Data Protection Declaration

Overview on this page 

I. Karl Eschrich GmbH - Data protection declaration

  • Processing of  personal data 
  • Public register of procedures for the processing of personal data 
    1. Name and address of the responsible body
    2. Purpose of data processing
    3. Description of the groups of persons concerned and the relevant data or data categories
    4. Recipients or categories of recipients to whom the data may be communicated
    5. Deletion of data
    6. Planned data transmissions
    7. Security measures
    8. Accesing der Website
  • Rights relating to the processing of personal data 

 

I. Karl Eschrich GmbH - Data protection declaration

Processing of personal data

Purposes

We further process personal data that you provide voluntarily, e.g. when you make an inquiry or a booking or an order of information material or info booklet. Legal basis in this case is Art. 6 (1) lit. b GDPR. The data processed by us in this context include the data of customers, employees, and suppliers to the extent necessary for the purposes specified within the scope of this data protection declaration.

As far as we process your data as described previously for the purpose of receiving and processing your respective request, booking or order, you are obliged to provide us with this data, as without this data we are contractually not able to make a corresponding processing.

Where you have given your consent to the processing of personal data (cf. Art. 6 (1) lit. a GDPR), you can withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent up to the time of withdrawal of consent.

Public register of proceedings regarding the processing of personal data

 

The legal basis for this is § 4f para. 1 sentence 3 BDSG (Bundesdatenschutzgesetz). In order to get an overview, we have summarized the main information below:

  1. Name and address of the responsible body
  2. Purpose of data processing
  3. Description of the groups of persons concerned and the relevant data or data categories
  4. Recipients or categories of recipients to whom the data may be communicated
  5. Deletion of data
  6. Planned data transmissions
  7. Security measures
    1. SSL or TLS encryption
    2. Identification and prosecution of misuse
  8. Visiting our website
    1. Server log files
    2. Cookies
    3. Plugins and tools

1. Name and address of the responsible body

Alexander Eschrich
Karl-Marx-Straße 41
96515 Sonneberg-Haselbach

2. Purpose of data processing

KARL ESCHRICH GmbH is an international company that has been developing and producing vials for the cosmetic, the food and the chromatography industry for more than 75 years.

Data collection, processing and use serve to execute our business relations. The main areas for the processing of personal data are the following:

  • Personal (administration)
  • Suppliers (administration)
  • Customers (administration and customer care)
  • Business management processes (administration, production and development)


3. Description of the groups of persons concerned and of related data and data categories

Customer data, employee data, applicant data and supplier data, provided these are required to fulfil the above-mentioned purposes.

4. Recipients or categories of recipients to whom data may be communicated

Public offices in case of mandatory legal regulations, external contractors in accordance with § 11 BDSG, as well as external offices and departments of KARL ESCHRICH GBMH respectively connected companies for achieving the above mentioned goals. Data transfer to the data processor is executed on the basis of Art. 28 (1) GDPR.

5. Deletion of data

5.1 Standard deadlines for deletion of data

Legislation has defined numerous data storage deadlines and obligations. At the end of these deadlines, the relevant data will be routinely deleted. In case data is not affected by this, it is deleted or anonymized, as soon as the purposes defined in this data protection declaration no longer apply. Unless this data protection declaration includes no other deviating regulations for data storage, we will store any data we collect for as long as they are required for the above purposes for which they were collected.

5.2 Other data use and deletion of data

Any further processing or use of your personal data will generally only be carried out to the extent permitted on the basis of a legal regulation or where you have consented to data processing or data use. In the case of further processing for other purposes than the ones for which the data was originally collected, we will inform you about these other purposes and provide you with all other significant information before further processing.

6. Projected data transmission (also to third countries)

Data transfer to the data processors is executed on the basis of Art. 28 (1) GDPR. These service providers are processors bound by instructions and are according to this instructed by us e.g. processing your data exclusively in line with our instructions and in compliance with the applicable Data Protection Acts. In particular, they are bound to treat your data with strictly confidentially. They are not permitted to process the data for other purposes than the ones agreed.

In order to process procedures within the scope of the business purpose, necessary data are transmitted upon need to related companies, authorities, customers and suppliers in accordance with the international guidelines for data protection.

7. Security measures

Through carefulness in order placement, through appropriate quality specifications and employee training, KARL ESCHRICH GBMH ensures that the safety measures according to § 9 BDSG are ensured. Please consider that safety in using the internet is depending on different circumstances and cannot be ensured any time consistently.

7.1 SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7.2 Identification and prosecution of misuse

The data processors will store any information for the identification and prosecution of misuse, in particular your IP address, for a maximum period of 7 days. Legal basis in this case is Art. 6 (1) lit. f GDPR. Our legitimate interest in keeping your data for 7 days is to ensure the functioning of our website and the business transacted via our website and to be able to fight off cyberattacks and similar malicious actions. Where appropriate, we may use anonymous information to tailor the design of our website to user needs.

8. Visiting our website

Our hosting provider collects and stores your computer's IP address in order to send the contents of our website visited by you to your computer (e.g. texts, pictures, and files provided for downloading, etc.) (compare Art. 6 (1) lit. b GDPR). Our legitimate interest in data processing is to ensure the due functioning of our website and the business transacted via the website. (see our web privacy at: https://www.karl-eschrich.de/en/data-protection-declaration.html)

8.1 Server log files

The hosting provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data are not combined with other data sources. The basis for data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

 8.2 Cookies

Some of the Internet pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser the next time you visit our website.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be limited.

Cookies, which are necessary to carry out the electronic communication process or to provide certain functions desired by you, are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the storage of cookies for technically error-free and optimized provision of his services. Cookies for the analysis of your surfing behavior are not stored, if necessary these are mentioned and treated separately in this data security explanation.

 8.3 Plugins and tools

This site uses so-called web fonts provided by Google to uniformly display fonts. When you call up a page, your browser loads the required Web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you are using must connect to Google's servers. This gives Google knowledge that websites has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If your browser does not support web fonts, a default font is used by your computer.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.


 

Rights concerning the processing of personal data

Right of access

On request, you have the right to obtain information from us about the personal data concerning you and processed by us, to the extent defined in Art. 15 GDPR. You can send your request either by mail or email to the addresses given below.

Right to rectification

You have the right to require us to rectify any inaccurate personal data concerning you without undue delay (Art. 16 GDPR). For this purpose, please contact the addresses given below.

Right to deletion

Where the legal reasons defined in Art. 17 GDPR apply, you have the right to immediate deletion (“right to be forgotten”) of personal data concerning you. These legal reasons include: the personal data are no longer necessary for the purposes for which they were processed, or you withdraw your consent, and there is no other legal basis for processing; the data subject files an objection to the processing (and there are no overriding legitimate grounds for processing – does not apply to objections to direct advertising). To assert your above right, please contact the contact addresses given below.

Right to restriction of processing

If the criteria defined in Art. 18 GDPR are fulfilled, you have the right to restriction of processing as established in the mentioned article of the GDPR. According to this article, restriction of processing may be called for in particular if processing is unlawful and the data subject opposes deletion of the personal data and requests the restriction of their use instead, or if the data subject has objected to processing according to Art. 21 (1) GDPR as long as it is unclear whether our legitimate interest overrides the interest of the data subject. To assert your above right, please contact the contact addresses given below.

Right to data portability

You have the right to data portability as defined in Art. 20 GDPR. This means you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another responsible person, such as another service provider. Precondition is that processing is based on consent or a contract, and is carried out using automated means. To assert your above right, please contact the contact addresses given below.

Right to object

You have the right to object at any time under Art. 21 GDPR to processing of personal data concerning you which is based on Art 6 (1) lit. e or f GDPR, for reasons related to your particular situation. We will desist from processing your personal data unless we can demonstrate compelling legitimate reasons for processing which override your interests, rights, and freedoms, or unless processing is for the establishment, exercise, or defense of legal claims. To assert your above right, please contact the contact addresses given below.

Right to file a complaint with a supervisory authority

If you think that processing of personal data concerning you and carried out by us is unlawful or impermissible, you have the right to file a complaint with the supervisory authority responsible for us. You can contact this authority at:

Bayerisches Landesamt  
für Datenschutzaufsicht

Promenade 27 (Schloss)
91522 Ansbach 

 

Tel.: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Email: poststelle@lda.bayern.de 


Amendments of this data protection declaration

Die current version of this Privacy Policy is May 2018. If you have any questions regarding our data protection procedures, please contact us at:

Contact details of the person responsible:

Alexander Eschrich
Karl-Marx-Straße 41
96515 Sonneberg - Haselbach
Telefon: +49 (0) 36 762 82 64
E-Mail: info@karl-eschrich.de