Data protection
Privacy policy for the use of the website elisental.de
I. Name and address of the responsible parties
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:
Drahtwerk Elisental
Erdmann GmbH
Werdohler Str. 40
58809 Neuenrade
Germany
Tel.: +49 2392 697-0
E-Mail: info@elisental.de
Website: www.elisental.de und www.elisentalent.de
II. Data Protection Officer
You can contact our data protection officer at datenschutz@elisental.de or at our postal address with the addition “Data Protection Officer.”
III. General information on data processing
1. Scope of processing personal data
We only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data is carried out regularly only with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Where we obtain the data subject’s consent for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.
Where the processing of personal data is necessary to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
Where processing is necessary to safeguard a legitimate interest of our company or of a third party, and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.
3. Data deletion and storage period
The data subject’s personal data will be erased or restricted as soon as the purpose for which it was stored no longer applies. Data may also be stored if this is provided for by European or national legislation in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
IV. Logfiles
We host our website with Host Europe GmbH, c/o Spaces, Gertrudenstraße 30–36, 50667 Cologne, Germany (“Host Europe”). When you visit our website, Host Europe automatically collects server log files. These include, in particular, access log files and error log files, which may also contain IP addresses.
This data is processed for the purposes of technical provision, ensuring the stable and secure operation of the website, error analysis and the prevention of misuse. The legal basis is Article 6(1)(f) of the GDPR. Our legitimate interest lies in the secure, stable and functional provision of our website.
According to Host Europe, access log files are retained for 14 days and error log files for 7 days.
Further information on the collection of log files can be found on the Host Europe website at:
https://www.hosteurope.de/faq/webhosting/webhosting-logfiles/welche-logfiles-werden-gespeichert/
https://www.hosteurope.de/faq/webhosting/webhosting-logfiles/aufbau-logfiles/
We have entered into a data processing agreement with Host Europe for the use of the service.
V. Use of cookies
Our website uses cookies and similar technologies. Cookies are small text files that are stored on your device and contain certain information. They are used to provide functions on our website and to enable its use from a technical perspective.
Users can configure their browser to be notified when cookies are set and to decide whether to accept them on a case-by-case basis, or to block cookies in specific cases or generally. Cookies that have already been stored can be deleted at any time via the browser settings. If technically necessary cookies are deactivated, the functionality of our website may be restricted.
Information on managing cookies in common browsers:
-
⇒ Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
-
⇒ Edge: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies
-
⇒ Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de
-
⇒ Mozilla Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop
-
⇒ Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Unless otherwise stated in this privacy policy, we only use cookies and similar technologies that are technically necessary to provide our website, enable its basic functions and ensure the security and stability of the service.
The storage of information on the user’s device or access to information already stored there is carried out in accordance with Section 25(2) of the TDDDG. Where personal data is processed in this context, such processing is carried out on the basis of Article 6(1)(f) of the GDPR. Our legitimate interest lies in the technically flawless, secure and user-friendly provision of our website.
Where we use non-essential cookies or similar technologies on our website, this is done exclusively on the basis of the user’s consent. We have described the details of this in the relevant sections of this privacy policy.
Where personal data is processed on the basis of Article 6(1)(f) of the GDPR, the user has the right to object to such processing at any time.
VI. Contact form and email contact
1. Description and scope of data processing
Our website features a contact form that can be used to contact us electronically. If a user makes use of this option, the data entered in the form is transmitted to us and stored. This data – as and to the extent entered by the user – comprises:
• First name, surname
• Company
• Email address
• Callback number
• Message
Alternatively, you may contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.
In this context, the data will not be passed on to third parties. The data will be used exclusively for the purpose of processing the correspondence.
2. Legal basis for data processing
The legal basis for processing the data transmitted when an email is sent is Article 6(1)(f) of the GDPR. If the purpose of the email contact is to conclude a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR.
3. Purpose of data processing
We process the personal data provided via the contact form solely for the purpose of handling your enquiry. Where contact is made via email, this also constitutes the necessary legitimate interest in processing the data.
Any other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
4. Duration of storage
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.
For personal data entered via the contact form and that sent by email, this is the case once the relevant conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively resolved.
Any additional personal data collected during the submission process will be deleted after a period of seven days at the latest.
5. Right to object and right to erasure
Users may withdraw their consent to the processing of their personal data at any time. If a user contacts us by email, they may object to the storage of their personal data at any time. In such cases, the conversation cannot be continued.
To do so, simply send us an email stating your request to info@elisental.de.
In this case, all personal data stored in the course of the contact will be deleted.
VII. Applications/Application portal
1. Description and scope of data processing
On our website, we use the career portal ‘talentstorm’ provided by ontavio GmbH, Hundemstraße 2, 57368 Lennestadt, which can be used to apply electronically for vacancies advertised by us.
No data will be transmitted to the third-party provider, nor will cookies be set by ontavio GmbH, without your consent.
If a user makes use of this option, the data entered in the input form will be transmitted to us and stored.
This includes general personal details (name, address, contact details, etc.), information on professional qualifications, education, career history and, where applicable, further details such as the dates of any work experience placements or holiday work.
The collection and processing of this personal application data is carried out exclusively for the specific purpose of filling vacancies within our company. Your data will, as a rule, only be forwarded to the internal departments and specialist divisions of our company responsible for the specific application process.
Your personal application data will not be passed on to other companies without your prior, express consent.
Your application data will not be used for any other purpose or passed on to third parties.
We have entered into a data processing agreement with ontavio GmbH for the use of the service.
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 (1) lit. f GDPR and Art. 4 (1) lit. b GDPR.
3. Purpose of data processing
Your personal application data is collected and processed solely for the purpose of filling vacancies within our company.
4. Duration of storage
Your personal application data will generally be deleted no later than six months after the application process has been completed. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purposes of providing evidence, or if you have expressly consented to longer-term storage.
5. Right to object and right to erasure
You may withdraw your consent to the processing of your personal data at any time. In such cases, you will no longer be able to continue with the application process.
To do so, simply send us an email stating your request to datenschutz@elisental.de.
In this case, all personal data stored as part of the contact process will be deleted.
VIII. Google Analytics 4
Provided the user consents, we use Google Analytics 4, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to analyse the use of our website. In particular, this may involve the processing of usage data, device and browser information, referrers, page views and interactions.
The legal basis for storing information on the user’s device or accessing it is Section 25(1) of the TDDDG. The legal basis for the further processing of personal data is Article 6(1)(a) of the GDPR.
According to Google, IP addresses of users from the EU are not logged or stored within the scope of Google Analytics. Data transfer to the USA cannot be ruled out. Insofar as data is transferred to certified companies in the USA, this is done on the basis of the adequacy decision regarding the EU-US Data Privacy Framework.
The user may withdraw their consent at any time with effect for the future.
IX. Social media (Facebook, Instagram, LinkedIn) and career portal (Karriere Südwestfalen)
In addition to our website, we are also active on various social media platforms and on the career and training portal ‘Karriere Südwestfalen’. When you visit any of these platforms, personal data may be transmitted to the provider of the social network or career portal.
In addition to storing the specific data you enter on these social media platforms, the provider of the social network may also collect, process or use further information. They may collect, process and use key data from the computer system you are using to visit the site, such as your IP address, the type of processor used and the browser version, including plug-ins.
If you are logged into your personal user account with the relevant provider whilst visiting such a platform, they may automatically associate your visit with that account. If you do not wish such an association to be made, you must log out of your account before visiting the site.
Please refer to the respective terms and conditions of the relevant platform for the purpose and scope of data collection by that platform, as well as the further processing and use of your data there and your rights in this regard:
facebook/Instagram Datenrichtlinie
LinkedIn Datenschutzrichtlinie
Karriere Südwestfalen Datenschutzrichtlinie
X. Google Fonts (local hosting)
This site uses so-called Google Fonts, provided by Google, to ensure consistent font display. The Google Fonts are installed locally. No connection is made to Google’s servers.
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
XI. SalesViewer
We have integrated SalesViewer into this website. The provider is SalesViewer / SalesViewer GmbH, Hueststr. 30, 44787 Bochum (hereinafter “SalesViewer”).
SalesViewer enables us to record visits to our website by representatives of other companies. To this end, the website visitor’s IP address is compared with the company IP addresses stored in SalesViewer’s company database. If the IP address belongs to a company, this visit and the user’s behaviour are recorded. IP addresses that are not present in SalesViewer’s database are deleted immediately, meaning that website visits by private individuals are ignored by SalesViewer.
SalesViewer offers an opt-out procedure to improve data protection. Further details can be found via the following link provided by the provider: https://www.salesviewer.com/de/opt-out/.
The use of SalesViewer is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in tracking visits to our website and analysing user behaviour. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
For further details, please refer to the provider’s privacy policy at https://www.salesviewer.com/de/plattform/datenschutz/.
Order processing
We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
XII. Google Maps
We have integrated Google Maps, a mapping service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), into our website in order to display geographical information visually and make it easier to locate the places we specify.
Google Maps is only loaded with the user’s consent. The legal basis for storing information on the user’s device or accessing information already stored there is Section 25(1) of the TDDDG. The legal basis for the subsequent processing of personal data is Article 6(1)(a) of the GDPR. The user may withdraw their consent at any time with effect for the future.
When using Google Maps, personal data may be transmitted to Google. This may include, in particular, the IP address, technical information about the user’s browser and device, usage data, and data relating to the use of the map function. The specific data processed depends on whether the user is logged into Google whilst using the service.
Data may also be processed on servers operated by Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework (DPF). Where personal data is transferred to the USA, the transfer may therefore be based on the European Commission’s adequacy decision regarding the EU-US Data Privacy Framework.
Further information on data processing by Google can be found in Google’s Privacy Policy and in Google’s information on the applicable data protection frameworks.
XIII. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right to information
You may request confirmation from the controller as to whether we are processing personal data relating to you.
If such processing is taking place, you may request the following information from the controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
(4) the envisaged period for which the personal data concerning you will be stored, or, if this is not possible, the criteria used to determine that period;
(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) any available information regarding the origin of the data, where the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and – at least in such cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
2. Right to rectification
You have the right to request that the controller rectify and/or complete your personal data if the personal data concerning you that is being processed is inaccurate or incomplete. The controller must rectify the data without delay.
3. Right to restriction of processing
You may request the restriction of the processing of your personal data under the following circumstances:
(1) if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or
(4) where you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
If the processing of your personal data has been restricted, such data – apart from its storage – may only be processed with your consent, or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the Union or of a Member State.
If the restriction on processing has been imposed in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to erase
You may request that the controller erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The erasure of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you has been collected in relation to the services offered by information society services pursuant to Art. 8 (1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, to inform controllers who process the personal data that you, as the data subject, have requested the deletion of all links to this personal data or copies or replications of this personal data.
c) Exceptions
The right to erasure does not apply if the processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
(5) for the establishment, exercise or defense of legal claims.
5. Right to information
If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, and
(2) the processing is carried out using automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In connection with the use of information society services, you have the option of exercising your right to object by means of automated procedures using technical specifications, irrespective of Directive 2002/58/EC.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent prior to revocation.
9. Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Privacy settings
Reset settings
In order to optimize our website for you and to continuously improve it, we use third-party analysis tools. Cookies, tracking, and (re)targeting technologies are only used with your express consent.
