I. General information on the collection of personal data
Below you will find information on the personal data we collect when visiting our website.Personal data is information which identifies you personally, such as your name, address, emailaddress, and browsing behaviour.
Controller within the meaning of the GDPR
The controller pursuant to Article 4(7) of the European General Data Protection Regulation (GDPR) is:
Eltek Deutschland GmbHFerdinand-Porsche-Straße 45
60386 Frankfurt am Main
(Please also refer to our Imprint)
You may contact our data protection officer by e-mail: datenschutzbeauftragter.de(at)eltek.com or by writing to Eltek Deutschland, adding 'Datenschutzbeauftragter' to the postal address.
The data we collect, when a user contacts us
If you send us an e-mail or use the contact form, we will store the data you provided (e.g. your e-mail address, your name, and your phone number), in order to reply to your questions. This data will be stored no longer than the time it is required, unless there are legal requirements for storing the data, in this case the processing will be restricted.
External service providers
Below you will find more detailed information on how we will process your data when using external service providers for certain functions of our contents and services and regarding the use of your data for advertising. This also includes information on the criteria used to determine the period of storing data.
General information on data processing
Scope of processing personal data
We may only process personal data of our users, if this is required for providing a functional website and our contents and services. The processing of personal data takes place regularly only after users have given their consent. With the exception of circumstances where prior consent cannot be obtained and processing the data is permitted by law.
Lawfulness of processing personal data
When asking a data subject for consent to processing his or her personal data, point (a) of Article 6(1) of the European General Data Protection Regulations (GDPR) serves as the legal basis.
When processing personal data, required for performing a contract, to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, point (b) of Article 6(1) GDPR serves as the legal basis.
Where processing personal data is necessary for compliance with a legal obligation to which our company is subject to, point (c) of Article 6(1) GDPR serves as the legal basis.
Where processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, point (d) of Article 6(1) GDPR serves as the legal basis.
Where the processing is necessary for the purposes of the legitimate interests of our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, point (f) of Article 6(1) GDPR serves as the legal basis.
Deletion and storage of data
The user’s personal data will be deleted or made unavailable, where the data is no longer necessary for the purposes they were collected for. Data may also be stored, if determined by Union or Member State law as lawful based on Union law, legislation or other regulations the controller is subject to. The data will also be made unavailable or erased, if the storage period prescribed by the aforementioned standards expires, unless the data storage is required for the conclusion or fulfilment of a contract.
Data transfer for services on conclusion of contract and digital content
We may only transfer your personal data to third parties, if this is required for performing acontract, for example to the credit institute authorised with the payment.
We will not transfer your data to a third party unless you explicitly gave your consent. We will not transfer your data to a third party, e.g. for advertising, without your explicit consent.
Data processing is pursuant to point (b) of Article 6 (1) GDPR, which allows processing of data to perform a contract or in order to take steps prior to entering into a contract.
II. Providing the website and creating log-files
Purpose and scope of data processing
Every time a user visits our website our system automatically stores data and information on the computer system accessing the website. Our system collects the following data:
Information on the type and version of the browser
The user’s operating system
The user’s IP address
Date and time of access
Websites referring the user’s system to our website
Websites the user’s system is forwarded to from our website
The system stores IP addresses and further data in log-files which enables our system to associate these data with a user. This may be the case, if the link to the website, that referred the user to our website, or the link the user is forwarded to, contains personal data.
These data will also be stored in our system's log-files. Such data will not be stored togetherwith other personal data of the users.
Legal basis for data processing
The legal basis for the temporary storage of personal data and log-files is point (f) of Article 6(1) GDPR.
Purpose of data processing
The temporary storage of IP addresses by the system is necessary to enable the website to be accessed by the user’s computer. The user’s IP address has to be stored for the duration of the session for this purpose.
The storage of data in log-files is required to provide a fully functional website. Furthermore the data are used to optimise the website and to guarantee the security of our information technology systems. We will not analyse these data for marketing purposes.
These purposes are subject to legitimate interest for data processing according to point (f) of Article 6(1) GDPR.
III.Rights of the data subject
If your personal data are processed, you are a data subject in the meaning of the GDPR and have the following legal rights vis-a-vis the controller:
1. Right to information
You have the right to obtain confirmation of whether or not we are processing your personal data. If your personal data are being processed, you have the rights to obtain access to the following information:
The purpose of processing your personal data;
the categories of personal data we are processing;
the recipient or categories of recipient to whom we have disclosed or will disclose your personal data;
where possible, the length of time your personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller the rectification or deletion of your personal data or restriction of processing of your personal data or to object to such processing;
the right to lodge a complaint with the relevant supervisory authority;
- where personal data are not collected from you, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such data processing for the data subject.
2. Right to rectification
You have the right to obtain from the controller rectification and/or completion of inaccurate or incomplete personal data. The controller has to rectify or complete the personal data without undue delay.
3. Right to restriction of processing
Under the following circumstances you have the right to obtain the restriction of processing your personal data where one of the following applies:
- you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy;
- the processing is unlawful and you oppose the deletion of your personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but you require the data for the purposes of establishment, exercises or defence of legal claims, or
- you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your legal grounds.
Where processing of your personal data has been restricted, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims, or the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the above mentioned circumstances, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a. Obligation to delete personal data
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing is based pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal ground for processing.
- You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
- Your personal data have been unlawfully processed.
- Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b. Disclosure of information to third parties
Where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject to or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR, in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- for the establishment, exercise or defence of legal claims
5. Right to request information
If you have requested from the controller the rectification or erasure of your personal data or restriction of processing your personal data, the controller must communicate any rectification or erasure of data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to request from the controller to be informed about those recipients.
6. Right to data portability
You have the right to receive the personal data you provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
- the processing is carried out by automated means.
In exercising your right to data portability you have the right to have the personal data transmitted directly from one controller to another where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller may no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal rights.
If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing; which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data may no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This will not apply, if the decision:
- is necessary for entering into, or performance of, a contract between you and the controller,
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and you legitimate interests, or
- is based on your explicit consent.
The above-mentioned decisions will not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3) the data controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right of appeal to a supervisory authority
You have the right to lodge a complaint with a supervisory authority, if you believe that the processing of your personal data is contrary to the GDPR. The relevant supervisory authority is: Der Hessische Landesbeauftragte, Prof. Dr. Michael Ronellenfitsch, Gustav-Stresemann- Ring 1, Phone: +49(0)611 1408-0, Fax: 49(0)611 408-900 or -901, e-mail: poststelle(at)datenschutz.hessen.de
Date of last revision: 17 May 2018