Data Privacy Statement EJOT
Status 24.04.2023
First of all, we thank you for your interest in our TOBI®-Drive website. Also during the use of our internet presence, the protection of your personal data is important to us. Personal data is all data personally relating to you, for example name, address, e-mail address. With the following information, we would like to inform you about the nature, use, purpose and limitation of the data processing. We assure that our collection and use of your data is carried out in accordance with the relevant data protection regulations.
1. Controller and disclosure to other EJOT companies
(1) The controller responsible for the collection, processing and use of your data in the meaning of Art. 4 no. 7 GDPR is EJOT Holding GmbH & Co. KG, Im Herrengarten 1, 57319 Bad Berleburg, Germany, phone: +49 2751 529-0, e-mail: info@ejot.com (see also our imprint).
(2) In addition, depending on the area, data may also be collected, processed and used by the affiliated companies EJOT SE & Co. KG, Astenbergstraße 21, D-57319 Bad Berleburg, Germany. Disclosure to companies affiliated with EJOT will only take place if and when required by the nature of the information and only to the extent necessary (e.g. to process orders of the e-shop, to send newsletters).
2. Delimitation of the area covered by the data privacy statement
EJOT websites may lead to third party websites (such as social networks) that are not explicitly covered by this data privacy statement.
3. Information on processing of data outside the European Union (EU) and the European Economic Area (EEA)
All servers used by EJOT are located within the European Union. Exceptions to this may exist when using tools of third parties. Please note the additional information in this privacy statement.
4. Nature, scope and purpose of the collection and use of personal data
(1) Collection
By default, EJOT collects data when you use our website. In the case of merely informative use of the website, which means that you do not register or otherwise provide us with information, we collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website and to ensure stability and security:
- IP address
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of the requirement (concrete page)
- access status / HTTP status code
- each transmitting amount of data
- website from which the request comes
- browser
- operating system and its interface
- language and version of the browser software
From these data, however, we cannot draw conclusions about persons. Further personal data will only be stored if your consent has been obtained or if this information is necessary in the context of a registration, a raffle or a contract execution.
(2) Use
All personal data collected on the EJOT website are used exclusively for the technical administration of the website, individual support, customer administration, and for the marketing and dispatch of ordered goods and newsletters, and in particular only to the extent necessary. Your data are supposed to help us to continually improve our websites and make their use as easy as possible. All data are treated strictly confidential. Governmental or administrative orders may result in the disclosure of personal data to public authorities and government agencies to the extent of legal obligations. Disclosure to third parties takes only place to partner companies and service providers, as far as this is contractually mandatory for us and then only to the extent necessary. This concerns, for example, the operation of the website or the processing of orders. In the event of the disclosure of personal data, partner companies and service providers are carefully selected and commissioned by us, are bound by our instructions, are subject to regular controls and are committed to confidentiality. To the extent necessary, contracts for data processing are concluded with them in accordance with data protection regulations. We will delete the accumulated data after the storage is no longer required, or restrict the processing if there are statutory storage requirements.
5. Contact by e-mail or by contact form
(1) To get in contact with EJOT, you can write an e-mail or send us your contact details in the corresponding contact form. These are used exclusively to contact you and to discuss your requests or concerns.
(2) If you send us an application by e-mail, we will treat the data we received by you in strict confidence and process them to the extent necessary. Should you get the job, we will continue to save the furthermore required data such as first name, last name and date of birth. Should we decide against you, your data will be deleted after a reasonable period of time according to the data protection regulations, unless you agree to be included in our talent pool.
6. Use of cookies
(1) When you use our website, cookies are stored on your computer. Cookies are small text files that are stored by you and that give us certain information. Cookies cannot run programs or transfer viruses to your computer. They serve to make the internet offer more user-friendly and effective overall.
(2) This website uses the following types of cookies, whose scope and operation are explained below:
- Transient cookies: Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
- Persistent cookies: Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete cookies in the security settings of your browser at any time.
(3) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please be aware that you may not be able to use all functions of this website anymore.
(4) Please also note the further information on cookies in this data privacy statement.
7. Use of Matomo
With your consent, we use the open source software Matomo to analyze and statistically evaluate the use of the website. Cookies are used for this purpose. The information about website usage obtained in this way is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data to evaluate the use of the website. The data collected is not passed on to third parties.
The IP addresses are anonymized (IP masking), so that an assignment to individual users is not possible.
The processing of the data is based on Art. 6 para. 1 p. 1 lit. a DSGVO. We thereby pursue our legitimate interest in optimizing our website for our external presentation.
You can revoke your consent at any time by deleting the cookies in your browser or changing your privacy settings.
8. Use of Akamai
This website uses delivery, security and analytics services provided by Akamai Technologies GmbH, Germany ("Akamai"). These services use "cookies," text files, "beacons," browser interfaces that generate log files to enable Akamai to (i) deliver the Website quickly, reliably, and securely, (ii) perform analytics about the performance of the Website and the associated user experience, (iii) perform security analysis and prevent (iv) unauthorized access to the Website, and (v) generate reports about (i) through (iv) for its customers. The log files that are generated may contain personal data in the form of IP addresses. Akamai may share this data with third parties if Akamai is required to do so by law or if the third parties process the data on Akamai's behalf. Akamai may transfer, store and process the data on its servers. The Akamai backend servers are predominantly located in the USA. Akamai ensures that the transfer of personal data of EU citizens outside the European Economic Area complies with the requirements of the relevant data protection laws. To this end, Akamai has implemented legally recognized transfer mechanisms, including, but not limited to, EU standard contractual clauses. Akamai does not use the data to identify individuals or for profiling individuals.
For more information on the terms of use when Akamai processes personal data and on the Akamai privacy statement, please visit https://www.akamai.com/content/dam/site/en/documents/akamai/akamai-privacy-statement.pdf.
9. Use of Google Adwords Conversion Tracking
(1) We also use Google Adwords Conversion Tracking. If you have reached our website via an advertisement by Google, Google Adwords will set a cookie on your computer. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages on our website and the cookie has not expired, we and Google may recognize that the user clicked on the advertisement and was redirected to this page. The information obtained through the conversion cookie is used to generate conversion statistics for us. We are informed about the total number of users who clicked on our advertisement and were redirected to a conversion tracking tag page. However, we do not receive information that personally identifies users.
(2) If you do not want to participate in the tracking, you can refuse the required setting of a cookie - for example, via a browser setting that generally deactivates the automatic setting of cookies or set your browser to block cookies from the domain "googleleadservices.com". Please note that you shall not delete opt-out cookies as long as you do not want records of measurement data. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.
10. Use of Friendly Captcha
We use the "Friendly Captcha" service on our website (www.friendlycaptcha.com). This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany. Friendly Captcha is a new type of privacy-friendly security solution to make it increasingly difficult for automated programs and scripts (so-called "bots") to use our website. For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's end device can establish a connection to Friendly Captcha's servers in order to receive a computational task from Friendly Captcha. The visitor's end device solves the computational task, which requires certain system resources, and sends the computational results to our web server. Our server contacts the Friendly Captcha server via an API and receives a response stating whether the puzzle was solved correctly by the end device. Depending on the result, we can apply security rules to requests via our website and thus, for example, further process or reject them. The data is used exclusively for the protection against spam and bots as described above. Friendly Captcha does not set or read cookies on the visitor's end device. IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual person. If personal data is stored, this data will be deleted after 30 days. The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in protecting our website against abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests). Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/
11. Use of YouTube
(1) We have included YouTube videos in our online offering, which are stored on http://www.YouTube.com and are directly playable from our website. These are all included in the "extended privacy mode", this means that no data is transferred about you as a user to YouTube if you do not play the videos. Only when you play the videos, the data mentioned in the following paragraph are transmitted. We have no influence on this data transfer. We have a legitimate interest in the inclusion of YouTube videos according to Art. 6 para. 1 sentence 1 lit. f GDPR, namely an interest in the attractive design of our website. YouTube is powered by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
(2) By playing the videos, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under "4. Nature, scope and purpose of the collection and use of personal data " are transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you are logged in to YouTube, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and / or customization of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the formation of these user profiles, whereby you must contact YouTube in order to exercise it.
(3) As a Google subsidiary, Youtube is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google also processes your personal data in the US. For more information about data processing and privacy practices by YouTube or Google, please visit www.google.com/intl/en/policies/privacy/.
12. Information about and explanation of safeguards
EJOT strives to protect your data collected by us against any kind of influence, such as accidental or intentional manipulation, loss, destruction or access by unauthorized persons. We implement technical and organisational measures that we adapt to the state of the art. Furthermore, all employees and other vicarious agents are obliged to maintain data secrecy. The EJOT website uses SSL encryption.
13. Use of Facebook
(1) EJOT operates a so-called fan page within the social network "Facebook" of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Since the operation of the fan page is a joint responsibility (Art. 26 GDPR) between Meta Platforms Ireland Limited and EJOT, a corresponding agreement has been concluded with Meta Platforms Ireland Limited, which you can view under the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
(2) If you use Meta products such as the EJOT Facebook fan page, Meta collects and uses the information described in its “Data Policy” under “What kinds of information do we collect?”. The “data guideline” from Meta is online at: https://www.facebook.com/about/privacy/update. You can find information about the cookies used by Meta in the Meta cookie policy: https://www.facebook.com/policies/cookies/
(3) For fan pages, Meta provides the fan page operators with statistics and insights, which help to obtain knowledge about the types of actions that people undertake on their pages (“page insights”).
(4) EJOT has no influence on whether these statistics and insights are collected by Meta. According to Meta, page insights are designed to show important trends without revealing any details about you that could identify you. According to Meta, it is possible for fan page operators to possibly assign your profile picture to your “Like” information for the fan page if you mark the fan page with “Like” and set your “Like” information for pages to “public”.
(5) Information used for page insights are, for example:
· go to a page, post or video from a page
· subscribe or unsubscribe to a page
· mark a page or a post with "Like" or "Dislike"
· recommend a page in a post or comment
· comment on, share or respond to a page post (including the type of reaction)
· hide a page post or report it as spam
· click on a link that leads to the page from another page on Facebook/Meta or from a website outside of Facebook/Meta
· move the mouse over the name or profile picture of a page to see a preview of the page content
· click on the website, phone number, "plan routes" button or any other button on a page
· Information as to whether you are logged on to a computer or mobile device while you visit a page or interact with it or its content
You can find a detailed overview here:
https://www.facebook.com/legal/terms/information_about_page_insights_data
(6) The purpose of operating the EJOT Facebook fan page is to provide a wide range of information from EJOT to the users of the fan page as well as the exchange with and between users. Both the operation of the Facebook fan page and the processing of the data are based on the legitimate interest of EJOT from Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest arises from marketing and optimization purposes.
(7) Meta Platforms Ireland Limited and EJOT have signed an agreement that regulates their respective obligations under the GDPR:
https://www.facebook.com/legal/terms/page_controller_addendum
(8) Meta Platforms Ireland Limited and EJOT have agreed that Meta is primarily responsible for providing you with information about the joint processing and for enabling you to exercise your rights under the GDPR. According to the GDPR you have the right to information (Art. 15 GDPR), correction (Art. 16 GDPR), portability (Art. 20 GDPR) and deletion (Art. 17 GDPR) of your data as well as to object to the processing of your data (Art. 21 GDPR) and to restriction of processing (Art. 18 GDPR). You can find out more about these rights in your Facebook settings.
(9) Meta Platforms Ireland Limited and EJOT have agreed that the Irish Data Protection Commission will be the primary authority in overseeing the processing under joint responsibility. You have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with your local supervisory authority.
14. Use of Instagram
(1) EJOT Holding GmbH & Co. KG and EJOT SE & Co. KG (in the following only for “13. Use of Instagram” also individually “EJOT”) operate each, but always together with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, the operator of the social network Instagram, as the person responsible according to Art. 4 No. 7 GDPR, its own Instagram page under the following links:
· EJOT Holding GmbH & Co. KG: https://www.instagram.com/ejot_karriere/
· EJOT SE & Co. KG, Market Unit Construction: https://www.instagram.com/ejot_construction/
EJOT and Meta are therefore jointly responsible according to Art. 26 GDPR.
(2) As the person responsible for the Instagram page, EJOT has made agreements with Meta which, among other things, regulate the conditions for using the Instagram page. The Instagram terms of use and the other conditions and guidelines listed at the end are decisive:
https://help.instagram.com/581066165581870
(3) Meta describes which personal data is processed by Meta, how, for what purposes and on what legal basis in its data policy (https://help.instagram.com/519522125107875?helpref=page_content), which applies to all Meta products. There you will also find information about contact options for Meta and the setting options for advertisements, cookies, etc.
(4) Please check carefully which personal data you would like to provide EJOT via Instagram. Instagram belongs to the Meta group of companies and shares the infrastructure, systems and technology with Meta and other Meta companies.
(5) The processing of the information includes on the one hand to enable Meta to improve its system of advertising that it distributes via its network. On the other hand, it enables EJOT, as the operator of the Instagram page, to receive statistics that Meta creates on the basis of visits to the EJOT Instagram page (so-called page insights). This is summarized data that shows how users interact with the page. For example, this enables EJOT to gain knowledge of the profiles of the users in order to provide them with more relevant content and to be able to develop functions that could be of greater interest to them.
(6) With the help of the page insights, EJOT can anonymously evaluate the reach, the page views, the length of time spent on video posts, the actions (likes, comments, sharing of posts) as well as age, gender and location (as stated by the users in their respective Instagram profiles). Settings can be made for the evaluation of the reach or corresponding filters can be set with regard to the selection of a period, the consideration of a certain contribution and demographic groups (e.g. female, 20-30 years old). If visitors use Instagram/Meta on several devices, the recording and evaluation can also take place across devices if the visitors are registered and logged in to their own profile.
(7) The visitor statistics created are only transmitted to EJOT in anonymised form. EJOT has no access to the respective underlying data and can therefore not draw any conclusions about individuals. The data that are made available to EJOT are therefore anonymized, aggregated and abstracted.
(8) Legal basis and legitimate interests
EJOT operates this Instagram page in order to present EJOT to Instagram users and other interested persons who visit the EJOT Instagram page, to provide them with a variety of information and to communicate with them. The processing of the users' personal data takes place on the basis of the legitimate interest in an optimized company presentation and for marketing and optimization purposes (Art. 6 para. 1 sentence 1 lit. f GDPR).
(9) Transfer of data
It is conceivable that some of the information collected will also be processed outside the European Union by Meta Platforms Inc. based in the USA. Facebook Inc. is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with European data protection requirements:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
EJOT reserves the right to transfer data to the affiliated companies EJOT SE & Co. KG, Astenbergstr. 21, D-57319 Bad Berleburg, Germany or EJOT Holding GmbH & Co. KG, Im Herrengarten 1, 57319 Bad Berleburg, Germany. It will only be passed on to companies affiliated with EJOT if this is necessary for the type of information and only to the extent necessary.
(10)Opposition options
Instagram users can use the settings for advertising preferences to influence the extent to which their user behavior may be recorded when visiting the EJOT Instagram page. The Facebook and Instagram settings offer further options:
· under Facebook ad preferences
· in the Instagram privacy & security area
(https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/)
· with the right of objection form
(https://www.facebook.com/help/contact/1994830130782319)
(11)You can prevent the processing of information by means of the cookies used by Meta by not allowing third-party cookies or cookies from Meta in your own browser settings.
(12)Nature of shared responsibility
The agreements with Meta also on joint responsibility essentially mean that the user can request information (Art. 15 GDPR) and the other data subject rights (Art. 16 ff. GDPR) (see also under "20. Your rights") directly to Meta. As the provider of the social network, only Meta has direct access to the required information and can also take any necessary measures and provide information. EJOT supports if necessary.
15. Use of LinkedIn
(1) EJOT Holding GmbH & Co. KG and EJOT SE & Co. KG (hereinafter only for "15. Use of LinkedIn" also individually "EJOT") each, but always jointly with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"), the operator of the LinkedIn network, operate their own LinkedIn page under the following links as data controllers pursuant to Art. 4 No. 7 GDPR:
- EJOT Holding GmbH & Co. KG: https://www.linkedin.com/company/ejot/
- EJOT SE & Co. KG
o Market Unit Construction: https://www.linkedin.com/company/ejotconstruction/
o Market Unit Industry: https://www.linkedin.com/company/ejot-industrial-division/
EJOT and LinkedIn are therefore joint data controllers pursuant to Art. 26 GDPR.
Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
(2) When you visit, follow or engage with the EJOT LinkedIn company page, LinkedIn processes personal data to provide EJOT with statistics and insights in anonymised form . This provides EJOT with insights into the types of actions people take on the EJOT page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with the EJOT LinkedIn company page, e.g. whether you are a follower of the EJOT LinkedIn company page. With the Page Insights, LinkedIn does not provide EJOT with any personal data about you. EJOT only has access to the aggregated Page Insights. It is also not possible for EJOT to draw conclusions about individual members via the information in the Page Insights. This processing of personal data in the context of the Page Insights is carried out by LinkedIn and EJOT as joint controllers.
(3) The purpose of the data processing of the EJOT LinkedIn presence is to provide information about the company, the products and services of EJOT, combined with the possibility for users to interact with EJOT in a targeted manner. The processing serves the legitimate interest of EJOT to share information with EJOT users and to be able to communicate with them as well as to evaluate the types of actions taken on the EJOT-LinkedIn company page and to improve the EJOT company page based on these findings. The legal basis for this processing is Art. 6 (1) sentence 1 lit. f GDPR.
(4) EJOT has entered into an agreement with LinkedIn on the processing as joint controllers , which specifies the distribution of data protection obligations between EJOT and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:
- LinkedIn and EJOT have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn to do this online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or contact LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact EJOT at the contact details provided by EJOT about exercising your rights in relation to the processing of personal data in the context of the Site Insigts. In such a case, EJOT will forward your request to LinkedIn.
- LinkedIn and EJOT have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.
(5) Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the US or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.
16. Your rights
(1) You have the following rights with respect to your personal data:
- right of access (Art. 15 GDPR)
- right to rectification (Art. 16 GDPR) or right to erasure (Art. 17 GDPR)
- right to restriction of processing (Art. 18 GDPR)
- right to data portability (Art. 20 GDPR)
- right to object (Art. 21 GDPR)
Upon request, EJOT will provide you with information as to whether and which personal data we have collected about you, in accordance with the applicable statutory provisions. We always strive for a current and error-free data collection. If, despite our efforts to ensure that the data is accurate and up-to-date, incorrect information has been collected by EJOT, we will correct it as soon as possible upon request. You can send your applications to the following e-mail address:
datenschutz@ejot.com or dataprotection@ejot.com
(2) You also have the right according to Art. 77 GDPR to complain about our processing of your personal data to a data protection supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement.
17. Change of the data privacy statement
In relation to the progress of data processing and the associated legal changes, we are obliged to adapt this data privacy statement from time to time. Please always note the current version of our data privacy statement.
18. Responsible data protection supervisory authority
The data protection supervisory authority responsible for EJOT is:
North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information (LDI NRW)
Postfach 20 04 44 or Kavalleriestraße 2 - 4
40102 Düsseldorf – Germany 40213 Düsseldorf – Germany
Phone: 02 11/384 24-0
Fax: 02 11/384 24-10
poststelle@ldi.nrw.de
19. Reachability of the data protection officer
If you have any questions, suggestions or complaints regarding the data protection related to EJOT and the websites used by EJOT, please contact our data protection officer:
Group data protection officer
EJOT Group
Im Herrengarten 1
57319 Bad Berleburg – Germany
datenschutz@ejot.com
dataprotection@ejot.com