Data Protection Declaration
We appreciate your interest in our company. Data protection is of particular importance to the management of Eschenbach-Group.
The Internet pages of Eschenbach-Group can be used without providing any personal data. However, if a data subject wishes to make use of the special services offered by our company via our website, we may need to process your personal data. If the processing of personal data is required, this will be undertaken in accordance with Art. 6 lit. b and c GDPR.
Processing of personal data, such as the name, address, email address or telephone number of a data subject, is always undertaken in accordance with the General Data Protection Regulation and in accordance with the Federal Data Protection Act. With this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects will be informed of their rights with this data protection declaration.
As the data controller, Eschenbach-Group has implemented numerous technical and organisational measures in order to ensure that all personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
Definition of terms
The data protection declaration of Eschenbach-Group is based on the terms used by the European guideline and regulation provider when the General Data Protection Regulation (GDPR) was issued. Our data protection declaration is meant to be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this data protection declaration, we use, among others, the following terms:
- a) Personal data
Personal data is all information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). Identifiable refers to a person who can be identified directly or indirectly, in particular through the assignment of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of said person.
- b) The data subject
The data subjects any identified or identifiable person, whose personal data is processed by the person responsible for the processing.
- c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
- e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
- g) Data controller, or the party responsible for processing personal data
The data controller is the legal person, public authority, institution or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the responsible person or the specific criteria for their appointment may be laid down in accordance with Union law or the law of the Member States.
- h) Contract processor
Contract processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
- i) The recipient
The recipient is a person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may be entitled to receive personal data under Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.
- j) Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, data controller, data processor and persons who, under the direct authority of the data controller or data processor, are authorised to process personal data.
- k) Consent
Consent by the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Name and address of the data controller
The data controller in the sense of the General Data Protection Regulation, the Federal Data Protection Act and other provisions relating to data protection is:
Alexander Eschenbach, Mark J. Eschenbach
HoherMarkstein 18 – 24
97631 Bad Königshofen
Tel. +49 (0) 9761 / 900-0
Fax +49 (0) 9761 / 900-29
Name and address of the the security administrator:
For Eschenbach-Group a security administrator has been ordered. You can reach our internal security administrator by:
Herr Darian Weber
Phone: +49 37349 79092
By using cookies, Eschenbach-Group can provide users of this website with more user-friendly services, which would not be possible without setting cookies.
The data subject can prevent our website's setting of cookies at any time by appropriately setting the Internet browser being used, thus permanently preventing cookies from being utilised. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies on the Internet browser being used, not all functions of our Internet site may be fully usable.
Collection of general data and information
The Eschenbach-Group website collects a series of general data and information every time a person or an automated system accesses the website. This general data and information is stored in the log files of the server. We may record (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-pages which are accessed via an accessing system on our website, (5) the date and time the website was accessed, (6) an Internet Protocol address (IP address), (7) the Internet service providers of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks on our IT systems.
Eschenbach-Group does not draw any conclusions about the data subject when using this general data and information. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and the advertising for it, (3) ensure the permanent functionality of our IT systems and the technology on our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. These anonymously collected data and information are therefore evaluated by Eschenbach-Group statistically with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.
Server log files
Server log files contain anonymous data that is collected when you access our website. This information cannot be traced in any way to you as an individual, but is, for technical reasons, necessary for the delivery and presentation of our content. It also helps with our statistics and with the continuous optimisation of our content. Typical log files include the date and time of access, the volume of data, the browser used and the browser version, the operating system used, the domain name of the provider you use, the page from which you visited our website (referrer URL) and your IP address. Log files also enable precise checks in the event of suspected illegal use of our website.
Our website uses SSL encryption when transmitting the confidential or personal information of our users. This encryption is enabled, for example, during payment processing and for requests you send us via our website. Please make sure that SSL encryption is enabled on your device when engaged in relevant activities. It is easy to tell whether encryption is enabled: the display on your browser line changes from "http://" to "https://". Data encrypted via SSL cannot be read by third parties. Only transmit your confidential information if SSL encryption is activated; if in doubt, please contact us.
Link to Facebook
We only use a static link to Facebook; your data will not be transferred to Facebook.
Contact option via the website
Eschenbach-Group's website contains information that enables making quick electronic contact with our company, as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address). If a data subject contacts the controller by email or via a contact form, any personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller is stored for the purpose of processing or contacting the data subject. This personal data is not transferred to third parties.
Google Maps Plugin
Use of Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. ("Google"). Google Analytics uses "cookies", text files that are stored on your computer to help analyse your use of the website.. However, if IP anonymisation is activated on this website, your IP address will be truncated by Google within the member states of the European Union or in other countries that are contracting parties to the Agreement in the European Economic Area. In exceptional cases only, the complete IP address may be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website in order to compile reports on the activities of the website and to provide further services relating to the use of the website and the internet usage vis-a-vis the operator of the website. The IP address that your browser transmits within the scope of Google Analytics will not be associated with any other data held by Google. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (including your IP address) from being passed to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. In view of the debate regarding the use of analytics tools with full IP addresses, we would like to point out that this website uses Google Analytics with the "_anonymizeIp()" extension and as such ensures that IP addresses are only processed in a truncated form so as to preclude any direct personal reference.
Use of SalesViewer® technology
This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.
The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
Use of i-magazine AG flip catalogues ("Yumpu")
We use the provider i-magazine AG ("Yumpu"), Gewerbestrasse 3, 9444 Diepoldsau, Switzerland for the presentation of flip catalogues on our website.
Using Yumpu, the content of pdf files is displayed as a so-called flip catalogue, freely accessible and easily readable for everyone directly in the web browser, without having to load pdf files.
To our knowledge, Yumpu generally processes personal data in Ireland. Yumpu takes adequate measures and provides guarantees for data protection if the processing takes place in another country. Switzerland is recognised by the European Commission as a country with an adequate level of data protection. The European Commission's adequacy decree permits the transfer of personal data from the EU without further safeguards. For more information, please visit https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
Routine deletion and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or insofar as this is granted by the European legislator or other legislators in laws or regulations to which the data controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with legal requirements.
Rights of the data subject
- a) Right to confirmation
Every data subject shall have the right, granted by the European legislator of directives and regulations, to require the data controller to confirm whether personal data concerning him/her is being processed. If a data subject wishes to exercise this right of confirmation, he/she may contact the above email address or another employee of the data controller at any time.
- b) Right to information
Any data subject affected by the processing of personal data shall have the right, granted by the European legislator of directives and regulations, to obtain, at any time and free of charge, information from the data controller concerning the personal data relating to him/her that has been stored, and to receive a copy of that information.
Furthermore, the data subject has a right of access to information as to whether personal data has been transferred to a third party or to an international organisation. If this is the case, the data subject, in addition, has the right to obtain information about the appropriate guarantees in connection with the transfer.
If a data subject wishes to make use of this right to information, he/she can contact the above email address at any time.
(c) Right to correction
Any data subject who is affected by the processing of personal data shall have the right, granted by the European legislator of directives and regulations, to request the immediate correction of inaccurate personal data concerning him/her. Furthermore, taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
If a data subject wishes to exercise this right to correction, he/she can contact the above email address at any time.
- d) Right to deletion (right to be forgotten)
Each data subject shall have the right, granted by the European legislator of directives and regulations, to obtain from the data controller the deletion of personal data concerning him or her without undue delay, and the data controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
The data subject withdraws his/her consent to the processing pursuant to Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a of the GDPR, and if there is no other legal basis for processing; Pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for processing, or the data subject is entitled to submit an objection pursuant to Art. 21 para. 2 of the GDPR. The personal data has been unlawfully processed.
The personal data must be erased for compliance with a legal obligation under Union or Member State law to which the data controller is subject.
The personal data has been collected in relation to services offered by the information society according to Art. 8 para. 1 of the GDPR.
If one of the above-mentioned reasons applies and if a data subject wishes to have personal data stored at Eschenbach-Group deleted, he or she can contact the above-mentioned email address at any time. The data protection officer will arrange for compliance with the deletion request without delay.
(e) Right to restriction of processing
Each data subject shall have the right, granted by the European legislator of directives and regulations, to ask that the data controller restricts processing where one of the following conditions applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data.
The processing is unlawful, and the data subject opposes the deletion of the personal data and requests instead the restriction of its use instead.
The data controller no longer needs the personal data for the purposes of the processing, but it is required to by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to the processing pursuant to Art. 21 para. 1 GDPR, and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the person concerned.
If one of the above conditions applies and a data subject wishes to request the restriction of personal data stored at Eschenbach-Group, he or she can contact the above email address at any time. The data protection officer will arrange for processing to be restricted.
- f) Right to data transferability
Any data subject shall have the right, granted by the European legislator of directives and regulations, to receive personal data relating to him/her provided by the data subject to a data controller, in a structured, current and machine-readable format. They also have the right to transmit this data to another data controller without obstruction by the data controller to whom the personal data has been provided, provided that the processing is based on the consent provided for in Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR or on a contract according to Art. 6 para. 1 letter b GDPR, and processing is carried out using automated procedures, except where processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.
Furthermore, in exercising his or her right to data transferability pursuant to Art. 20 para. 1 GDPR, the data subject has the right to require that the personal data be transferred directly from one data controller to another data controller, to the extent this is technically feasible and provided that this does not affect the rights and freedoms of others.
The data subject can contact the above email address at any time to assert the right to data transferability.
- g) Right to objection
Any data subject affected by the processing of personal data shall at all times have the right, granted by the European legislator of directives and regulations, for reasons arising from his or her particular situation, to object to the processing of personal data relating to him or her pursuant to Article 6 para. 1 letter e or f of the GDPR. This also applies to profiling based on these provisions.
Eschenbach-Group will no longer process personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
To exercise the right of objection, the person concerned may contact Eschenbach-Group directly at the above email address.
- h) Right to revoke consent under data protection law
Each data subject shall have the right, granted by the European legislator of directives and regulations, to revoke his or her consent to the processing of his or her personal data at any time.
If the data subject wishes to exercise his/her right to revoke his/her consent, he/she may contact the above email address at any time.
(i) Right of appeal to a supervisory authority
Any data subject shall have the right of appeal to a supervisory authority if the data subject considers that the processing of personal data concerning him or her is contrary to the GDPR. The supervisory authority responsible for Eschenbach-Group is the Saxon State Data Protection Commissioner. For information, please visit https://www.saechsdsb.de.
The legal basis of the processing
The processing of personal data is for the fulfilment of a contract to which the data subject is a party. For example, this shall be undertaken in the case of processing transactions that are necessary for the delivery of goods or the rendering of another service or return service. This processing is based on Art. 6 I lit. b GDPR. This also applies to processing operations necessary before a contract is signed, such as responding to enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I letter c GDPR. Furthermore, data processing can be based on Article 6 I lit. f GDPR. This legal basis is based on processing data If it’s necessary to maintain a legitimate interest of our company or a third party, provided that this interests, do not outweigh the fundamental rights and freedoms of the person concerned. This applies, for example, to the use of data provided to us by professional address dealers.
Period for which the personal data will be stored
The criterion for the duration of the storage of personal data is the statutory retention period in question. After the deadline, the corresponding data will be routinely deleted if it is no longer required for fulfilling the contract or for initiating a contract.
Provision of personal data as a statutory or contractual requirement; requirement necessary to enter into a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We hereby inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In some cases, it may be necessary for a contract to be concluded if a data subject provides us with personal data which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with him/her. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Prior to the provision of personal data by the data subject, the data subject must contact the above email address. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.
As a responsible company, we do not use automatic decision-making or profiling.