Data Protection

General Data Protection Provisions pursuant to the European General Data Protection Regulation GDPR


Data Protection Declaration

How do we safeguard the privacy of your personal data (PD) at our company?

Dear Website Visitor:

Through the publication of this Data Protection Declaration we aim to brief you on how we warrant compliance of our handling of your personal data in accordance with the EU General Data Protection Regulation (abbreviated GDPR) at our company in general, transparent and easy-to-understand terms.

This Data Protection Declaration will share with you information as to which kind of personal data we collect, for which purposes we collect them and what we do with the personal data we have collected. Given that this is an important information for you, we encourage you to make time to read our Data Protection Declaration thoroughly.

  1. It is principally possible to use our website https://www.eltec.com without providing any personal data (such as your first and last names, etc.). However, if you (in the following also: the data subject) would like to use one of our services and/or order any products via our website, it may be necessary to share such personal data.

    If we have to process your personal data, e.g. for the following purposes:

    to process an inquiry / reservation / newsletter subscription / registration

    we will principally obtain your consent to the processing of your personal data pursuant to Article 6, Paragraph 1, Sentence 1, lit. a. GDPR.

    As an alternative, you also have the option to contact us via telephone. We shall always process your data in compliance with the EU General Data Protection Regulation. Our legal basis for data processing is Article 6, Paragraph 1, Sentence 1, lit. f GDPR. The legitimate interest of the data controller (our company) arises from the abovementioned purposes.


  2. Collection of General Data (Log Files)

    a) When anyone accesses our website, information is automatically sent to the server of our website. This information is temporarily stored in a so-called "log file". The following information is collected automatically without you having to do anything and stored until it is automatically erased:

    -  the Internet Protocol Address (IP address) of the accessing computer;
    -  access date and time;
    -  name and URL of the accessed file;
    -  the previously visited website (so-called "referrer website");
    -  utilized browser and, if applicable, the operating system of your computer;
    -  the name of your Internet service provider;
       as well as
    -  any similar data and information that has the capability of assisting us with the defense against attacks of our information technology systems.

    b) We process the data specified under section 2 a) for the following purposest:

    -  to warrant the smooth establishment of connections with the website;
    -  to guarantee the convenience of use of our website;
    -  to analyze the security and stability of our system;
       as well as
    -  for further administrative purposes.

    Our legal basis for this type of data processing is Article 6, Paragraph 1, Sentence 1, lit. f GDPR. Our legitimate interest arises from the purposes of data collection specified under section 2 b). Under no circumstances shall we use the data we collect for the purpose of arriving at conclusions as far as you as a person is concerned.


  3. Collection and Archiving of Personal Data; Type and Purpose of Data Utilization

    a) Subscription to our Newsletter

    The data subject (you) will be able to receive our Newsletter only if the data subject has expressly consented to the Newsletter registration pursuant to Article 6, Paragraph 1, Sentence 1, lit. a GDPR. The e-mail collected in conjunction with this is used to send a confirmation e-mail to the data subject as required by law. The purpose of this confirmation e-mail is to verify the identity of the data subject.

    We also store the IP address of the data subject at the time the data subject registers, along with the data and time of registration. The collection of this data is necessary to be able to track the (potential) misuse of the e-mail address of a data subject in the future and it is used as evidence for legal purposes (burden of proof).

    The registration procedure is recorded on the basis of our legitimate interests pursuant to Article 6, Paragraph 1, lit. f GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system which serves our business interests as well as the expectations of the users and, furthermore, allows the proof of consent.

    It is always possible to unsubscribed from the Newsletter, for instance by using the link that appears at the end of every Newsletter. As an alternative, you may also send a request to unsubscribe to the following e-mail address at any time: info.eltec@westermo.com.

    The newsletters are sent out by the mailing service provider MailChimp, a newsletter mailing platform of the company The Rocket Science Group, LLC in the USA. The privacy policy of MailChimp can be viewed here: https://mailchimp.com/legal/privacy/.

    The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and, thereby, provides a guarantee of compliance with the European Data Protection level (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

    The mailing service provider is appointed on the basis of our legitimate interests pursuant to Article 6, Paragraph 1, lit. f GDPR and of a Data Processing Agreement pursuant to Article 28 Paragraph 3, Sentence 1 GDPR.

    The mailing service provider may use the recipient's data to optimize or improve its own services, e.g. for the technical optimization of dispatch and the presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to pass on the data to third parties.

    Statistical evaluation procedures

    The newsletters contain a so-called web beacon, i.e. a one-pixel file which is retrieved from our server when the newsletter is opened, or, if we use a mailing service provider, from its server. Within the scope of this retrieval, technical information is first collected, such as

    -  date and time of retrieval,
    -  information about the recipient's browser and system,
    -  IP address

    This information is used for the technical improvement of the services on the basis of technical data or target groups and their reading behavior on the basis of retrieval locations (which can be determined with the help of the IP address) or access times. Statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked, which is documented with a star rating.

    This information can be assigned to the individual newsletter recipients due to technical reasons. It is, however, neither our endeavor nor, if used, that of the mailing service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

    b) Support requests submitted to our Ticket Center

    You have the option to register via our embedded Ticket Center and submit any kind of support request. To do so, you will have to provide a valid e-mail address, so that we can identify the source of the request and respond. Other information, such as your title and name, is also required. We process your data submitted for the purpose of contacting us pursuant to Article 6, Paragraph 1, Sentence 1, lit. a GDPR based on your voluntary consent. At the time of registration, the user's IP address as well as the date and time of registration are also logged in order to be able to prove the registration process in accordance with the legal requirements.

    The registration takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with a foreign e-mail address

    c) Use of the Download Center via our website

    You have the option to register via our embedded Download Center so that you can download manuals, drivers and other documentation. To do so, you will have to provide a valid e-mail address, so that we can identify the source of the request and respond. Other information, such as your title, name, and company is also required. We process your data submitted for the purpose of contacting us pursuant to Article 6, Paragraph 1, Sentence 1, lit. a GDPR based on your voluntary consent. At the time of registration, the user's IP address as well as the date and time of registration are also logged in order to be able to prove the registration process in accordance with the legal requirements.

    The registration takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with a foreign e-mail address

    d) Permission to process personal data

    Any time you consent to the processing of your personal data, you confirm that

    1. your consent is freely given, 2. you are informed, 3. your consent is clear and 4. you may revoke your consent (for future transactions).


  4. Sharing of Data

    We shall not transmit your personal data to any third parties for purposes other than those listed below. We shall share your personal data with third parties only:

    -  if you have given us your express consent pursuant to Article 6, Paragraph 1, Sentence 1, lit. a GDPR;
    -  if the sharing is required to enforce claims pursuant to Article 6, Paragraph 1, Sentence 1, lit. f GDPR and provided there is no reason to presume that you have an overriding legitimate interest in your data not being shared;
    -  if a statutory mandate to share applies pursuant to Article 6, Paragraph 1, Sentence 1, lit. c GDPR;
    and
    -  if this is permitted by law and necessary to handle contractual relationships with you pursuant to Article 6, Paragraph 1, Sentence 1, lit. b GDPR.


  5. Rights of Access by the Data Subject (Access Rights of the Affected Party)

    Pursuant to Article 15 GDPR, you have the right to demand information about the processing of any of your personal data by us. In particular, you may demand information as to

    a)  the purposes of processing your data;
    b)  the categories of personal data we process;
    c)  the categories of recipients to whom we have disclosed or will disclose your personal data;
    d)  the envisaged period for which the personal data will be archived;
    e)  the existence of your right to have your data rectified, erased, have its processing restricted or to object to such processing;
    f)  the existence of your right to lodge a complaint with a supervisory authority;
    g)  the source of your personal data if we did not collect your data in-house;
    as well as
    h) the existence of an automated decision-making tool, including profiling.

    Furthermore, the data subject is entitled to information as to whether personal data has been transmitted to a third country or an international organization. If this should be the case, the data subject also has the right to receive information about any appropriate safeguards in place in conjunction with the data transfer.

    If a data subject likes to exercise this right to information, the data subject may contact our Data Protection Officer or any other employee of the data controller responsible for the processing of the data; see section 18.


  6. Right to Data Rectification – Article 16 GDPR

    The data subject shall have the right to obtain from the data controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.


  7. Right to Erasure ("Right to be Forgotten") – Article 17 GDPR

    The data subject has the right to demand the erasure of any personal data we have archived, unless the processing is required for the fulfillment of a legal obligation, on the grounds of public interest or to establish, exercise or defend any legal claims.

    Your right to erasure comprises the following:

    a)  The personal data is no longer required for the purposes for which they were collected or otherwise processed;
    b)  The data subject revokes his/her consent to the processing of personal data pursuant to Article 6, Paragraph 1, Sentence 1, lit. a or Article 9, Paragraph 2, Sentence 1, lit. a GDPR and any other legal basis for the processing does not exist.
    c)  The data subject objects to the processing of personal data pursuant to Article 21, Paragraph 2 GDPR and there are no overriding legitimate interests for the processing.
    d)  The personal data was processed unlawfully.
    e)  The erasure of the personal data is necessary in order to fulfill a legal obligation pursuant to European Union Law or the laws of any of the member states the data controller is subject to.
    f)  The personal data was collected in reference to the offered services of the information society pursuant to Article 8, Paragraph 1 GDPR.


  8. Right to Restriction of Processing – Article 18 GDPR

    You have the right to demand the restriction of the processing of your personal data if you contest the accuracy of the personal data, if the processing of the data is unlawful but you refuse to have it erased though we no longer need the data, because you require the data to establish, exercise or defend any legal claims or if you have filed an objection to the processing of the data pursuant to Article 21 GDPR.


  9. Right to Data Portability – Article 20 GDPR

    You have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and to demand its transmission to a different data controller.


  10. Conditions for Consent – Article 7, Paragraph 3 GDPR

    The data subject has the right to revoke his/her consent at any time. The lawfulness of the processing of the data before the consent is revoked shall not be affected by the revocation. The data subject shall be notified of this prior to giving his/her consent. The revocation of consent must be as easy as giving consent. If you would like to exercise your right to revoke consent, you may simply send an e-mail to info.eltec@westermo.com.


  11. Right to Object – Article 21 GDPR

    If your personal data are being processed on the grounds of legitimate interests pursuant to Article 6, Paragraph 1, Sentence 1, lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, if reasons exist that arise from your personal situation or if the objection targets direct marketing purposes. In the latter case, you have a general right to object which shall be implemented by us without you providing a special situation as grounds. If you would like to exercise your right to object, you may simply send an e-mail to info.eltec@westermo.com.


  12. Right to Lodge a Complaint with a Supervisory Authority – Article 77 GDPR

    Without prejudice to any other administrative or court-based legal remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular, in the member state where the data subject is residing, working or where the alleged infringement has occurred, if the data subject is of the opinion that the processing of the personal data related to the data subject is in violation of this Regulation.

    As a rule, to do so, you may contact the supervisory authority at your usual place of residence or at your workplace.

    If a data subject wants to exercise his or her rights, the data subject may contact our Data Protection Officer or any other employee of the data controller responsible for the processing of personal data, see section 18.


  13. Security of Data Processing – Article 32 GDPR

    We have implemented comprehensive technical and organizational measures and security precautions to protect your personal data against unauthorized access or misuse. We review our security processes at regular intervals and update them to the latest state of the art. Our employees are trained in data protection and are required to maintain confidentiality and comply with the data protection regulations.

    To that end, our data protection principles aim at permanently safeguarding

    1. confidentiality
    2. integrity
    3. availability and security infringement resistance

    of the systems and services affiliated with the processing of data.


  14. Cookies

    To make our website user-friendly and to optimally tailor it to your needs, we use cookies on our websites. A cookie is a small text file that is stored locally on your notebook, tablet, smartphone, etc. However, this does not mean that we obtain direct knowledge of your identity as a result. For instance, we use so-called "session cookies", to be able to determine that you have already visited individual pages of our website. They are automatically erased from our website after you leave. Your browser also offers an option to erase cookies (e.g. by deleting the browser data). For additional information, please consult the operation manual of your browser. As a rule, you can also find specific settings for your Internet browser in the corresponding settings menu. The data processed by cookies are required for the purposes listed to protect our legitimate interests and those of third parties pursuant to Article 6, Paragraph 1, Sentence 1, lit. f GDPR.

    Every time our website is accessed, data concerning this transaction are archived in a log file. These data are not personal data, hence, we are not able to track which user has accessed which data. Specifically, the following data batch is archived every time the site is accessed:

    -  name of the accessed file;
    -  access date and time;
    -  transmitted data volume;
    -  information as to whether the access was successful.

    You also have the option to deactivate or manage cookies in your entire browser.

    https://support.google.com/accounts/answer/61416?hl=de 
    https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
    https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies#
    http://help.opera.com/Windows/10.00/en/cookies.html

  15. Used Analysis Tools

    We carry out the following analysis tools pursuant to Article 6, Paragraph 1, Sentence 1, lit. f GDPR. With the tracking measures used, we want to ensure that our website is designed to meet requirements and is continually optimized. Please refer to the corresponding tracking tools for the respective data processing purposes and data categories.

    a) Google Analytics

    This website uses Google Analytics, a web analytics service provided by Google LLC (Google). It is used pursuant to Article 6, Paragraph 1, Sentence 1, lit. f GDPR. Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website, such as

    -  date and time of access
    -  browser type and version used
    -  IP address
    -  operating system used
    -  websites from which the user has accessed our website
    -  service provider of the user
    -  volume of data transferred
    -  websites accessed by the user via our website

    are usually transferred to a Google server in the USA and stored there.

    The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. Furthermore, we have added the "anonymizeIP" code to Google Analytics on this website. This guarantees the masking of your IP address so that all data is collected anonymously. Your full IP address is transmitted to a Google server in the USA and then shortened there, only in exceptional cases.

    On behalf of the operator of this website, Google uses this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. You can prevent the storage of cookies by means of a corresponding setting in your browser software. However, we would like to point out that in this case you may perhaps not be able to use all the functions of this website to their full extent.

    You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. An opt-out cookie is stored on your end device. If you delete your cookies, you must click the link again.

    Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).

    The Google LLC is headquartered in the USA and is certified under the EU-US Privacy Shield. Further information about the Privacy Shield can be found in the Google Analytics Help Center (https://support.google.com/analytics/answer/7105316?hl=en). As a result of this agreement between the USA and the European Commission, the latter has determined an appropriate level of data protection for companies certified under the Privacy Shield.


  16. General Information about Social Media Plug-Ins

    On the basis of Article 6, Paragraph 1, Sentence 1, lit. f GDPR, we use social media plug-ins of the social networks YouTube and Google Maps on our website to promote our company's name recognition. The related promotional purposes are considered legitimate interests as defined in the GDPR. These social networks are under the exclusive operation of third party providers; some of which maintain their business domiciles outside of the EU. It is possible that third party providers do not offer data protection levels that would be adequate for you. These browser plug-ins and links can be identified on our website by logos or other alerts.

    a) Use of YouTube Plug-ins (Videos)

    On some of the pages of our website, we have embedded videos archived on YouTube. YouTube is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have activated the "expanded data protection mode" for all YouTube videos on our websites. YouTube provides this mode and, thus, assures users that YouTube will not store any cookies containing personal data on your computer. When accessing the website and for the purpose of embedding videos, the IP address is transmitted. However, it cannot be allocated to you unless you have logged into YouTube or another Google service prior to accessing the website or if you are permanently logged into these services.

    As soon as you click an embedded video to play it, thanks to the expanded data protection mode, YouTube will only store cookies on your computer that do not contain data that identify you personally. These cookies may also be prevented by respective browser settings and expansions. For more information about the embedding of YouTube videos, please visit the information site published by YouTube.

    b) Google Maps

    Our website uses the map service offered by Google Maps by means of an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to be able to use the functions of Google Maps, the user's IP address must be archived. This information is usually sent to a Google server in the United States, where it is archived. The provider of this website does not have any control over this data transfer. Google Maps is a service offered in the interest to depict our website in an attractive manner and for customers to be able to easily navigate to any locations we disclose on our website. This establishes a legitimate interest as defined in Article 6, Paragraph 1, Sentence 1, lit. f GDPR. For more information as to how Google handles user data, please consult Google's Data Protection Declaration https://privacy.google.com/intl/en.


  17. Existence of an Automated Decision-making Tool / Profiling

    As a responsible enterprise, we do not use tools such as automated decision-making tools or profiling.


  18. Name and Address of the Data Processing Controller

    The Data Processing Controller as defined in the GDPR is:

    Westermo Eltec GmbH
    Marco Gerhard
    Managing Director
    Galileo-Galilei-Str. 11
    55129 Mainz (Germany)

    Fon +49 6131 918 100
    E-Mail privacy.eltec@westermo.com
    Web www.eltec.com


    Our third-party Data Protection Officer can be reached at the following address:

    EDV Sachverständigen- und Datenschutzbüro Michael J. Schüssler
    Kolpingstr. 3
    63739 Aschaffenburg (Germany)

    Fon +49 6021 439 18 45
    E-Mail info@svb-ms.de
    Web www.datenschutz4you-aschaffenburg.de 


  19. Competent Data Protection Authority

    The State Data Protection Officer and Officer for Freedom of Information of Rhineland-Palatinate:

    Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
    Prof. Dr. Dieter Kugelmann
    Hintere Bleiche 34
    55116 Mainz (Germany)

    Fon +49 6131 208 24 49
    Fax +49 6131 208 24 97
    E-Mail poststelle@datenschutz.rlp.de
    Web www.datenschutz.rlp.de/de 


  20. Topicality and Modifications of this Data Protection Declaration

    This Data Protection Declaration is topical and effective as of April 2019.

    It may become necessary to make updates to this Data Protection Declaration due to the further development of our website and the products as well as the services offered or because changes in the law or government authority-imposed mandates.