Skip to main content

Data Privacy Policy

 

The following data privacy policy applies to the use of our online website www.espec.de(hereinafter “website”).http://www.espec.de

We place great importance on data protection. Your personal data are collected and processed in compliance with the applicable data protection regulations, with particular reference to the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for the collection, processing and use of your personal data, as defined in Art. 4 (7) GDPR, is as follows:

ESPEC EUROPE GmbH, Balanstr. 55, 81541 München, Tel. 089-1893963-0, info@espec.de

If you wish to object to the collection, processing or use of your data by us, in accordance with these data protection provisions, either in general or in respect of individual measures, you can address your objection to the data controller.

You can save and print out this data privacy policy at any time.

2. Supervisory Authority

Bavarian State Commissioner for Data Protection: Der Bayerische Landesbeauftragte für den Datenschutz, Wagmüllerstraße 18, 80538 München, Tel. 089-212672-0, poststelle@datenschutz-bayern.de

3. General purposes of data processing

We use personal data for the purpose of operating the website.

4. What data we use and why

4.1 Hosting

We use hosting services for the provision of the following services: infrastructure and platform systems, computing capacity, storage space, database systems, security systems and technical maintenance, as required for the purpose of operating the website.

In doing so, we, or our hosting providers, process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, prospective customers and visitors to the website, on the basis of our legitimate interests in the efficient and secure provision of our website in accordance with Art. 6 (1) section 1 f) GDPR in conjunction with Art. 28 GDPR.

4.2 Access data

We collect information about you when you visit this website. We automatically collect information about your usage patterns and your interaction with us, and we register information about your computer or mobile device. We collect, store and use data about every instance of access to our website (so-called server log files). The access data include the following:

  • Name and URL of the file accessed
  • Date and time of access
  • Volume of data transmitted
  • Message as to whether the access process was successful (HTTP response code)
  • Browser type and browser version
  • Operating system
  • Referrer URL (i.e. the page previously visited)
  • Websites which are accessed by the system of the user through our website
  • Internet service provider of the user
  • IP address and the provider requesting access

We use these log data without any reference to your personal identity or to other profiling systems for statistical evaluations in the interests of the operation, security and optimisation of our website, but also for the anonymous recording of the number of visitors to our website (traffic), for the analysis of the scope and type of use of our website and services, and for billing purposes in order to measure the number of clicks received from cooperation partners. This information enables us to provide personalised and location-based content and to analyse the data traffic, detect and correct errors, and improve our services.

 

These purposes also encompass our legitimate interests pursuant to Art. 6 (1) section 1 f) GDPR.

We reserve the right, however, to check the logged data at a later date if, on the basis of concrete indications, there are legitimate grounds to suspect illegal use. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision or billing of services, e.g. if you use one of our services. Once the purchase order process has been interrupted or once payment has been received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have specific cause to suspect a criminal offence in connection with the use of our website. We also store the date of your last visit as part of your account (e.g. when registering, logging in, clicking on links, etc.).

4.3 Data required for the fulfilment of our contractual obligations

We process personal data which we need to fulfil our contractual obligations, such as name, address, email address, products ordered, invoice data and payment data. These data must be collected for the conclusion of contracts.

The data will be erased after the warranty periods and statutory retention periods have expired. Data linked to a user account (see below) will be retained in any event while this account is held.

The legal basis for the processing of these data is Art. 6 (1) section 1 b) GDPR because these data are required so that we can fulfil our contractual obligations with you.

4.4 Email contact

If you contact us (e.g. via the contact form or by email), we will process your details in order to follow up on the enquiry and any further questions which may arise.

If the data are processed for steps required prior to entering into a contract in response to your enquiry or, if you are already our customer, for the execution of the contract, then the legal basis for this data processing is Art. 6 (1) section 1 b) GDPR.

4.5 Consent

We only process further personal data if you give your consent (Art. 6 (1) section 1 a) GDPR) or if we have a legitimate interest in the processing of your data (Art. 6 (1) section 1 f) GDPR). We would have a legitimate interest, for example, in replying to your email.

5. Term of storage

Unless specifically stated, we only store personal data for as long as is necessary to accomplish the purposes for which they were saved.

In some cases, statutory retention periods are prescribed for personal data in various laws, such as tax law or commercial law. In these cases, we store the data solely for these legal purposes. They are not otherwise processed and are erased after the statutory retention period has expired. 

6. Your rights as the person whose data are processed (data subject)

Under the applicable laws, you have various rights with regard to your personal data. If you wish to exercise these rights, please send your request by email or by post to the address provided in paragraph 1, clearly stating your identity.

A summary of your rights is included below.

6.1 Right to confirmation and information

You have the right to request transparent information about the processing of your personal data.

The specific details are as follows:

You have the right at any time to request confirmation from us as to whether personal data concerning you are being processed. If this is the case, you have the right to ask us to provide information free of charge about the personal data concerning you which are stored on our systems together with a copy of these data. You also have the right to access the following information:

  1. The purposes for which the data are processed
  2. The categories of personal data which are processed
  3. The recipients or categories of recipients to whom or to which the personal data have been or will be disclosed, especially recipients in third countries or at international organisations
  4. Where possible, the envisaged term of storage of the personal data or, where this is not possible, the criteria for deciding this term of storage
  5. The existence of a right to rectification or erasure of your personal data or a right to restriction of processing by the data controller or a right to object to such processing
  6. The existence of a right to lodge a complaint with a supervisory authority
  7. If the personal data are not collected from you, all the available information about the source of the data
  8. The existence of any automated decision-making processes, including profiling, as referred to in Art. 22 (1) and (4) GDPR and – at least in these cases – detailed information on the logic involved and the significance and the envisaged consequences of such processing for you

If personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

6.2 Right to rectification

You have the right to ask us to correct any personal data concerning you and, where applicable, to complete our records.

The specific details are as follows:

You have the right to ask us to rectify incorrect personal data relating to you without undue delay. Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

6.3 Right to erasure (“right to be forgotten”)

In a number of cases, we are required to erase your personal data.

The specific details are as follows:

You have the right under Art. 17 (1) GDPR to ask us to erase your personal data without undue delay, and we are obliged to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data are no longer needed for the purposes for which they were collected or otherwise processed.
  2. You withdraw your mandatory consent on which the processing was based pursuant to Art. 6 (1) section 1 a) GDPR or Art. 9 (2) a) GDPR and there is no other legal basis for the processing.
  3. You file an objection to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you file an objection to the processing pursuant to Art. 21 (2) GDPR.
  4. The personal data have been processed unlawfully.
  5. The erasure of the personal data is necessary to comply with a legal obligation under Union or Member State law to which we are subject.
  6. The personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

Where we have made the personal data public and are obliged pursuant to Art. 17 (1) GDPR to erase the data, we shall take reasonable steps, including technical measures, taking account of the available technology and the implementation costs, to inform those responsible for the data processing who are processing the personal data that you have requested that they erase all links to these personal data or copies or replications of these personal data.

6.4 Right to restriction of processing

In a number of cases, you have the right to ask us to restrict the processing of your personal data.

The specific details are as follows:

You have the right to ask us to restrict processing if one of the following conditions applies:

  1. the accuracy of the personal data is contested by you for a period of time enabling us to verify the accuracy of the personal data;
  2. the processing is unlawful and you did not agree to the erasure of the personal data but instead requested that the use of the personal data be restricted;
  3. we no longer need the personal data for the relevant processing purposes but you need the data to establish, exercise or defend legal claims, or
  4. you have objected to the processing pursuant to Art. 21 (1) GDPR pending verification as to whether the legitimate grounds of our company override your grounds.

6.5 Right to data portability

You have the right to receive, transmit or instruct us to transmit personal data concerning you in machine-readable format.

The specific details are as follows:

You have the right, in respect of the personal data which you have given us, to be provided with these data in a structured, commonly used and machine-readable format and the right to send these data to another data controller without any obstruction on our part, insofar as the following applies:

  1. the processing is based on consent pursuant to Art. 6 (1) section 1 a) GDPR or Art. 9 (2) a) GDPR or on a contract pursuant to Art. 6 (1) section 1 b) GDPR and
  2. the processing is carried out by automated means.

In exercising your right to data portability in accordance with paragraph 1, you have the right to ask for the personal data to be transmitted directly by us to another data controller where this is technically feasible.

6.6 Right to object

You have the right to object to lawful processing of your personal data by us if substantiated by reasons arising from your particular situation and if our interests in their processing do not prevail.

The specific details are as follows:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Art. 6 (1) section 1 e) or f) GDPR; this also applies to any profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the data are processed for the establishment, exercise or defence of legal claims.

If personal data are processed by us for direct marketing purposes, you have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling insofar as it is associated with such direct marketing.

You have the right to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR for reasons arising from your particular situation, unless the processing is necessary for the performance of a task in the public interest.

6.7 Automated decision making and profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or significantly affects you in a similar manner.

There are no automated decision making processes on the basis of the personal data collected.

6.8 Right to revoke consent pursuant to data privacy law

You have the right to revoke consent to the processing of personal data at any time.

6.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data is unlawful.

7. Data security

We make every effort to ensure the security of your data in compliance with the applicable data protection laws and insofar as technically possible.

Your personal data are encrypted on our systems for secure transmission processes. This applies to your purchase orders and also to the customer login processes. We use the SSL coding system (Secure Sockets Layer) but we would emphasise that there can be security issues with the transmission of data over the Internet (e.g. when communicating by email). It is not possible to protect the data from third-party access along the entire communication chain.

We put technical and organisational security measures in place in accordance with Art. 32 GDPR in order to safeguard your data and we conduct regular updates to ensure that they conform to the latest available standards of technology.

We do not guarantee that our services will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully managed with regular backups.

8. Transfer of data to third parties; no transfer of data to non-EU countries

We use your personal data solely within our company as a general principle.

If and insofar as we engage third parties in the performance of contracts (e.g. logistics service providers), they are provided with personal data only to the extent necessary for the corresponding service.

In the event that we outsource some of the data processing work (“commissioned data processing”), we impose binding contractual duties upon processors to use personal data strictly in accordance with the requirements set out in the data protection laws and to guarantee the protection of the rights of the data subjects.

No arrangements are in place nor are there any plans to transfer data to agencies or persons outside the EU, aside from the case referred to in this statement in paragraph 4. 

Status 2019, Jan 16