1. Terms and Definitions
a) Personal Data
Personal Data is any information relating to an identified or identifiable natural person (hereafter “data subject”) A natural person is considered to be identifiable if it can be identified directly or indirectly, in particular by association with an identifier such as name, identification number, location data, an on-line identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) Data Subject
Data Subject is any identified or identifiable natural person whose personal data is processed by the data controller.
Processing means any process executed with or without help of automated methods or any series of operations related to personal data such as collecting, recording, organizing, sorting, storing, adapting or modifying, reading out, querying, using, disclosure through submission, dissemination or any other form of provision, the adjustment or linking, restriction, erasure or destruction.
d) Restriction of Processing
Restriction of Processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any type of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, place of residence or relocations.
Pseudonymization is the processing of personal data in such a way that personal data can no longer be assigned to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to any identified or identifiable natural person.
g) Data Controller
Data Controller is the natural or legal person, public authority, agency or other facility which alone or jointly with others decides the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union Law or the law of other member states the data controller or the specific criteria for his designation may be designated in accordance with union or national law.
Processor is a natural or legal person, public authority, agency or other facility that processes personal data on behalf of the data controller.
Recipient is a natural or legal person, public authority, agency or other facility to whom or which personal data are disclosed, whether or not that person is third party. However, authorities which may receive personal data in context of a particular investigation mandate under Union law or the law of other member states shall not be considered as recipients.
j) Third Party
Third Party is a natural or legal person, public authority, agency or other facility, other than the data subject, the data controller, the processor and the persons authorized to process personal data under the direct responsibility of the data controller or the processor.
Consent is any executed declaration of intention made by the data subject voluntarily and unequivocally for this particular case in form of a statement or other unequivocal confirmatory act indicating that the data subject consents to the processing of its personal data.
2. Name and Address of the Data Controller
Data Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions with a data protection character is:
E.I.S. Electronics GmbH
Telephone: +49 471-9455-0
Fax: +49 471-9455-190
E-Mail: datenschutz at eis-electronics.de
3. Name and Address of the Data Protection Official
The Data Protection Official responsible for the data controller can be reached:
- by phone: +49 471 9869320
- by e-mail: firstname.lastname@example.org
Each data subject can contact our Data Protection Official directly at any time with any questions or suggestions regarding data protection.
The data subject can prevent the setting of cookies through our website at any time by means of an appropriate setting of the internet browser used and thus permanently contradict the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.
5. Collecting of general data and information
The website of E.I.S. Electronics GmbH collects a series of general data and information with each access to the website by a data subject or an automated system. This general data and information is stored in the log files of the server. It can be recorded (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our Website, (6) an Internet Protocol (IP) address, (7) the internet service provider of the accessing system and (8) other similar data and information used to avert dangers in the event of attacks on our information technology system.
By /using this general data and information, E.I.S. Electronics GmbH does not draw any conclusions about the data subject. Rather this information is needed to (1) correctly deliver the content of our website, (2) optimize the content and advertising of our website, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in case of a cyber-attack. E.I.S. Electronics GmbH therefore evaluates this anonymously collected data and information both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.
6. Contact possibilities via the website
Due to legal regulations, the website of E. I. S. Electronics GmbH contains information that enables rapid electronic contact with our company and direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data voluntarily transmitted to the data controller by a data subject are stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
7. Sending out newsletters to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by e-mail. In accordance with Section 7 (3) UWG, we do not need to obtain separate consent from you for this. In this respect, data processing takes place solely on the basis of our legitimate interest in personalized direct mail in accordance with Art. 6 Para. 1 lit. f DSGVO. If you have initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the person responsible named at the beginning. For this you only have to pay transmission costs according to the basic tariffs. After receipt of your objection, the use of your e-mail address for advertising purposes will be stopped immediately.
8. Our activities in social networks
So that we can communicate with you in social networks and provide information about our services, we are represented there with our own pages.
We are not the original provider (responsible) of these pages, but only use them within the scope of the possibilities offered by the respective provider. As a precaution, we therefore point out that your data may also be processed outside the European Union or the European Economic Area. Use can therefore have data protection risks for you, as it can be more difficult to safeguard your rights, e.g. to information, deletion, objection, etc. and the processing in the social networks often takes place directly for advertising purposes or to analyze user behavior by the provider without this can be influenced by us. If the provider creates user profiles, cookies are often used or the user behavior is assigned directly to your own member profile of the social networks (provided you are logged in here).
The described processing of personal data is carried out in accordance with Art. 6 para 1 lit. f DSGVO on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a contemporary manner or to inform you about our services can. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 para. 1 lit. a DSGVO in conjunction with Art. 7 DSGVO.
As we have no access to the data stocks of the providers, we would like to point out that it is best to apply your rights (e.g. to information, correction, deletion, etc.) directly to the respective provider. We have listed further information on the processing of your data in the social networks and the possibility of making use of your right of objection or revocation (so-called opt-out) from the respective social network provider we use:
a) Facebook Responsible for data processing in Europe: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland
Opt-out and advertising settings: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Facebook is joined to the EU-U.S.Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
b) Google+ / YouTube
Responsible for data processing: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Data protection: https://policies.google.com/privacy
Opt-out and advertising settings: https://adssettings.google.com/authenticated
Google is joined to the EU-U.S. Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Responsible for data processing in Europe: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Data protection: https://www.linkedin.com/legal/privacy-policy
Opt-out and advertising settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
LinkedIn is joined to the EU-U.S. Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
d) XING Responsible for data processing in Germany: XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany
Data protection: https://privacy.xing.com/de/datenschutzerklaerung
Information requests for XING members: https://www.xing.com/settings/privacy/data/disclosure
9. Routine deletion and blocking of personal data
The data controller will process and store the personal data of the data subject only for the period of time necessary to achieve the storage purpose or if the data controller is provided for by the European legislature or other legislators in laws or regulations.
If the storage purpose no longer applies or if a storage period prescribed by the European legislature or any other legislators expire, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
10. Rights of the data subject
a) Right of confirmation
Any data subject has the right, granted by the European Directive and Regulatory Authority, to obtain from the data controller confirmation as to whether personal data of the data subject are being processed. If a data subject wishes to exercise this right of confirmation, they can contact our data protection official or another employee of the data controller at any time.
b) Right of information
Any data subject affected by the processing of personal data has the right, granted by the European Directive and Regulatory Authority, to obtain from the data controller information on the personal data concerning the data subject which have been stored and a copy of that information, free of charge and at any time. In addition, the European Directive and Regulatory Authority have provided the data subject with the following information:
• the processing purposes
• the categories of personal data processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular
recipients in third countries or international organizations
• if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria
for determining that duration
• the existence of a right to the rectification or erasure of personal data concerning the data subject or to the
limitation of the processing carried out by the data controller or of a right of objection to such processing of
• the existence of a right of appeal to a supervisory authority
• if the personal data are not collected from the data subject: All available information on the origin of the data
• the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the
DSGVO and - at least in these cases - significant information on the logic involved, the scope and the intended
effects of such processing on the data subject
Furthermore, the data subject also has the right of information whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject has the right to obtain information on the appropriate guarantees in connection with the transfer.
If a data subject wishes to exercise this right of confirmation, they can contact our data protection official or another employee of the data controller at any time.
c) Right of rectification
Any data subject affected by the processing of personal data has the right, granted by the European Directive and Regulatory Authority, to request the immediate rectification of incorrect personal data concerning the data subject. Furthermore, the data subject has the right, in consideration of the purposes of processing, to request the completion of incomplete personal data, also by means of a supplementary declaration.
If a data subject wishes to exercise this right of rectification, they can contact our data protection official or another employee of the data controller at any time.
d) Right to deletion (The right to be forgotten)
Any data subject affected by the processing of personal data has the right, granted by the European Directive and Regulatory Authority, to request the immediate deletion of personal data concerning the data subject if one of the following reasons applies and if the processing is not necessary:
• The personal data have been collected for such purposes or processed in any other way for which they are no
• The data subject withdraws his consent on which the processing was based according to Article 6(1)(a) DSGVO or
Article 9(2)(a) DSGVO and there is no other legal basis for the processing.
• The data subject objects to the processing conformable to Article 21(1) DSGVO and there are no legitimate reasons
for the processing, or the data subject objects to the processing conformable to Article 21(2) DSGVO.
• The personal data have been processed illegally.
• The deletion of personal data is required to fulfill a legal obligation under Union law or the law of the Member
States to which the data controller is subject.
• The personal data were collected in relation to information society services offered conformable to Art. 8 (1)
If one of the above reasons applies and a data subject wishes to exercise the right of deletion, regarding personal data stored by E.I.S. Electronics, they can contact our data protection official or another employee of the data controller at any time. The data protection official or another employee will ensure that the request for deletion is complied with immediately.
If personal data were made public by E.I.S. Electronics GmbH and our company as data controller in accordance with Art. 17 (1) DSGVO is obliged to delete the personal data, E.I.S. Electronics GmbH will take appropriate measures, also technical measures, including available technologies implementation costs, to inform other data controllers processing the published personal data that the data subject has requested those other data controllers to delete all links or copies or replications of those personal data, so far as the processing is not necessary. The data protection official of E.I.S. Electronics or another employee will take the necessary steps in individual cases.
e) Right to restrict processing
Any data subject affected by the processing of personal data has the right, granted by the European Directive and Regulatory Authority, to request the data controller to restrict the processing if one of the following conditions applies:
• The accuracy of the personal data is contested by the data subject for a period of time which allows the data
controller to verify the accuracy of the personal data.
• The processing is illegal and the data subject refuses the deletion of the personal data and instead requests the
restriction of the use of the personal data.
• The data controller no longer needs the personal data for the purposes of processing, but the data subject needs
them for the assertion, exercise or defense of legal claims.
• The data subject has objection to the processing according to Art.21 (1) DSGVO and it is not yet clear whether the
legitimate reasons of the data controller outweigh those of the data subject.
If one of the above conditions applies and a data subject wishes to exercise the right to restrict processing of personal data stored at E.I.S. Electronics GmbH, they can contact our data protection official or another employee of the data controller at any time. The data protection official or another employee will initiate the restriction of processing.
f) Right of data portability
Any data subject affected by the processing of personal data has the right, granted by the European Directive and Regulatory Authority, to receive personal data concerning the data subject which have been provided to a data controller in a structured, common and machine-readable format.
The data subject also has the right to transfer this data to another data controller without obstruction by the data controller to whom the personal data were provided, as far as the processing is based on the consent referred to in Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract referred to in Art. 6(1)(b) DSGVO and that the processing is carried out by automated means, unless the processing is not necessary for the performance of a task of public interest or in the exercise of official authority, which were assigned to the data controller.
Furthermore, when exercising the right to data portability according to Art. 20(1) DSGVO, the data subject has the right to obtain that the personal data is transferred directly from one data controller to another, as far as this is technically feasible and as far as this does not impair the rights and liberties of others.
In order to assert the right of data portability the data subject can contact our data protection official provided by E.I.S. Electronics GmbH or another employee at any time.
g) Right of objection
Any data subject affected by the processing of personal data has the right, granted by the European Directive and Regulatory Authority, to object at any time, for reasons related to its particular situation, to the processing of personal data concerning the data subject on the basis of Art. 6(1)(e) or 6(1)(f) of DSGVO. This also applies to profiling based on these provisions.
The E.I.S. Electronics GmbH does not process personal data in the event of an objection, unless we can prove compelling reasons for processing that outweigh the interests, rights and liberties of the data subject, or the processing serves the assertion, exercise or defense of legal claims.
If E.I.S. Electronics GmbH processes personal data in order to conduct direct advertising the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling as far as it is associated with such direct advertising. If the data subject objects to E.I.S. Electronics GmbH processing for direct advertising purposes, E.I.S. Electronics GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right to object to the processing of personal data, for reasons relating to its particular situation, which take place at E.I.S. Electronics GmbH for scientific or historical research purposes or for statistical purposes according to Art. 89(1) DSGVO, unless such processing is necessary to fulfill a task in the public interest.
In order to exercise the right of objection, the data subject can contact our data protection official provided by E.I.S. Electronics GmbH or another employee at any time. The data subject is also free to exercise his right of objection in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
h) Automated decisions in individual cases including profiling
Any data subject affected by the processing of personal data has the right, granted by the European Directive and Regulatory Authority, to object at any time, for reasons related to its particular situation, not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on it or significantly affects it, unless the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is authorized by Union or Member State legislation to which the data controller is subject, and which provides for appropriate measures to safeguard the rights and liberties of the legitimate interests of the data subject, or (3) takes place with the express consent of the data subject.
If the decision (1) is required for the conclusion or performance of a contract between the data subject and the data controller, or (2) it takes place with the express consent of the data subject, E.I.S. Electronics GmbH takes appropriate measures to protect the rights and liberties and legitimate interests of the data subject, including at least the right to have a person by the data controller intervene, to state its point of view and to challenge the decision.
If a data subject wishes to exercise this right relating to automated decisions, they can contact our data protection official or another employee of the data controller at any time.
i) Right to revoke consent under data protection law
Any data subject affected by the processing of personal data has the right, granted by the European Directive and Regulatory Authority, to revoke consent to the processing of personal data at any time.
If a data subject wishes to exercise this right of revocation, they can contact our data protection official or another employee of the data controller at any time.
11. Legal basis of Processing
Art. 6 I lit. a DSGVO serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in processing operations necessary for the delivery of goods or to provide other services or consideration, the processing is based on Art. 6 I lit. b DSGVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, such as in the case of inquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DSGVO. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company was injured and his name, age, health insurance data or vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. DSGVO. Ultimately, processing operations could be based on Art. 6 I lit. f. DSGVO. Processing operations which are not covered by any of the above legal bases are based on this legal basis if the processing is necessary to safeguard the legitimate interests of our company or a third party, provided that the interests, fundamental rights and fundamental liberties of the data subject do not predominate. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In that respect, it considered that a legitimate interest could be assumed if the data subject is a customer of the data controller (recital 47, sentence 2 DSGVO).
12. Legitimate interests in the processing pursued by the data controller or a third party
Is the processing of personal data based on Article 6 I lit. f DSGVO, our legitimate interest is the conduct of our business for the benefit of all our employees and shareholders.
13. Duration for storing personal data
The criterion for the duration of the storing of personal data is the respective legal retention period. After expiry of this period, the corresponding data will be routinely deleted, unless they are no longer required for the fulfillment or initiation of the contract.
14. Legal or contractual provisions to provide personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide personal data; possible consequences of non-provision
We clarify that the provision of personal data is partly required by law (such as tax regulations) or may result from contractual provisions (e. g. information on the contractual partner). Occasionally it may be necessary for a conclusion of a contract that a data subject provides us with personal data which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data when our company concludes a contract with the data subject. Non-Provision of personal data would mean that the contract could not be concluded with the data subject. Before the data subject provides personal data, the data subject must contact our data protection official.
Our data protection official informs the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what would be the consequences of the non-provision of the personal data.
15. Existence of automated decision making
As a responsible company, we abstain from automatic decision making or profiling.