EWS GmbH & Co. KG, Am Bahnhof 20, 24983 Handewitt, is the “controller”, as defined by the European General Data Protection Regulation (GDPR), with respect to the data processing on this website. We respect and protect your privacy rights. We understand the importance of personal information that we receive from you as a user of our website. We respect the protection of your personal data and will collect, store or process all data obtained exclusively in accordance with the relevant data protection regulations and within the scope of our business purpose.
Personal data is all information relating to an identified or identifiable natural person. A natural person is considered as identifiable if they can be identified directly or indirectly, in particular by association with an identifier, such as a name, an identification number, location data, online identification data or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
3. Legal basis for processing
If we obtain your consent for the processing of personal data, Article 6 (1) sentence 1 lit. a of the European Data Protection Regulation (GDPR) serves as the legal basis.
The processing of personal data required for the performance of a contract with you is based on Art. 6 (1) p. 1 lit. b) GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, this is to be done within the framework of Art. 6 (1) p. 1 lit. c) GDPR.
If the processing is necessary to protect a legitimate interest of us or a third party and this interest is not overridden by your interests, fundamental rights and freedoms, Article 6 (1) sentence 1 lit. f) GDPR serves as the legal basis for the processing. The legitimate interest of our company is usually the provision of our owed/due services and / or ongoing optimisation of our services and presentations.
4. Data deletion and retention
Your personal data will be erased or blocked as soon as the purpose for its retention ceases to exist. The retention period may be extended if this is provided for by the European or national legislators in EU regulations, laws, or other directives. Data will also be deleted or blocked if a retention period as stated by the legal rules above expires, unless there is a need for further data retention in order to conclude or fulfil a contract.
5. Collection of personal data
In principle, we do not collect or use any personal data when you visit our website. We only collect and use your personal data to the extent that is necessary for providing a functional website and our content and services. The collection and utilisation of personal data occurs only after active consent by the user. Exceptions apply in cases where obtaining consent is impossible for factual reasons and where data processing is permitted by law.
In the following, we would like to inform you about the type, scope, and purpose of our data handling within the framework of this website:
5.1 Server log files
Any time our website is accessed, the user's access data that are required for enabling and billing the use is stored on our server in a log file which is automatically transmitted to us by your browser.
- Browser type / browser version
- Operating system used
- Host name of the accessing computer
- Date and time of server request
- IP address of the computer accessing the website
- Website from which our website was accessed (Referrer URL)
- Files accessed
- Data volume transferred
The log files are stored for the following purposes:
- Evaluation of file access for statistical purposes
- System security and stability of the website
- Review for any use that violates the terms of contracts or is otherwise unlawful provided that there are actionable indications for this.
This data processing operation is based on Art. 6. (1) p. 1 lit. f) GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection. We do not use the data collected for the purpose of identifying you. We do not combine this data with other data sources.
5.2 Required cookies
Whenever our website is viewed, so-called "cookies" are stored on the user's computer. A cookie is a small text file in the designated directory of the computer. This file is used to identify the user's computer for the duration of the session. Cookies cannot manipulate the user's end device and can be deleted manually at any time, most easily in the browser.
You can individually set the handling of cookies in your internet browser so that cookies are rejected or only accepted after confirmation. The sole purpose of cookies which are regulated here with the scope of legitimate interest, so-called "session cookies" is to ensure the function of our Internet offer. Please note that some features of our application cannot work properly if you decide to reject cookies in general.
The processing of the data by cookies is required for the aforementioned purposes to safeguard our legitimate interests as well as those of third parties according to article 6 (1 ) p. 1 lit. f) GDPR.
5.3 Usage data
We collect and use personal data on the basis of Art. 6 (1) p. 1 lit. b) GDPR from you to the extent necessary to enable the use of our website (usage data).
5.4 Data in the context of contact
If you use the contact form to send us inquiries, we will store your data from the form or the e-mail address provided for contacting you, including the contact data you provided there, only for processing the respective inquiry and in case we have any follow-up questions. We do not pass this data on to third parties without your consent. This data usage is based on article 6 (1) p. 1 b) GDPR as part of the processing of your concern. In order to prevent unauthorised access to your personal data, the e-mail traffic is encrypted by SSL/TLS-technology.
We offer our planning tool "QuickPlan" on our website. If you use "QuickPlan" as an end customer and consent actively to a forwarding of your personal data, we will send those to a maximum of one to three (1-3) cooperating installers for the purpose of submitting an offer. The legal basis for this is Article 6(1) p. 1 lit. b) GDPR. The further and subsequent data usage by the external installers is outside our purview.
5.6 Newsletter mailing
In addition, we offer a free newsletter to our partner resellers to provide them with new information. In order to receive the newsletter, we ask you to provide your e-mail address and an evidence of business registration. The disclosure of additional, separately marked data is optional.
We use the double-opt-in procedure for the newsletter subscription. After you have signed up, we will send you an e-mail to the provided e-mail address and ask for confirmation that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to investigate possible misuse of your personal data. After your confirmation, we save your e-mail address only for the purpose of sending the newsletter.
The legal basis for this is Article 6 (1) p. 1 lit. a) GDPR. You can unsubscribe at any time, e. g. by clicking on the corresponding link at the end of each newsletter or, for instance, by sending an e-mail to email@example.com.
5.7 Data related to your registration
On our website, we offer you the opportunity to register by providing your personal data. The data is entered in an input mask and transmitted to us and stored.
The following data is collected during the registration process:
- Customer number
- First name
- Last name
- Address of customer
- Postal code
- Phone number
- E-mail address
The following data is also stored at the time of registration:
- IP address of the user
- Date and time of registration
Registration in the partner login serves to make certain content and services available as part of our services. The legal basis for data processing is your consent, given during the registration process and revocable at any time, based on Art. 6 (1) p. 1 lit. a) GDPR. We do not pass this data on to third parties without your consent.
5.8 Tracking method
The use of tracking tools and in particular cookies set for this purpose is based on Art. 6 (1) p. 1 lit. a) GDPR by your consent, which can be revoked at any time. In this way, we want to ensure a needs-based design and the ongoing optimization of our website (through statistical evaluations).
Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google LLC (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
We would like to point out that the code "anonymizeIp" has been added to Google Analytics on this website to ensure anonymised collection of IP addresses (so-called IP masking). We only use Google Analytics to analyse data from doubleclick cookies and AdWords for statistical purposes. If you do not wish this, you can deactivate it via the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de).
Use of Google Maps
Our website uses the interactive map service Google Maps provided by Google LLC (“Google“), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. This allows us to display interactive maps to you directly on our website and enables you to comfortably use the map feature.
When you visit our website, Google receives information that you have accessed the respective webpage on our website. In addition, the above-mentioned data (5.1) are transmitted. This is done regardless of whether Google provides a user account through which you are logged in, or if there is no user account. If you are logged in to Google, your data will be directly allocated to your account. If you do not want this data to be allocated with your profile on Google, you must log out before activating the button. Google stores your data as a user profiles and uses it for advertising, market research and/or to design its website based on users’ needs. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of demand-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles which can only be exercised by contacting Google, though.
Use of Google WebFont
Our website uses so-called web fonts for the uniform presentation of fonts. Google Fonts is a service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). When you access a page on our website, your browser loads the required web fonts into your browser cache to correctly display text and fonts.
For this purpose, the browser you are using has to establish a direct connection to the Google servers. As a result, Google will learn that your IP address was used to access our website.
If your browser does not support the Google fonts or if you stop accessing the Google servers, the text will be displayed in the system's default font. For more information about Google Web fonts, please visit: www.google.com/fonts#AboutPlace:about. Information on data protection can be obtained at: https://policies.google.com/privacy?hl=en&gl=de.
Use of YouTube-Plugins
Our website uses the plugin function of the YouTube platform by Google LLC (“Google“), 1600 Amphitheatre Parkway, Mountainview, California 94043, USA.
Every time you access our website, you are connected to the YouTube servers. Your visit to our website will be communicated to the YouTube server. To our knowledge, this does not involve any processing of personal data. However, if you are logged in to your YouTube account, you would enable YouTube to relate your browsing history directly to your personal profile.
You can deactivate this allocation by logging out of your account before accessing our website.
Use of Google reCAPTCHA
Our website uses Google reCAPTCHA. To protect input forms on our website we use Google “reCAPTCHA” provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google").
By using this service, it is possible to distinguish within the scope of an analysis of the behaviour of the website visitor whether the corresponding input is of human origin or is abusive due to automated machine processing. For the purpose of this analysis, the service evaluates various information, e.g. the IP address, duration of the visit to the website or tracked mouse movements, and forwards this data to Google.
Google uses the information obtained in this way, among other things, to digitise books and other printed matter and to optimize services such as Google Street View and Google Maps (e.g. house number and street name recognition).
The IP address transmitted as part of "reCAPTCHA" is not merged with other data from Google, unless you are logged into your Google account at the time of using the "reCAPTCHA" plug-in. If you want to prevent this transmission and storage of data about you and your behaviour on our website by "Google", you must log out of "Google" before you visit our site or use the reCAPTCHA plug-in.
The following data is transmitted automatically:
- Anonymised IP address of the user;
- Date, time of consent;
- User agent of the end user's browser;
- Website from which the access was made (referrer URL);
- Anonymous, random and encrypted key;
- The cookies allowed by the user (cookie status), which serves as proof of consent.
An automatically created key for managing/proving granted consents and the consent status are also stored in the end user's browser in the cookie "ews". This allows the website to automatically read and comply with the end user's consent in all subsequent page requests and future end user sessions for up to 12 months.
The legal basis for the data processing is Art. 6 (1) lit. c GDPR. Only with a corresponding mechanism for granting and managing consent can we comply with the legal requirements.
You can prevent the collection and processing of your data by disabling the execution of script codes in your browser settings or by installing a script blocker in your browser.
6. Your rights
Where we process your personal data on our website you are a “data subject”, as defined by the GDPR. Therefore, you have the following rights vis-à-vis us:
6.1 Right of access
You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipients to whom your personal data have been disclosed or are still being disclosed;
- The envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of a right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from you, any available information as to their source;
- The existence of an automated decision-making process, including profiling pursuant to article 22 (1) and (4) of the GDPR and, at least in these cases, meaningful information on the logic involved, as well as the significance and the envisaged consequences of such a processing for you.
You also have the right to be informed as to whether your personal data is transferred to a third country or to an international organization. In this context, you have the right to be informed of the appropriate safeguards pursuant to article 46 GDPR relating to the transfer.
6.2 Right to rectification
You have the right to obtain from us without undue delay the rectification and/or completion of your personal data, provided that your processed data is incorrect or incomplete. Should this be the case, we will make the correction without delay.
6.3 Right to restriction of processing
You shall have the right to obtain from the controller restriction of processing where one of the following applies:
- You contest the accuracy of your personal data for a period of time that enables us to verify the accuracy of the data
- The processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
- We no longer need your personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims, or
- You have objected to the processing pursuant to article 21 (1) GDPR pending the verification whether our legitimate grounds override your legitimate grounds.
If you have requested the restriction of the processing of your personal data, these shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State. You will be informed by us before the restriction is lifted.
6.4 Right to erasure
You shall have the right to obtain from us the erasure of your personal data without undue delay. We are obliged to erase personal data without delay where one of the following reasons applies:
- Your personal data is no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing is based according to article 6 (1) p. 1 lit. a) or article 9 (2) lit. a) GDPR, and where there is no other legal ground for the processing.
- You object to processing pursuant to article 21 (1) GDPR and there are no overriding legitimate grounds for the processing.
- In accordance with article 21 (2) GDPR, you object to the processing by means of direct marketing.
- The personal data have been unlawfully processed.
- Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
- Your personal data have been collected in relation to information society services referred to in article 8 (1) GDPR.
If we have made your personal data public and we are obliged to erase it pursuant to article 17 (1) GDPR, we shall take reasonable steps, taking into account the available technology and the implementation costs, to inform responsible person/s which is/are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Your right to erasure shall not apply to the extent that processing is necessary:
- For exercising the right to freedom of expression and information;
- For compliance with a legal obligation which requires processing by Union or of the Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
- For reasons of public interest in the area of public health in accordance with article 9 (2) lit. h) and i) and article 9 (3) GDPR;
- For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes pursuant to article 89 (1) of the GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
- For the establishment, exercise or defence of legal claims.
6.5 Right of information
Where you have exercised your right to the rectification or erasure of data or the restriction of its processing vis-à-vis us, we have a duty to communicate this rectification or erasure of the data or the restriction of its processing to all recipients to whom your personal data was disclosed, unless this proves impossible or involves disproportionate effort.
You have a right to be informed about these recipients.
6.6 Right to data portability
You have the right to receive your personal data, which you may have provided us, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another responsible person without hindrance, provided that
- the processing is based on consent pursuant to article 6 (1) p. 1 lit. a) GDPR or article 9 (2) lit. a) GDPR or on a contract pursuant to article 6 (1) p. 1 lit. b) GDPR
- the processing is carried out by automated means.
You also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
We do not believe that the data currently being processed within the offering of our website include data that is subject to the right of data portability.
6.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, which is based on article 6 (1) p. 1 lit. e) or f) GDPR at any time, including profiling based on those provisions.
We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
6.8 Right to revoke under data protection declaration law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
6.9 Automated indivisual decision-making, including profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects for you or has similar significant negative effects for you. We do not perform such processing operations.
6.10 Right to issue complaint to supervisory entity
Without prejudice to any other rights of administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or the place of the alleged infringement, if you feel that the processing of your personal data violates the GDPR.
7. Responsibility for linked content
8. Transfer of personal data to third parties
Your personal data will be stored exclusively on our servers or on servers used on our behalf. Access and use of the data is only possible for an expressly authorised group of employees or service providers and is only limited to data necessary for the completion of their respective task.
9. Data security
To protect your personal data, we have taken technical and organisational measures to ensure that your data is protected against accidental or intentional loss, destruction or manipulation and against access by unauthorised persons. Our protective measures are reviewed at regular intervals and, if necessary, adapted to technical progress.
10. Data protection officer
If you have any further questions regarding the processing of your personal data, please contact our Data Protection Officer:
Mr. Moritz Winner
EWS GmbH & Co. KG
Am Bahnhof 20
Tel.: +49 4608 / 60 75 162
Version: November 2021