This privacy policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within the scope of our services and our online presence and the associated websites, functions and content as well as external online presences, such as our social media profiles (hereinafter collectively referred to as “online presence”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Controller
EDE Group GmbH
Am Köhlersgehäu 60b
98544 Zella-Mehlis
Phone: +49 6021 92039-29
Email: info@ede-group.com
Types of Data Processed
- Inventory data (e.g., names or addresses).
- Contact data (e.g., email, telephone numbers).
- Content data (e.g., text input, photographs, videos).
- Usage data (e.g., pages visited).
- Meta/communication data (e.g., device information).
Categories of Data Subjects
Visitors and users of the online presence (hereinafter we also refer to the data subjects collectively as “users”).
Purpose of Processing
- Provision of the online presence, its functions and content.
- Responding to contact requests and communication with users.
- Security measures.
- Reach measurement/marketing.
Terms Used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant Legal Bases
In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. For users from the scope of the General Data Protection Regulation (GDPR), i.e. the EU and the EEA, unless the legal basis is mentioned in the privacy policy, the following applies:
The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR;
The legal basis for processing for the performance of our services and implementation of contractual measures as well as responding to inquiries is Art. 6(1)(b) GDPR;
The legal basis for processing for compliance with our legal obligations is Art. 6(1)(c) GDPR;
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) GDPR.
The legal basis for processing for the protection of our legitimate interests is Art. 6(1)(f) GDPR.
The processing of data for purposes other than those for which they were collected is determined by the provisions of Art. 6(4) GDPR.
The processing of special categories of data (pursuant to Art. 9(1) GDPR) is determined by the provisions of Art. 9(2) GDPR.
Security Measures
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input of, disclosure of, ensuring availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data and response to data compromise. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
Cooperation with Processors, Joint Controllers and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transmit it to them or otherwise grant them access to the data, this is done only on the basis of legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is necessary for contract performance), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose, transmit or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and beyond that on a basis that complies with legal requirements.
Transfers to Third Countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this occurs in the context of the use of third party services or disclosure or transfer of data to other persons or companies, this only occurs if it is to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transfer, we process or have the data processed only in third countries with a recognized level of data protection, which includes US processors certified under the “Privacy Shield” or on the basis of special guarantees, such as contractual obligation through so-called standard data protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission).
Rights of Data Subjects
You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.
In accordance with legal requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
You have the right, in accordance with legal requirements, to request that data concerning you be deleted without delay or, alternatively, to request restriction of the processing of the data in accordance with legal requirements.
You have the right to request that the data concerning you that you have provided to us be received in accordance with legal requirements and to request its transmission to other controllers.
You also have the right, in accordance with legal requirements, to lodge a complaint with the competent supervisory authority.
Right of Withdrawal
You have the right to withdraw consent given with effect for the future.
Right to Object
You can object to the future processing of data concerning you at any time in accordance with legal requirements. The objection can be made in particular against processing for direct marketing purposes.
Cookies and Right to Object to Direct Marketing
We do not use cookies.
Administration, Financial Accounting, Office Organization, Contact Management
We process data in the context of administrative tasks as well as organization of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. The processing bases are Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR. Customers, prospects, business partners and website visitors are affected by the processing. The purpose and our interest in the processing is administration, financial accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our tasks and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided for these processing activities.
We disclose or transmit data to the financial administration, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, organizers and other business partners, e.g. for the purpose of later contact. We generally store this predominantly company-related data permanently.
Hosting and Email Dispatch
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services and technical maintenance services that we use for the purpose of operating this online presence.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospects and visitors to this online presence on the basis of our legitimate interests in an efficient and secure provision of this online presence pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of data processing agreement).
