Data Protection Policy.

Privacy Policy

I.          Name and address of the data controller as well as that of the privacy policy officer

The controller within the meaning of the basic privacy policy regulation and other national data privacy protection laws of the member states as well as other data privacy protection regulations is:

 

EZcon Network GmbH

Röntgenstraße 19

73431 Aalen

Managing Directors: Erwin Ziegler, Matthias Brenner

Email: info@ezcon.de

 

Data privacy policy controller:

Tel.: +49 7361 37056 0

Email: datenschutz@ezcon.de

 

II. General information about the current data processing

1. Scope of the private policy process

As a matter of principle, we collect and make use of our users’ private data only to the extent that this is necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception applies only in cases where obtaining prior consent is not possible for factual reasons or where unreasonable effort is involved, yet the processing of the data is permitted by legal stipulations.

2. Legal basis for the processing of the private policy

To the extent that we obtain the consent of the data subject for processing operations involving personal data, Article 6 Par. 1 lit. a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

 

When processing personal data that is necessary for the performance of a contract to which the concerned person is part of the contractual party, Art. 6 Par. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

 

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 Par. 1 lit. c) GDPR serves as the legal basis.

 

In the event that vital interests of the concerned person or another natural person make it necessary to process personal data, Art. 6 Par. 1 lit. d) GDPR serves as the legal basis.

 

If the processing is necessary to protect legitimate interests of our company or that of a third party and the interests, fundamental rights and freedom of the concerned person do not override the former interest, Art. 6 Par.1 lit. f) GDPR serves as the legal basis for the processing.

3. Data deletion and storage period

The personal data regarding the concerned person shall be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been stipulated by the European or national legislator in Union law regulations, or other provisions to which the concerned person is subject. Blocking or deletion of data also takes place when a storage period prescribed by the aforementioned standards expires, provided that there is a need for further storage of the data for the conclusion or fulfillment of a contract.

III. Automated Data collection via Log Files

4. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:

 

(1) Information about the type of browser and the version used

(2) User’s operation system

(3) User’s Internet-Service-Provider

(4) Anonymized user’s IP-Address

(5) Date and time of access

(6) Websites from which the user’s system accesses our Internet site

 

The data is also stored in our system’s logfiles. Storage of this data together with other personal user data does not occur.

 

5. Legal basis for data processing

 

The legal bases for the temporary storage of the data and the logfiles is done in accordance with Art. 6 Par. 1 lit. f) GDPR.

6. Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR. An evaluation of the data for marketing purposes does not take place in this context.

7. Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, then the respective data is deleted as soon as session has ended. In the case of data storage in log files, then the data will be deleted after seven days at the latest. Storage beyond this period is possible. Nevertheless, the IP addresses of the users are deleted or modified, so that an allocation of the calling client is no longer possible.

8. Objection and elimination possibility

The collection of data for the provision of the website and the storage of the data in log files is imperative for the operation of the website. Consequently, there is no possibility of objection on the user’s side.

IV. Use of Cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole, more user-friendly and effective, i.e. more convenient for you.

Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user.

A distinction is made between transient (session) cookies, which are deleted as soon as you close your browser, and persistent (permanent) cookies, which are stored beyond the individual session.

 

With regard to their function, cookies are again distinguished between:

 

– functional cookies: these are necessary to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited; nevertheless, data such as the user's IP address may also be collected via such cookies;

 

– Performance or tracking cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they generally do not collect information that could directly identify you - however, identification of cross-page user profiles cannot be ruled out. The information collected is used to improve the website and to find out what users are interested in;

 

– Advertising cookies, targeting cookies: These are used to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months.

 

b) Which of these cookies are used on our website?

 

We use functionally necessary cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. In addition, we use such cookies to protect the website from attacks by third parties. For example, a cookie ensures browsing security for visitors by preventing so-called "cross-site request forgery". This cookie is therefore essential for the security of the website and the website user.

 

However, we also use analysis cookies from the service provider Google on our website, which enable an analysis of the user's surfing behavior. Further detailed information is provided under chapter “V”. of this data protection declaration.

 

When calling up our website, users are informed by an info banner about the use of cookies and a consent is obtained to the processing of personal data used in this context. For this purpose, we use the consent tool from Cookiebot. Further information about its function and which data is processed by this function can be found in this data protection declaration under chapter “VI”.

 

c) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary functional cookies is Art. 6 para. 1 lit. f GDPR.

Any use of cookies that is not absolutely technically necessary, constitutes data processing that is only possible with the express and active consent of the user. The legal basis for the processing of personal data using cookies that are not technically necessary, such as analysis cookies or non-mandatory functional user cookies, is stated in Art. 6 para. 1 lit. a GDPR.

d) Data processing purpose

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. Therefore, it is necessary that the browser is recognized even after a page change. Furthermore, the use of these cookies ensures security on the website. The legal basis as well as our legitimate interest in processing personal data is stated in Art. 6 para. 1 lit. f GDPR. The user data collected through technically necessary cookies are not used to create user profiles.

The use of the analysis cookies, on the other hand, is for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

e) Duration of Data retention, right to oppose and disposal

Transient cookies are automatically deleted when you close the browser. These include in particular the technically necessary session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies, which usually include the analysis cookies, are automatically deleted after a predefined duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.

 

f) Cookie Policy Reference

For more information about which cookies we use, how long they are stored and how you can manage your cookie settings and disable certain types of tracking, please see our Cookie Consent Tool [Link zu Cookie-Consent Tool].

V. Google Analytics

The website uses, subject to your consent, functions of the web analytics service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.  Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website, such as.

-           Browser-Typ/-Version,

-           operating system used,

-           Referrer-URL (the previously visited page),

-           Host name of the accessing computer (IP-address),

-           time of the server request,

 

are usually transferred to a Google server in the USA and stored there. Google Analytics cookies are only stored with your consent and therefore according to the legal basis stated in Art. 6 para. 1 lit. a GDPR.

 

9.      IP Anonymization

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities and providing other services relating to website activities and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Consent to data collection, opposal.

 

You can consent to the collection of your data by Google Analytics or revoke a previously given consent by clicking on the following link:

 

Link auf Cookie-Consent Tool (Cookiebot)

 

In this context, you will also receive further information about the scope and purpose of the cookies used.

 

You may oppose the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. You can also generally prevent the collection of data generated by cookies and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin is available under the following link:

 

https://tools.google.com/dlpage/gaoptout?hl=de.

 

Further information on how the user data is dealt with at Google Analytics is available under the following link:

 

https://support.google.com/analytics/answer/6004245?hl=de

 

VI.     Usage of the Consent- Tools „Cookiebot“

The Consent platform "Cookiebot" tool from Usercentrics GmbH

Sendlinger Straße 7, 80331 Munich is used by us. The consent tool enables us to obtain and manage the necessary consent of website users for data processing. The processing is necessary for the fulfillment of a legal obligation to which we are subject (Art. 6 para. 1 p. 1 lit. c GDPR). Therefore, the following data is processed with the help of cookies used:

 

-Your IP-address (the last three digits are set to “0”).

-Date and time of the consent.

-Browser information and URL, from which the consent was sent.

-An anonymous, and encrypted code that assigns the consent status of the end user as poof of consent.

 

The key and consent status are stored for 12 months in the browser using the cookie "CookieConsent". This preserves your cookie preference for subsequent page requests. With the help of the key, their consent can be proven and tracked.

 

If you enable the service function "Collective Consent" to enable consent for multiple websites through a single end-user consent, the service additionally stores a separate, random, unique ID with your consent. If all of the following criteria are met, this key is stored in the third-party cookie "CookieConsentBulkTicket" in your browser and in encrypted form: you enable the collective consent feature in the service configuration. You allow third-party cookies via browser settings. You have disabled "Do not track" via browser settings. You accept all or at least certain types of cookies when you give your consent. The functionality of the website is not guaranteed without this process.

 

The processing takes place in the European Union. You can find more information about objection and removal options at:

 

https://www.cookiebot.com/de/privacy-policy/

 

Your personal data will be deleted continuously after 12 months or immediately after the termination of the contract between us and Usercentrics.

 

Please refer to our general explanations about the deletion and deactivation of cookies stated above.

VII.   Usage of jQuery CDN

We use jQuery CDN services on our website, services from JSFoundation, Inc., Attn: Privacy Office, 1 Letterman Drive, San Francisco, CA 94129, USA.

 

jQuery is a fast, small and full featured JavaScript library that helps us to deliver our website as fast as possible to the calling device, i.e., to load and display the website as fast as possible even with large amounts of data or workloads.

 

The content delivery network provided by JQuery for this purpose consists of a large number of regionally distributed and interconnected servers located in various countries, some of which are outside the EU or in the USA.

When you visit our website, a direct connection between your browser and the servers of jquery is established by the JavaScript code integrated in our website. Jquery thereby receives the information with which IP address you visit our site. This is necessary to ensure the previously mentioned data transfer.

 

If you have consented to the use of the jQuery service, Art. 6 para. 1 lit a DSGVO is the legal basis for the data collection.

 

The JavaScript library of jquery is used as an appealing and fast way of presenting our online offers. Therefore, it also represents a legitimate interest according to Art. 6 para. 1 lit. f GDPR.

 

You have the right to revoke your previously given consent to the use of the JavaScript library. This can be done via our provided Consent- Tool .

 

Furthermore, you have the option to oppose to the use of Javascripts by installing a so-called Javascript blocker. Furthermore, it is possible to block the execution of JavaScript in the settings of your browser. These measures may, however, lead to a delay in the loading of our website.

 

More information about how the user data is used, can be found in the JSFoundation’s privacy policy at: https://js.foundation/about/governance/privacy-policy

 

VIII.         Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

 

The purpose of reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website.

 

The analysis is done when reCAPTCHA evaluates various information. The data collected during the analysis is forwarded to Google.  Personal data is considered as follows:

  • IP-Address
  • Date
  • Complete screenshot of the browser’s window
  • Referrer URL (the addressof the page where the visitor comes from)
  • Browser PlugIns
  • Information about the operating system (Windows, Linux, iOS)
  • Cookies if applicable (other Google-Cookies from the last 6 months)
  • CSS Information of the page
  • Mouse movements and keyboard strokes
  • Dwell time
  • User device settings (e.g. language settings, sites, Browser etc.)

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.

 

The data processing is based on Art. 6 para. 1 lit. f GDPR. As a website operator, we have a legitimate interest in protecting our web offers from abusive automated spying and SPAM.

 

For more information about Google reCAPTCHA and Google's privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

 

IX.          Contact form and e-mail contact

10. Description and scope of data processing

A contact form is available on our website, which can be used as a form of electronic contact. Among other things, it is possible to contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the communication.

11. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR as far as an explicit consent has been given by the user.

 

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

12. Data processing aim

The processing of personal data serves us solely to process your contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

13. Duration of Data retention

The data is deleted as soon as it is no longer required for the purpose for which it was collected. Personal data from the input mask of the contact form and that sent by e-mail, this is the case when the respective conversation with the user has ended. The data retention ends when it is clear from the circumstances that the matter in question has been conclusively clarified.

 

The additional personal data collected during the dispatch process will be deleted after a period of seven days at the latest.

14. Objection and deletion possibility

The user has the option to revoke his/her consent to the processing of personal data at any time. If the user contacts us by e-mail, he/she can object to the storage of his/her personal data at any time. In such a case, the business relationship cannot be continued, and all personal data stored in the course of contacting us will be deleted.

X.       Data subject rights

If your personal data is processed, you are considered as data subject according to the GDPR and you have the following rights in regard to the responsible party:

15. Disclosure rights

You may request confirmation from the responsible party as to whether your personal data is being processed by them.

Should this be the case, you can request feedback from the responsible party regarding following information:

(1)       the reason why your personal data is being processed;

(2)       the type of personal data that is being processed;

(3)       to whom and what type of personal data has been or will be disclosed;

(4)       the planned retention duration of your personal data or, if concrete information on this is not possible, criteria for the determination of the storage duration;

(5)       the existence of a right to obtain or erase personal data concerning your person, a right to restrict the processing by the responsible party or a right to object to such a processing;

(6)       the existence of a right of petition to a supervisory authority;

(7)       any available information on the origin of the data, if the personal data are not collected from the data subject;

(8)       the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - relevant information about the logic involved as well as the scope and intended effects of such processing for the respective person.

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR regarding the transmission of the data.

16. Right of rectification

You have a right of rectification and/or completion, if the processed personal data concerning your person are inaccurate or incomplete. The responsible party shall carry out the rectification without undue delay.

17. Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

(1)       if you contest the accuracy of the personal data concerning you for a period enabling the responsible party to verify the accuracy of the personal data;

(2)       the processing is illegitimate, and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data;

(3)       the controller no longer needs the personal data for the purposes of processing, but you need them for the implementation, execution, or prevention of legal claims, or

(4)       if you have objected to the processing pursuant to Art. 21 (1) of the GDPR and it has not yet been determined whether the legitimate claims of the controller are overridden by your claims.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the implementation, execution, or prevention of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the EU or a member state.

If the restriction of processing has been imposed in accordance with the above conditions, you will be informed by the responsible party before the restriction is lifted.

18. Right of deletion

g)        Deletion

You may request the responsible part to delete the personal data concerning you without undue delay, and the responsible party shall be obliged to delete such data without undue delay, if one of the following reasons applies:

(1)       The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2)       You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a GDPR and there is no other legal basis for the processing.

(3)       You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

(4)       The personal data concerning you have been processed illegally.

(5)       The deletion of the personal data concerning you is necessary for compliance with a legal obligation under EU or member State law to which the responsible party is subject.

(6)       The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

h)       Information to third parties

If the responsible party has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take suitable measures, including technical measures, considering the available technology and the cost of implementation, to inform data responsible party which process the personal data that you, as the data subject, have requested to be erased, such as links to or copies or replications of such personal data.

i)          Exceptions

The right to delete does not exist insofar as the processing is necessary to

(1)       to exercise the right of freedom of expression and information;

(2)       for compliance with a legal obligation which requires processing under EU or member State law to which the responsible party is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party;

(3)       for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;

(4)       for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

(5)       for the implementation, execution, or prevention of legal claims.

1.      Right to information

If you have the right to rectification, deletion or restriction of processing against the responsible party, the responsible party is obliged to communicate this rectification or deletion of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the responsible party.

2.      Right to data portability

You have the right to receive your personal data which you have provided to the responsible partyr in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to another party without hindrance by the responsible party to whom the personal data was provided, provided that:

(1)       the processing is based on consent pursuant to Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or on a contract pursuant to Art. 6 (1) b GDPR and

(2)       the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one party to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party.

3.      Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The responsible party shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, as far as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.

4.      Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

5.      Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.