We, the company EPflex Feinwerktechnik GmbH (hereinafter referred to as “the company”, “we” or “us”), thank you for visiting our website and for your interest in our company and our services. Your personal data will only be processed in accordance with the provisions of German and European data protection law.
Following the example of Art. 4 EU GDPR, this document is based on the following definitions:
“Personal data” (Art. 4 (1) EU GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, an online identifier, location data or with the aid of information about their physical, physiological, genetic, mental, economic, cultural or social identity characteristics. A person can also be identifiable through the linking of such information or other additional knowledge. The origin, form or embodiment of the information does not matter (photos, video or audio recordings can also contain personal data).
“Processing” (Art. 4 (2) EU GDPR) means any operation that is performed on personal data, regardless of whether any automated (i.e. technology-supported) means are employed. This includes, in particular, the collection (i.e., acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as any changes of the objective or purpose on which the data processing was based originally.
“Controller” (Art. 4 (7) EU GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Third party” (Art. 4 (10) EU GDPR) means any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are authorized to process the personal data under the direct responsibility of the controller or processor.
“Processor” (Art. 4 (8) EU GDPR) means a natural or legal person, public authority, agency or body which processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g., an IT service provider). In particular, a processor is not a third party within the meaning of data protection law.
“Consent” (Art. 4 (11) EU GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes in the form of a statement or another clear affirmative action by which the data subject signifies their agreement to the processing of personal data relating to them.
Name and address of the controller
Please refer to the imprint information on our website for the entity responsible for processing your personal data within the meaning of Art. 4 (7) EU GDPR, as well as for contact details and other information about our company.
Contact details of the data protection officer
Our data protection team, consisting of data protection coordinators and our data protection officer, are available at all times to answer any questions you may have and to act as your point of contact on the subject of data protection at our company.
You can reach the data protection team:
You can exercise your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details specified above. You can make it easier for us to respond to your request by contacting the data protection team directly.
As the data subject, you have the right:
Legal bases of data processing
In essence, the processing of personal data is only permitted by law if it falls under one of the following justifications:
Art. 6 (1) (a) EU GDPR (“Consent”): If the data subject has indicated – voluntarily, in an informed manner and unambiguously, by means of a statement or another unambiguous affirmative act – that they consent to the processing of personal data relating to them for one or more specific purposes;
Art. 6 (1) (b) EU GDPR (“Contract”): If the processing is necessary for the performance of a contract to which the data subject is party, or for the performance of pre-contractual measures taken upon the request of the data subject;
Art. 6 (1) (c) EU GDPR (“Legal obligation”): If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to keep records);
Art. 6 (1) (d) EU GDPR: If the processing is necessary to protect the vital interests of the data subject or of another natural person;
Art. 6 (1) (e) EU GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
Art. 6 (1) (f) EU GDPR (“Legitimate interests”): If the processing is necessary to protect the legitimate (in particular, legal or economic) interests of the controller or a third party, except where such interests are overridden by the conflicting interests or rights of the data subject (in particular if the data subject is a child). Insofar as the processing of personal data is based on Art. 6 (1) (f) EU GDPR, the aforementioned purposes also represent our legitimate interests.
We indicate the respectively applicable legal bases for the processing operations carried out by us below. Processing may also be based on several legal bases.
Data deletion and storage period
For the processing operations we perform, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. In the event that consent is granted, the data deletion and storage period information specified in the consent request is decisive. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. As a rule, your data will only be stored on the territory of the Federal Republic of Germany, in a member state of the European Union (EU) or in another contracting state of the Agreement on the European Economic Area (EEA). Possible exceptions to this and the corresponding processing operations are outlined in the following sections. However, the data may be stored beyond the specified time in the event of a (potential) legal dispute with you or other legal proceedings, or if storage is required by legal regulations with which we must comply as the data controller (e.g., § 257 HGB, § 147 AO). If the storage period prescribed by legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.
Data security: Website, e-mail, fax
We use technical and organizational security measures in order to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g., TLS encryption for our website), taking into account the state of the art, the implementation costs and the scope, context and purpose of the processing, as well as the existing risks (including their probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
For secure data transmission on the Internet, we use the hybrid encryption protocol Transport Layer Security (TLS), more widely known by its predecessor name Secure Sockets Layer Software (SSL). This software encrypts the information that is transmitted by you. All information relevant to data protection is stored in encrypted form in a protected database.
Please note that the confidentiality of e-mail communication cannot be guaranteed. Although we offer transport encryption (TLS) through our mail servers, confidentiality may depend on various mail relay servers over which we have no control: Whether they also use TLS and whether they analyze the emails is beyond our control.
When you send us a fax, the transmission takes place via the Internet Protocol (FoIP). From a technical standpoint, the transmission is identical to sending an e-mail or retrieving website data. We do not know whether an IP-based service encrypts data; therefore, the confidentiality of the sent data is not guaranteed. We do not recommend that you send sensitive data by fax.
We would be happy to provide you with more detailed information on request. Please contact our data protection team.
Cooperation with processors
As any other large company, we also make use of external service providers to support us with our business operations, for example with regard to IT, logistics, telecommunications: Package delivery, the dispatch of letters or e-mails, analysis of our databases, advertising activities, payment processing, sales and marketing. These service providers have access to the personal data they need in order to perform their tasks. However, they may not use this data for any other purpose. Processors will only act on our instructions and are contractually obligated to comply with the data protection provisions in accordance with Art. 28 EU GDPR. Processors are not third parties.
Prerequisite for the transfer of personal data to third countries
In the course of our business relationships, your personal data may be transferred or disclosed to third-party companies. These can also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us. You can find information about the respective details of the transfer at the relevant points below.
The European Commission certifies that certain countries offer data protection comparable to the EEA standard by means of the so-called adequacy decisions. However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal regulations. Insofar as this is the case, we ensure that data protection is guaranteed to an adequate extent. This is made possible by binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact our data protection team if you would like to obtain more information on this.
Automated decision making
We do not intend to use any personal data collected from you for any automated decision making process (including profiling).
Obligation to provide personal data
We do not make the conclusion of contracts with us dependent on your provision of personal data to us in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide us with the necessary data. If this should be the case – by way of exception – within the scope of the products or processing procedures presented below, you will be notified of this separately.
Legal obligation to transmit certain data
Under certain circumstances, we may be subject to a specific legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular to public bodies (Art. 6 (1) (c) EU GDPR).
Information on the processing of personal data in special processing operations
The following sections describe processing operations grouped by different categories of persons whose data is processed (“data subjects”).
Information about our company and the services we offer can be found in particular at www.epflex.com and at the associated sub-pages (hereinafter jointly: “websites”). When you visit our websites, your personal data will be processed.
Your data will only be processed for as long as necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly. Third parties engaged by us will store your data on their systems for as long as necessary in connection with the provision of services to us in accordance with the respective orders.
The following categories of recipients, which are primarily processors, may receive access to your personal data:
Service providers responsible for the operation of our website and the processing of data stored or transmitted through the systems (e.g., for data center services, payment processing, IT security). The legal basis for the transfer here is Art. 6 (1) (b) or (f) EU GDPR, insofar as these are not processors;
Government agencies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer here is Art. 6 (1) (c) EU GDPR;
Persons engaged to conduct our business operations (e.g., auditors, banks, insurance companies, legal advisers, regulators, parties involved in acquisitions or the formation of joint ventures). The legal basis for the transfer here is Art. 6 (1) (b) or (f) EU GDPR.
Beyond that, we will only disclose your personal data to third parties if you have given your express consent for us to do so in accordance with Art. 6 (1) (a) EU GDPR.
Personal data processed on the website/log data
During informational use of the websites, the following categories of personal data are collected, stored and processed by us. When you visit our websites, log data records (also known as server log files) are stored temporarily and anonymously on our web server. These contain the following information, in particular:
Log data is processed for statistical purposes and to improve the quality of our website, in particular with regard to the stability and security of the connection (the legal basis is Art. 6 (1) (f) EU GDPR).
It is possible that we may briefly process further information provided to our web servers by your operating system, your browser and/or other software on your end in the short term to provide you with the respective web pages. The legal basis here is also Art. 6 (1) (f) EU GDPR.
On our websites, we use services and technologies to store information on your end device and/or technologies to access information that is already stored on your end device. These technologies can include, for example, cookies. Cookies are text files and/or entries in the browser’s own database that are assigned by the browser using a characteristic string. When cookies are assigned, a certain amount of information flows between the web location that sets the cookie and your end device.
Cookies and other services may contain data that makes it possible to recognize the device being used. In some cases, cookies and other technologies only contain information about user settings that cannot be linked to a specific person.
It may be possible to refuse or technically disable some services, insofar as this is supported by your browser. However, we would like to point out that in this case you will not be able to use all functions of our website to their full extent.
With regard to the functionality of services, a distinction is made between:
Technical services: These services are essential so that visitors can navigate around the website and use basic functions and to ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store information about which web pages you have visited;
Performance services: These services collect information about how you use our website, which pages you visit and, for example, whether any errors occur during website use; they do not collect information that could identify you – all information collected is anonymous and is used only to improve our website and find out what is of interest to our users;
Advertising, targeting & sharing services, social media plugins: These services are used to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers. These services may also be used to improve the interactivity of our website with other services (e.g., with social networks).
What all services have in common is that they store information on your end device and/or access information that is already stored on your end device.
In contrast to the functional distinction between services, the legislator only distinguishes between two purposes of services:
Any use of services that are absolutely necessary from a technical, legal, economic, operational and/or contractual point of view in order to provide an explicitly requested service may be based on a legal basis other than consent in accordance with Art. 6 (1) (a) EU GDPR.
General services on the website
We currently use the following services from the services described above. Insofar as the processing is based on consent in accordance with Art. 6 (1) (a) EU GDPR, we also state the manner in which consent is requested.
Service: Contact form
When you use contact forms, the data you provide will be processed (e.g., gender, surname and first name, address, company, e-mail address and the time of transmission). Contact form data is processed to handle inquiries; the legal basis here is provided by Art. 6 (1) (b) or (f) EU GDPR.
Google (and Alphabet, as applicable) services, products and technologies
In this section, we have grouped together services offered by Alphabet Inc. (a listed U.S. holding company) and, in particular, by Google, which is part of the holding company.
Service: Google Maps
This website uses the Google Maps service to display maps and site plans; Google Maps is operated by the company Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland.
Processing will only take place if you have given your consent in accordance with Art. 6 (1) (a) EU GDPR. Additional information on this possible processing can be found in the consent query in the Consent Management Tool.
Insofar as consent has been given, each time you access the Google Maps service, information will be stored and read on your end device in order to process user settings and data when displaying the page on which Google Maps is integrated.
Service: Google Tag Manager
Our websites use the Google Tag Manager service, operated by the company Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. Processing will only take place if you have given your consent in accordance with Art. 6 (1) (a) EU GDPR. Additional information on this possible processing can be found in the consent query in the Consent Management Tool.
Service: Google reCAPTCHA
Our websites use the Google reCAPTCHA service, operated by the company Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. Processing will only take place if you have given your consent in accordance with Art. 6 (1) (a) EU GDPR. Additional information on this possible processing can be found in the consent query in the Consent Management Tool.
Insofar as consent has been given, we can use reCAPTCHA to check whether data is entered on our websites (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of website visitors based on various parameters. This analysis starts automatically. reCAPTCHA evaluates various types of information for its analysis (e.g., the IP address, the time spent by the website visitor on the website or mouse movements of the user). The data collected in the course of the analysis is forwarded to Google.
Service: Google Web Fonts/ external fonts
Our websites use the Google Web Fonts service, operated by the company Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. Processing will only take place if you have given your consent in accordance with Art. 6 (1) (a) EU GDPR. Additional information on this possible processing can be found in the consent query in the Consent Management Tool.
Insofar as consent has been given, Google Web Fonts can be used to provide a consistent representation of fonts. When you access a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you use must connect to Google’s servers. As a result, Google gains knowledge that our website was accessed via your IP address.
You can apply for a job at our company in various ways. Regardless of how you submit your application, your application data will be processed exclusively for the purpose of handling your application and will be stored for a maximum of six months after the end of the selection process, after which it will be deleted unless you give us your consent to further processing in a talent pool.
In the context of applications, we process the following personal data from you:
The legal basis is the decision on the establishment of an employment relationship or, after the establishment of an employment relationship, its implementation according to §26, para. 1 BDSG-new and Art. 6 (1) (b) EU GDPR.
Service: Applications by e-mail
You have the possibility to apply for a job at our company by e-mail. Please send your application materials to email@example.com. Please note that we cannot guarantee the confidentiality of your data when you apply by e-mail. Although we offer transport encryption (TLS) through our mail server, the confidentiality of e-mail messages may depend on various mail relay servers over which we have no control. Whether they also use TLS and whether they analyze the e-mails is beyond our knowledge and influence. If you have any concerns in this regard, please use regular mail for your application.
Business partners and visitors seeking information
You have the possibility to contact us by phone, fax or e-mail. Please also refer to the section “Data security: Website, e-mail, fax”.
When contact is made by telephone, we collect caller identification information (caller IDs). This means that unless your phone number is suppressed or blocked, we will see the phone number you are calling us from. The phone number, call date and call time are automatically stored by our phone system and are only used to call you back if you have requested us to do so or if your call is dropped due to technical problems. This data is deleted after 4 weeks at the latest. We do not record calls.
If you contact us by e-mail, your e-mail address will be stored and used for the purpose you have specified to us in the e-mail message (e.g., for ordering a product). The same applies if you contact us by fax.
When you order products from us or request information materials, we create a customer account for you. The customer account contains the following data:
This data is required to execute your order and/or respond to your inquiry and will only be processed for this purpose (Art. 6 (1) (b) or (f) EU GDPR). Unless stated otherwise, the deletion periods for this data are based on the statutory retention obligations to which we are subject.