (e.g. by clicking on the “Like” button or using the comment function), this data will be transferred to your Facebook account and published. You can only avoid this by logging out of your Facebook account. For further information regarding the use of data by Facebook, please refer to the data protection regulations on Facebook at http://de-de.facebook.com/policy.php.

Facebook fan page

We are supplementing our on-line presence in the social network Facebook, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), with a so-called “Facebook fan page”. This enables us to get in touch with active users, interested parties and customers and to be able to inform them about our companies. We and Facebook are joint data controllers for this data processing (Art. 26 (1) GDPR). This was specified in the so-called “Page Insights supplement regarding the data controller”. This agreement can be viewed at https://www.facebook.com/legal/terms/page_controller_addendum.

We statistically evaluate how you use our fan page. We receive statistics from Facebook about the use of our fan page, the so-called “Facebook Insights”. These statistics do not, however, contain any personal data. We are also unable to view or request any personal data.

With the help of the statistics, we can adapt and improve our fan page according to user needs. In order to make these statistics possible, cookies are usually stored on the terminal device you are using. The content of these cookies includes your usage behaviour and the interests of users are stored. The cookie set when you open our fan page recognises you and makes it easier to use our fan page. According to Facebook, this cookie and the data it collects will be deleted or anonymised within 90 days.

The basis of the processing of your personal data during your visit to our fan page is our legitimate interest in accordance with Art. 6 (1)(1)(f) GDPR in informing users and communicating with users.
 The processing of the data may also take place outside the EU, as some Facebook servers are also located in the USA.

In the agreement we concluded with Facebook, it was stipulated that Facebook is mainly responsible for the processing of the Insights data. In addition, Facebook is responsible for fulfilling the information obligations under Art. 13 and 14 GDPR and for safeguarding your rights as a data subject. You can claim your rights as a data subject pursuant to Art. 12 et seq. GDPR, the right to deletion pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR and your right to information pursuant to Art. 15 GDPR via https://www.facebook.com/about/privacy.

Further information on the processing and use of the data can be found under https://www.facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/information_about_page_insights_data. On these pages you will also find other ways to protect your privacy.

Twitter account

We are adding a Twitter account to our on-line presence on the social network Twitter, which is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland (“Twitter”). This enables us to get in touch with active users, interested parties and customers and to be able to inform them about our companies. We process your data via this account. Although we do not collect your data via your Twitter account, we process data published by you, such as your user name, shared content (possibly also re-tweets), your answers and reactions to our tweets. This allows our published content to be made accessible to your followers.

The basis for the processing of your personal data during your visit to our Twitter account is our legitimate interests pursuant to Art. 6 (1)(1)(f) GDPR in informing users and communicating with users. The processing of the data may also take place outside the EU, as some Twitter servers are also located in the USA.

For the exercise of information or other user rights, we would like to point out that these inquiries should be addressed directly to Twitter. Only Twitter has access to the data stored and can provide you with the appropriate information and take further measures.
Further information on the processing and use of the data can be found at https://twitter.com/de/privacy. On these pages you will also find other ways to protect your privacy.

Instagram account

We are supplementing our on-line presence on the social network Instagram, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), with a so-called “Instagram profile”. This enables us to get in touch with active users, interested parties and customers and to be able to inform them about our companies. We and Facebook are joint data controllers for this data processing (Art. 26 (1) GDPR). This was specified in the so-called “Page Insights supplement regarding the data controller”. This agreement can be viewed at https://www.facebook.com/legal/terms/page_controller_addendum.

We statistically evaluate how you use our Instagram profile. We receive statistics from Facebook about the use of our profile, the so-called “Insights”. These statistics do not, however, contain any personal data. We are also unable to view or request any personal data.

With the help of the statistics, it is possible for us to adapt and improve our profile according to user needs. In order to make these statistics possible, cookies are usually stored on the terminal device you are using. The content of these cookies includes your usage behaviour and the interests of users are stored. The cookie set when you open our profile has the purpose of recognising you again and simplifying the use of our profile. According to Facebook, this cookie and the data it collects will be deleted or anonymised within 90 days.

The basis of the processing of your personal data during your visit to our profile is our legitimate interest in accordance with Art. 6 (1)(1)(f) GDPR in informing users and communicating with users. The processing of the data may also take place outside the EU, as some Facebook servers are also located in the USA.

In the agreement we concluded with Facebook, it was stipulated that Facebook is mainly responsible for the processing of the Insights data. In addition, Facebook is responsible for fulfilling the information obligations under Art. 13 and 14 GDPR and for safeguarding your rights as a data subject. You can claim your rights as a data subject pursuant to Art. 12 et seq. GDPR, the right to deletion pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR and your right to information pursuant to Art. 15 GDPR via https://www.facebook.com/about/privacy.

For more information on the processing as well as the use of the data, please refer to https://help.instagram.com/519522125107875 and to https://www.facebook.com/legal/terms/information_about_page_insights_data.
 At https://help.instagram.com/196883487377501 you will also find other ways to protect your privacy.

LinkedIn

We are supplementing our on-line presence on the social network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). This enables us to get in touch with active users, interested parties and customers and to be able to inform them about our companies. When you visit our LinkedIn page, LinkedIn will collect your IP address and other information available on your computer in the form of cookies. This data may be transferred to countries outside the EU in certain circumstances.

To what extent LinkedIn processes further data about your visit, such as comments and other activities on the platform, is not known to us. If you are logged in as a user on LinkedIn at the time of visiting our profile, it is possible for LinkedIn to track that you have visited our profile. This also applies to other activities related to our profile.

The basis of the processing of your personal data during your visit to our profile is our legitimate interest in accordance with Art. 6 (1)(1)(f) GDPR in informing users and communicating with users. The processing of the data may also take place outside the EU, as some LinkedIn servers are also located in the USA. LinkedIn has joined the “Privacy Shield” in order to ensure an adequate level of protection. If data is transferred to LinkedIn, which is based in the USA, this is based on Art. 45 GDPR. Further information on the processing and use of the data can be found at: https://www.linkedin.com/legal/privacy-policy

YouTube

Our website uses plug-ins from YouTube to integrate and display video content. The video portal is provided by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you open a page with an integrated YouTube plug-in, a connection to YouTube’s servers is established. This will tell YouTube which of our pages you have visited. YouTube can associate your browsing behaviour directly with your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand. YouTube is used in the interests of making our on-line presence attractive. This represents a legitimate interest within the meaning of Art. 6 (1)(f) GDPR.

Further information about the handling of user data can be found in YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy.

Rights of the data subject

You shall receive information at any time free of charge (Art. 15 GDPR) about the personal data stored by us about you, as well as the origin, recipient and purpose of the data processing. In addition, you have the right to request the correction (Art. 16 GDPR), blocking (Art. 18 GDPR) or deletion (Art. 17 GDPR) of your data. This does not include data which has been kept due to legal provisions or is required for the orderly settlement of business transactions. You have the right to object to the processing of your data (Art. 21 GDPR) and the right to data portability (Art. 20 GDPR). You have the right at any time to revoke your data protection declaration of consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the point of revocation.

The right to file a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular, in the member state containing your residence, place of work or the location of the purported violation, if you believe that the processing of your personal data violates the GDPR. The supervisory authority with which the complaint is filed shall inform the complaining party of the status and results of the appeal, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.