Privacy Statement for our websites
The following notes provide a simple overview of what happens to your personal information when you visit our websites. Personal information is any information that personally identifies you. For detailed information on the subject of data protection, please refer to our data protection declaration below this text.
I. Who is responsible?
The party responsible within the context of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law is the:
EBF-EDV Consulting Föllmer GmbH
Phone: +49 221 47455-0
Fax: +49 221 47455-111
II. Name and address of the Data Protection Officer
Phone: +49 221 47455-320
III. General information on data processing
Scope of the processing of personal data
We process the personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by applicable law.
In order to protect the security of your data during transmission, we use encryption procedures (e.g. SSL) via HTTPS. Our servers are protected by a firewall and virus protection. Back-up and recovery procedures as well as role and authorization concepts are a matter of course for us.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 Para. 1 lit. a EU Data Protection Basic Regulation (GDPR) serves as the legal basis.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 Para. 1 lit. C serves as the legal basis.
GDPR as a legal basis
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Data deletion and storage period
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
IV. Data collection on our websites
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
- Browser type and browser version
- Used operating system
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
This data will not be merged with other data sources.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Contact form, whitepaper form and email contact
A contact form and whitepaper form are available on our websites, which can be used for electronic contact and for an electronic request of a whitepaper. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored.
These data are:
- First name
- Last Name
- Email address
- Phone (contact form only)
- Company and
The processing of the data entered in the contact form and whitepaper form is therefore carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. For this purpose, an informal email notification to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data entered by you in the contact form and whitepaper form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed or the whitepaper has been sent). Mandatory legal provisions – in particular retention periods – remain unaffected.
Accelerated Mobile Pages (AMP)
We also provide the content of our Internet pages via Accelerated Mobile Pages (AMP).
Therefore, if you call up one of our Internet pages, e.g. after a Google search with your smartphone, this AMP may not be delivered by our servers, but directly from the cache of third-party providers such as Google. In this case, the address line of your browser on the level of the second-level domain will not show our domain name (our internet address), but e.g. the domain name of Google. The source code of our page remains unchanged.
If, however, the AMP versions of our Internet pages are in the cache at e.g. Google or other third party providers and are called up from there, we have no influence on the data processing and the handling of your IP address by them. We do, however, ensure that we do not collect any personal data via our AMP pages.
V. Web analysis with Google Analytics
We use the function “Activation of IP anonymization” on our websites. However, this will cause Google to shorten your IP address previously within Member States of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. On behalf of the operator of our websites, Google will use this information to evaluate your use of our websites, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Order data processing
We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Objection to data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent the collection of your information on future visits to this website: Disable Google Analytics
VI. Google Data Studio
We use the Google Data Studio data management tool to visually create custom reports and interactive dynamic dashboards for our users. The basis for this is Art. 6 para. 1 letter f DSGVO (legitimate interest). Here we use the data from Google Analytics and no other interfaces to data sources (such as Google AdWords, Attribution 360, BigQuery, Cloud SQL, MySQL, Google Tables, YouTube Analytics, etc.). The web tool does not require a local application and can be started via the web. Access is via a browser, the data sources are connected directly via Google Data Studio. You will find further information on using Google Data Studio under: https://support.google.com/datastudio/answer/6283323?hl=en
VII. Google Ads (formerly Google AdWords)
Our Websites use the services offered by Google AdWords. Google AdWords is a online marketing tool by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) in order to draw attention to our attractive offers by means of advertising material (so-called Google AdWords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful our individual advertising measures are. We do this because our concern is to display advertising that is of interest to you, to make our websites more attractive to you and to be able to make a fair calculation of our advertising costs.
This advertising material is supplied by Google via so-called “Ad Servers”. For this purpose, we use Ad Server Cookies, which provide certain parameters to enable measurement of success, such as the insertion of the advertisements or clicks by the user. If you have reached our website via a Google ad, Google AdWords will save a cookie on your PC. Generally, these cookies expire after 30 days and are not intended to identify you personally. As a rule, the following are saved to this cookie as analysis values: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) plus opt-out information (marking to show that the user does not want to be contacted again).
These cookies enable Google to recognize your browser. If a user visits certain of an AdWords customer’s pages and the cookie stored on his or her computer has not yet expired, Google and the customer can see the user has clicked on the ad and been directed to this website. Each AdWords customer is allocated a different cookie. This means cookies cannot be traced via the websites of AdWords customers. We ourselves do not collect and process any personal data in the advertising measures mentioned above. Google merely makes statistical evaluations available to us. Using these evaluations, we are able to see which of the advertising measures are particularly effective. We do not receive any further data collected from the use of the advertising material; in particular, we are unable to identify the users from this information.
Based on the marketing tools used, your browser automatically makes a direct connection with the Google server. We have no influence on the scope and further use of data collected by Google by means of this tool and therefore inform you according to the state of our knowledge: by integrating AdWords Conversion, Google receives the information that you have called up the relevant part of our internet site or clicked on one of our ads. If you are registered with a Google service, Google can allocate the visit to your account. Even if you have not registered with Google or are not logged in, there is a possibility that the advertising provider may find your internet protocol address and save it.
There are various ways in which you can prevent being involved in this tracking procedure:
- by an appropriate setting of your browser software: the suppression of third party cookies in particular will mean that you will not receive any ads from third party advertisers
- by deactivating the cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com” , https://www.google.de/settings/ads, although this setting will be deleted if you delete your cookies
- by deactivating the interest-related ads of the advertising providers that form part of the self-regulating “About Ads” campaign, via the link https://www.aboutads.info/choices, although this setting will be deleted if you delete your cookies
- by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browser via the link https://www.google.com/settings/ads/plugin. We must point out that in this case you may not be able to use all the functions of this offer to their full extent.
VIII. Google Tag Manager
Our websites uses the Google Tag Manager. Google Tag Manager is a solution that allows you to manage website tags through an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personally identifiable information. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager.
IX. Social plug-ins from Facebook, Twitter, Google+, LinkedIn and Xing
On our websites we offer you the possibility of using so-called “social plugins” of the companies:
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
- Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA;
- “Tweet” button from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA;
- “Recommended Button” by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA;
- “Share Button” by XING AG, Gänsemarkt 43, 20354 Hamburg, Germany.
To protect your data, we rely on the “Shariff” solution during implementation. This means that the plugins on the website are only displayed as a graphic, which contains a link to the corresponding website of the plugin provider. By clicking on the graphic you will be redirected to the respective services of the provider. Only then will your data be sent to the respective services. If you do not click on the graphic, there will be no exchange between you and the social networks mentioned above.
X. EBF Newsletter
If you wish to receive the newsletter offered on our websites, we require an email address from you as well as information that allows us to verify that you agree to the owner of the email address provided and to receive the newsletter.
We use the so-called double opt-in procedure to ensure that the newsletter is sent in an agreed manner. In the course of this procedure, the potential recipient can be added to a mailing list. The user then receives a confirmation email to confirm the registration in a legally secure manner. Only if the confirmation takes place, the address is taken up actively in the distributor.
We use this data exclusively for sending the requested information and offers.
Sendinblue is used as newsletter software. Your data will be transmitted to Sendinblue GmbH. Sendinblue is prohibited from selling your data and from using it for purposes other than sending newsletters. Sendinblue is a German, certified supplier, which was selected after the requirements of the data security basic regulation and the Federal Law for Data Protection.
Further information can be found here: de.sendinblue.com/informationen-newsletter-empfaenger/.
You can revoke your consent to the storage of data, email address and their use to send the newsletter at any time, for example by clicking on the “Unsubscribe” link in the newsletter.
For this reason, we ask you to inform yourself about our data protection measures at regular intervals by inspecting our data protection declaration.
XI. Plugins and tools
Our websites uses plugins from the YouTube page operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When you visit one of our pages equipped with a YouTube plug-in, a connection is established to YouTube’s servers. This will tell the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you can allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Further information on the handling of user data can be found in YouTube’s data protection declaration at: https://www.google.de/intl/de/policies/privacy.
This page uses the Google Maps map service via an API. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the features of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If you wish to use the chat offered on our Websites, you may send us a message containing information and in some cases – if you wish to be contacted by us – your email address, telephone number or other contact information.
We only use this information to send you the information and offers you have requested.
A combination of Chatlio and Slack is used as chat software. Your data will be transferred to Gateshare LLC (Chatlio) and Slack Technologies in the United States. Gateshare LLC and Slack Technologies are prohibited from selling or using your information for any purpose other than online chat. Chatlio and Slack are providers selected in accordance with the requirements of the Basic Data Protection Regulation and the Federal Data Protection Act.
More information can be found here:
You may revoke your consent to the storage of data such as the contact data you have provided (email address, telephone number, etc.) and its use for communication with our service team at any time. Please send us a message at moc.f1601487624be@zt1601487624uhcsn1601487624etad1601487624.
XII. Application procedure
On our websites you can send your application online to EBF GmbH. We process the data you provide exclusively for the purpose of evaluating your professional suitability and contacting you, as well as for establishing an employment relationship, if applicable, for the purpose of carrying out pre-contractual measures, which will be carried out upon request.
The personal data includes, for example:
- Personal data (e.g. name, address and contact details)
- details of qualifications (e.g. education and professional experience, language skills and training)
and other data comparable with the above categories.
Who gets my data?
Within the framework of applicant management, we use Prescreen International GmbH as our service provider, which acts as our contract processor. In order to ensure an effective and rapid application process, the applications submitted by form and those submitted by e-mail are processed by Prescreen International GmbH. In all cases we will ensure that your data is transferred securely. For this reason, all data transmission to Prescreen International GmbH is encrypted.
How long will my data be stored?
If your application is rejected, your data will be deleted six months after the decision is announced.
If there is an employment relationship, the application documents are stored at least for the period of employment at EBF GmbH.
Is there an obligation to provide data?
The provision of personal data is not required by law or contract. However, it is not possible to process the application without providing it.
XIII. Your rights to information, correction, blocking, deletion and opposition
You have the right to receive information about your personal data stored by EBF GmbH at any time. You also have the right to have your personal data corrected, blocked or, apart from the prescribed data storage for business purposes, deleted. Please contact the data protection officer of EBF GmbH. In order that a block of data can be considered at any time, these data must be kept in a block file for control purposes. You can also request the deletion of the data, unless there is a legal archiving obligation. If such an obligation exists, we will block your data on request.
You can change or revoke your consent by notifying us accordingly with effect for the future.
You may at any time complain to the supervisory authority responsible for you. Your responsible supervisory authority depends on the federal state of your residence, your work or the presumed violation. You can find a list of the supervisory authorities (for the non-public sector) and their addresses at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
If you would like more detailed information on your personal data, our data protection officer will be happy to answer any questions you may have regarding our data protection policy.
We reserve the right to amend this data protection declaration from time to time so that it always complies with current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your next visit will then be subject to the new data protection declaration.
I. Data processing through social networks
We offer online services on various social media platforms in order to provide information and to be able to contact you.
We have no influence on the processing of personal data by the respective platform operator. Social networks can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). A visit to our social media sites triggers numerous data protection-relevant processing procedures. In detail:
If you are logged in to your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed to you both inside and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.
Please also note that we are not able to understand all processing on the social media portals. Depending on the provider, further processing may therefore be carried out by the operators of the social media portals.
Detailed information on data processing in connection with the use of our social media offers, the possibility of objection (opt-out) and the assertion of rights to information can be obtained from the data protection policy of the respective platform operators (see below).
II. Legal basis
The processing of your personal data when you visit one of our social media offerings is based on our legitimate interest in a diverse external presentation of our company and the use of an effective information opportunity and communication with you. The legal basis for this is Art. 6 para. 1 lit. f GDPR.
The analysis processes initiated by the social networks may be based on different legal bases, which must be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
III. Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for their storage no longer applies, you request us to delete them or revoke your consent to their storage. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
IV. Social networks in detail
We have a profile on Facebook. The provider is Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
We have a profile on Twitter. The provider is Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA.
We have a profile on XING. The provider is XING AG, Gänsemarkt 43, 20354 Hamburg, Germany.
We have a profile on LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Privacy Statement: https://www.linkedin.com/legal/privacy-policy
We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.