Privacy Statement

Privacy Statement for our websites

The following notes provide a simple overview of what happens to your personal information when you visit our websites. Personal information is any information that personally identifies you. For detailed information on the subject of data protection, please refer to our data protection declaration below this text.

I. Who is responsible?

The party responsible within the context of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law is the:

EBF-EDV Beratung Föllmer GmbH
Gustav-Heinemann-Ufer 120-122
50968 Cologne
Germany
Tel.: +49 221 47455-0
Fax: +49 221 47455-111
E-Mail: moc.f1664457639be@of1664457639ni1664457639
Website: www.ebf.com

II. Name and address of the Data Protection Officer

Rahul Saxena
Gustav-Heinemann-Ufer 120-122
50968 Cologne
Germany
Tel.: +49 221 47455-320
E-Mail: moc.f1664457639be@yc1664457639avirp1664457639
Website: www.ebf.com

As per art 27 UK GDPR, our uk representative is: activeMind.legal UK Ltd and can be reached through: moc.f1664457639be@yc1664457639avirp1664457639

III. General information on data processing

Scope of the processing of personal data

We process the personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by applicable law.

In order to protect the security of your data during transmission, we use encryption procedures (e.g. SSL) via HTTPS. Our servers are protected by a firewall and virus protection. Back-up and recovery procedures as well as role and authorization concepts are a matter of course for us.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 Para. 1 lit. a EU Data Protection Basic Regulation (GDPR) serves as the legal basis.

Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1 lit. C serves as the legal basis.

In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

Data deletion and storage period

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.

IV. Data collection on our website

Provider of the pages is Host Europe GmbH, Hansestrasse 111, 51149 Cologne. Your data will be transmitted to Host Europe GmbH. The service provider is contractually obligated to treat your data confidentially.

 

Cookies

Server Log Files

Purpose and legal basis

When you access our website, the provider of the pages (Hosteurope) automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

These are:

  • Browser type and browser version
  • Used operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

They are processed particularly for the following purposes:

  • Ensuring a seamless connection to the website,
  • ensuring a seamless use of our website,
  • evaluation of system security and stability, as well as
  • for other administrative purposes.

This data will not be merged with other data sources.

The processing of the data is based on a legitimate interest according to Art. 6 para.1 lit. f GDPR in improving the stability and functionality of our website.

Provision mandatory or required

Your provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website is not guaranteed.

Duration of storage

The error logs are deleted after 7 days, the access logs after 14 days.

 

Contact form, whitepaper form and email contact

Purpose and legal basis

A contact form and whitepaper form as well as email addresses are available on our websites, which can be used for electronic contact and for an electronic request of a whitepaper.

By providing the contact form and email addresses, we would like to make it easier for you to contact us. The information you provide will be transmitted to us and stored for the purpose of processing your inquiry and for possible follow-up questions.

By providing the whitepaper form, we would like to enable you to contact us easily to request a whitepaper. We use the information you provide to send the whitepaper to the e-mail address you provide.

These data to be provided are:

  • First name
  • Last Name
  • Email address
  • Phone (contact form only)
  • Company

The processing of the data entered in the contact form and in the whitepaper form is based on a legitimate interest according to Art. 6 para.1 lit. f GDPR, and with regard to the initiation, implementation or termination of a contractual relationship pursuant to Art. 6 (1) lit b GDPR.

Provision mandatory or required

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, contact details and the reason for the request.

Duration of storage

The data entered by you in the contact form and whitepaper form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed or the whitepaper has been sent). Mandatory legal provisions – in particular retention periods – remain unaffected.

Revoke

You can revoke this consent at any time. For this purpose, an informal email notification to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

 

Accelerated Mobile Pages (AMP)

Purpose and legal basis

We also provide the content of our Internet pages via Accelerated Mobile Pages (AMP).

Therefore, if you call up one of our Internet pages, e.g. after a Google search with your smartphone, this AMP may not be delivered by our servers, but directly from the cache of third-party providers such as Google. In this case, the address line of your browser on the level of the second-level domain will not show our domain name (our internet address), but e.g. the domain name of Google. The source code of our page remains unchanged.

The processing of the data is based on a legitimate interest according to Art. 6 para.1 lit. f GDPR in order to accelerate the access of the website via mobile devices.

The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. There is no Adequacy Decision of the European Commission for the USA. We have concluded so-called standard contractual clauses with Google LLC.

If, however, the AMP versions of our Internet pages are in the cache at e.g. Google or other third party providers and are called up from there, we have no influence on the data processing and the handling of your IP address by them. We do, however, ensure that we do not collect any personal data via our AMP pages.

V. Web analysis with Matomo

On the basis of log files

Purpose and legal basis

We use Matomo, a locally installed analytics tool, to evaluate user behavior locally on the server. Matomo does not collect the data itself, but accesses the web server database. Matomo is provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. For New Zealand, there is an Adequacy Decision of the European Commission.

Processing is performed in accordance with Art. 6 (1) f GDPR on the basis of our legitimate interest. Reach measurement and the resulting information allow us to modify our website.

The web server truncates each requesting IP address before storing it in the log file. This means that the database is sufficiently anonymized and individuals cannot be identified.

Provision mandatory or required

There is no legal or contractual requirement to provide the data.

Profiling

Web analytics tools can be used to evaluate what visitors do on the website and analyze their interests. We create a pseudonymous user profile for this purpose.

Revoke

Please read the advisories below regarding your right to object per Art. 21 GDPR.

 

On the basis of cookies

Purpose and legal basis

This website uses Matomo, an open-source software program, for statistically analyzing visitor activity. Matomo is provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. For New Zealand, there is an Adequacy Decision of the European Commission.

Matomo uses cookies that allow us to analyze your use of the website. The information generated by the cookie about your use of the website is stored on a server in Germany.

The IP address is anonymized immediately after processing and before storage by truncating the last 2 bytes.

The processing is based on your consent, which can be revoked at any time, in accordance with Art. 6 Para. 1 lit. a GDPR.

You can prevent the installation of cookies by changing your browser settings. Please note that changing your settings may disable some of the the functions of this website.

Please see the following link for more information on Matomo privacy settings: https://matomo.org/docs/privacy/.

Duration of storage

The data is deleted as soon as we no longer require it for record-keeping. This happens automatically after 6 months in our case.

Profiling

We have configured Matomo to not perform profiling.

Revoke

There are three different ways to object to the processing of data by Matomo:

  • First, you can reject the setting of all cookies in your browser. However, this may mean that you can no longer use those functions of our website that require identification.
  • Second, you can activate the “do not track” setting in your browser. We have configured Matomo to respect this setting.
  • In addition, you can create an opt-out cookie by clicking below. The cookie is valid for two years. Matomo will then not register any more visits that you make. However, please note that the opt-out cookie will be deleted if you delete all your cookies.

VI. Google Ads (formerly Google AdWords)

Purpose and legal basis

Our Websites use the services offered by Google AdWords. Google AdWords  is a online marketing tool by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) in order to draw attention to our attractive offers by means of advertising material (so-called Google AdWords) on external websites. The information is usually transferred to and stored on a Google server in the USA, which does not have a level of data protection equivalent to the EEA.

The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. There is no Adequacy Decision of the European Commission for the USA. We have concluded so-called standard contractual clauses with Google LLC.

The processing is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

In relation to the data of the advertising campaigns, we can determine how successful our individual advertising measures are. We do this because our concern is to display advertising that is of interest to you, to make our websites more attractive to you and to be able to make a fair calculation of our advertising costs.

This advertising material is supplied by Google via so-called “Ad Servers”. For this purpose, we use Ad Server Cookies, which provide certain parameters to enable measurement of success, such as the insertion of the advertisements or clicks by the user. If you have reached our website via a Google ad, Google AdWords will save a cookie on your PC. Generally, these cookies expire after 30 days and are not intended to identify you personally. As a rule, the following are saved to this cookie as analysis values: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) plus opt-out information (marking to show that the user does not want to be contacted again).

These cookies enable Google to recognize your browser. If a user visits certain of an AdWords customer’s pages and the cookie stored on his or her computer has not yet expired, Google and the customer can see the user has clicked on the ad and been directed to this website. Each AdWords customer is allocated a different cookie. This means cookies cannot be traced via the websites of AdWords customers. We ourselves do not collect and process any personal data in the advertising measures mentioned above. Google merely makes statistical evaluations available to us. Using these evaluations, we are able to see which of the advertising measures are particularly effective. We do not receive any further data collected from the use of the advertising material; in particular, we are unable to identify the users from this information.

Based on the marketing tools used, your browser automatically makes a direct connection with the Google server. We have no influence on the scope and further use of data collected by Google by means of this tool and therefore inform you according to the state of our knowledge: by integrating AdWords Conversion, Google receives the information that you have called up the relevant part of our internet site or clicked on one of our ads. If you are registered with a Google service, Google can allocate the visit to your account. Even if you have not registered with Google or are not logged in, there is a possibility that the advertising provider may find your internet protocol address and save it.

There are various ways in which you can prevent being involved in this tracking procedure:

  • by an appropriate setting of your browser software: the suppression of third party cookies in particular will mean that you will not receive any ads from third party advertisers
  • by deactivating the cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads, although this setting will be deleted if you delete your cookies
  • by deactivating the interest-related ads of the advertising providers that form part of the self-regulating “About Ads” campaign, via the link https://www.aboutads.info/choices, although this setting will be deleted if you delete your cookies
  • by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browser via the link https://www.google.com/settings/ads/plugin. We must point out that in this case you may not be able to use all the functions of this offer to their full extent.

VII. Matomo Tag Manager

Purpose and legal basis

Our websites use Matomo Tag Manager. Matomo is provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. For New Zealand, there is an Adequacy Decision of the European Commission.

Matomo Tag Manager is a solution that allows tracking and marketing tags to be managed via a single interface. Tags are also referred to as snippets or pixels. They usually consist of JavaScript or HTML code and allow us to integrate various functions into our website with just a few clicks.

The legal basis for this processing when running the Matomo Tag Manager is in each case your consent, Art. 6 Para. 1 lit. a GDPR.

Provision mandatory or required

Your data is provided voluntarily based solely on your consent.

VIII. Social plug-ins from Facebook, Instagram, Twitter, LinkedIn and Xing

Purpose and legal basis

On our websites we offer you the possibility of using so-called “social plugins” of the companies:

  • Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
  • Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA;
  • “Tweet” button from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA;
  • “Recommended Button” by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA;
  • “Share Button” by XING AG, Gänsemarkt 43, 20354 Hamburg, Germany.

To protect your data, we rely on the “Shariff” solution during implementation. This means that the plugins on the website are only displayed as a graphic, which contains a link to the corresponding website of the plugin provider. By clicking on the graphic you will be redirected to the respective services of the provider. Only then will your data be sent to the respective services. If you do not click on the graphic, there will be no exchange between you and the social networks mentioned above.

The information is usually transferred to and stored on a Google server in the USA. There is no Adequacy Decision of the European Commission for the USA. We have concluded so-called standard contractual clauses with Google LLC.

Information about the collection and use of your data in the social networks can be found in the respective terms of use of the respective providers. More information about the Shariff solution can be found at: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.

IX. EBF Newsletter

Purpose and legal basis

If you wish to receive the newsletter offered on our websites, we require an email address from you as well as information that allows us to verify that you agree to the owner of the email address provided and to receive the newsletter.

We use the so-called double opt-in procedure to ensure that the newsletter is sent in an agreed manner. In the course of this procedure, the potential recipient can be added to a mailing list. The user then receives a confirmation email to confirm the registration in a legally secure manner. Only if the confirmation takes place, the address is taken up actively in the distributor.

We use this data exclusively for sending the requested information and offers.

Newsletter2Go is used as newsletter software. Newsletter2Go is provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin.

Your data will be transmitted to Sendinblue GmbH. Sendinblue is prohibited from selling your data and from using it for purposes other than sending newsletters. Sendinblue is a certified supplier, which was selected after the requirements of the data security basic regulation and the Federal Law for Data Protection.

Further information can be found here: de.sendinblue.com/informationen-newsletter-empfaenger/.

The processing of the entered data is based on your consent (Art. 6 para. 1 lit. a GDPR).

Provision mandatory or required

The provision of your personal data is voluntary, based solely on your consent. Without existing consent, we can unfortunately not send you our newsletter.

Duration of storage

Data will only be processed in this context as long as the corresponding consent has been given. Afterwards they will be deleted.

Revoke

You can revoke your consent to the storage of data, email address and their use to send the newsletter at any time, for example by clicking on the “Unsubscribe” link in the newsletter.

XI. Plugins and tools

YouTube

Purpose and legal basis

Our websites uses plugins from the YouTube page operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When you visit one of our pages equipped with a YouTube plug-in, a connection is established to YouTube’s servers. This will tell the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you can allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is based on a legitimate interest according to Art. 6 para.1 lit. f GDPR in an appealing presentation of our online offers.

Further information on the handling of user data can be found in YouTube’s data protection declaration at: https://www.google.de/intl/de/policies/privacy.

 

Webinare

Purpose and legal basis

In order to be able to conduct webinars via the internet, we use the GoToWebinar software solution from LogMeIn, Inc. 333 Summer Street, Boston, MA 02210 USA. LogMeIn, Inc. is responsible for the provision of this service and the associated data processing. LogMeIn’s privacy policy can be found here.

For the implementation of the webinar, we transmit your registration or customer data to LogMeIn, Inc. The information is transferred to servers in the USA. There is a corresponding data protection contract with the service provider based on the standard contractual clauses.

The processing of personal data is based on a legitimate interest according to Art. 6 para.1 lit. f GDPR in the practical and user-friendly conduction of the webinar, including a good user experience for the purpose of client acquisition and external presentation of EBF GmbH.

For the execution of the webinar, an encrypted connection is established between you and the organizer of the webinar.

The webinars are regularly recorded in order to make them available on the EBF GmbH website for later retrieval. Statistical data is collected during and after the webinar.

If you attend a webinar, in addition to your registration data, we receive information about the duration of participation, interest in the webinar, questions asked or answers given for the purpose of further customer support or to enhance the user experience.

Duration of storage

The data you provide will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.

XI. Application procedure

On our websites you can send your application online to EBF GmbH. We process the data you provide exclusively for the purpose of evaluating your professional suitability and contacting you, as well as for establishing an employment relationship, if applicable, for the purpose of carrying out pre-contractual measures, which will be carried out upon request.

The personal data includes, for example:

  • Personal data (e.g. name, address and contact details)
  • details of qualifications (e.g. education and professional experience, language skills and training)

and other data comparable with the above categories.

Who gets my data?

Within the framework of applicant management, we use Prescreen International GmbH as our service provider, which acts as our contract processor. In order to ensure an effective and rapid application process, the applications submitted by form and those submitted by e-mail are processed by Prescreen International GmbH. In all cases we will ensure that your data is transferred securely. For this reason, all data transmission to Prescreen International GmbH is encrypted.

Duration of storage

If your application is rejected, your data will be deleted six months after the decision is announced.

If there is an employment relationship, the application documents are stored at least for the period of employment at EBF GmbH.

Provision mandatory or required

The provision of personal data is not required by law or contract. However, it is not possible to process the application without providing it.

The legal basis for the collection and processing of applicant data is Article 88 (1) GDPR in conjunction with. §26 BDSG.

XII. Your rights to information, correction, blocking, deletion, data transfer and objection

You have the right to receive information about your personal data stored by EBF GmbH at any time according to Art. 15 GDPR. You also have the right to correction according to Art. 16 GDPR, blocking according to Art. 18 GDPR or, apart from the prescribed data storage for business purposes, deletion according to Art. 17 GDPR, data transfer according to Art. 20 GDPR and objection according to Art. 21 GDPR of your personal data. Please contact the data protection officer of EBF GmbH.

In order that a block of data can be considered at any time, these data must be kept in a block file for control purposes. You can also request the deletion of the data, unless there is a legal archiving obligation. If such an obligation exists, we will block your data on request.

Information about your right to object according to Art. 21 GDPR: At any time, you have the right to object for reasons relating to your particular situation to the processing of personal data relating to you that is carried out on the basis of Art. 6 (1) (f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. In case you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

You can change or revoke your consent by notifying us accordingly with effect for the future.

You may at any time complain to the supervisory authority responsible for you. Your responsible supervisory authority depends on the federal state of your residence, your work or the presumed violation. You can find a list of the supervisory authorities (for the non-public sector) and their addresses at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If you would like more detailed information on your personal data, our data protection officer will be happy to answer any questions you may have regarding our data protection policy.

XIII. Changes to our privacy policy

We reserve the right to amend this data protection declaration from time to time so that it always complies with current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your next visit will then be subject to the new data protection declaration.

Privacy policy for our social media appearances

I. Data processing through social networks

We offer online services on various social media platforms in order to provide information and to be able to contact you.

We have no influence on the processing of personal data by the respective platform operator. Social networks can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). A visit to our social media sites triggers numerous data protection-relevant processing procedures. In detail:

If you are logged in to your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed to you both inside and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we are not able to understand all processing on the social media portals. Depending on the provider, further processing may therefore be carried out by the operators of the social media portals.

Detailed information on data processing in connection with the use of our social media offers, the possibility of objection (opt-out) and the assertion of rights to information can be obtained from the data protection policy of the respective platform operators (see below).

II. Legal basis

The processing of your personal data when you visit one of our social media offerings is based on our legitimate interest in a diverse external presentation of our company and the use of an effective information opportunity and communication with you. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

The analysis processes initiated by the social networks may be based on different legal bases, which must be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

III. Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for their storage no longer applies, you request us to delete them or revoke your consent to their storage. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For more details on this, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

IV. Social networks in detail

Facebook

We have a profile on Facebook. The provider is Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.

Privacy Statement: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads

Twitter

We have a profile on Twitter. The provider is Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.

Privacy Statement: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization

XING

We have a profile on XING. The provider is XING AG, Gänsemarkt 43, 20354 Hamburg, Germany.

Privacy Statement: https://privacy.xing.com/de/datenschutzerklaerung
Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Privacy Statement: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

Privacy Statement: http://instagram.com/about/legal/privacy
Opt-Out: http://instagram.com/about/legal/privacy