Data Privacy

Privacy policy for EVE websites and web shop

Last revised: February 25th, 2019

1. Introduction

Data privacy is important to us and your trust is our highest priority! Hence, we always handle your personal data confidentially and naturally adhere to any relevant data protection laws. We only use your personal data insofar as is legally permitted or consented to by you.

This privacy informs you about:

  • The manner in which we handle personal data on the internet.
  • Which type of information is collected and processed.
  • If and how this data is used, shared or otherwise processed.

This data privacy policy applies to your use of our website and your orders from our online shop, other (digital) services and products offered by us are exempt.

2. Controller

This policy applies to any data processing by us as controller according to Art. 4 (7) General Data Protection Regulation (GDPR).

You may contact us at:

EVE GmbH

Anni-Albers-Str. 15

D-48282 Emsdetten

 

Court of registry: Steinfurt Local Court ("Amtsgericht")

Commercial register no: HRB 4157

CEO: Markus Knäpper

VAT no: DE124395396

Contact: E-Mail: info@eve.de

Phone: +49 (0) 25 72 - 93 51 -0

3. Date Protection Officer

The Data Protection Officer appointed by us can be reached at:

comp/lex – Datenschutzbeauftragte

Rechtsanwalt Dr. Jochen Notholt

Lindwurmstraße 10

D-80337 München

 

E-Mail: datenschutz@eve.de

Fax: +49 (0) 89 – 41 61 42 95-9

 

4. Definitions

Insofar as this policy does not contain or imply deviating definitions all terms mentioned herein are used as defined by Art. 4 GDPR.

5. Processing of Personal Data

1. For contact Purposes

When you contact us (e.g. via E-Mail, contact form or phone, etc.), we require your personal data (e.g. title, name, e-mail address, etc.) in order to process and respond to your inquiry or request. These personal data may be stored in a CRM (Customer Relationship Management) system or comparable systems for the purpose of organising inquiries. In any such case, personal data will be processed in accordance with Art. 6 (1) b) GDPR. When no longer needed, we will delete the inquiries or – where legally mandated preservation obligations apply – restrict processing. Necessity of data preservation is reviewed every six months.

2. When Accessing Our Website

When accessing our website, i.e. when you are not registering with us or providing us with information in another way, we will only collect personal data as transmitted to our servers by your browser. If you want to view our website, we only collect data that are technically required for displaying our website. In such cases, data shall be processed in accordance with Art. 6 (1) f) GDPR.

  • IP address
  • date and time of access
  • timezone difference from Greenwich Mean Time (GMT)
  • specific page accessed
  • HTTP status code
  • data volume transferred
  • website sending the request
  • browser
  • operating system and its user interface
  • language and version of browser used

 

3. When ordering from Our Online Shop

When ordering from our online shop, we collect the following data from you for the purpose of fulfilling our contractual obligations:

  • Master data
  • Company name
  • CEO
  • Address
  • Phone number
  • E-Mail address
  • Websites
  • Contractual data
  • Services used
  • Goods ordered
  • Contact  information (if applicable)
  • Title
  • Function
  • Phone number
  • E-Mail address
  • Payment information in cases where we received SEPA direct depit mandate
  • Account holder
  • Address
  • IBAN
  • BIC
  • Information pertaining to the bank

Insofar as this entails personal data, data are processed in accordance with Art. 6 (1) b) GDPR for the purpose of fulfilling our contractual duties.

We delete these data as soon as we no longer require them to fulfil our contractual duties and legally prescribed obligations to preserve records have expired. We review necessity of data preservation every six months.

4. Credit Risk Assessment by Creditreform

In cases of advance delivery, we retain the right to perform a credit risk rating via Creditreform. To this end, we transmit the name and address of your company (which may include personally identifiable data) and, if required, other company data for the purpose of performing credit risk assessment to Creditreform (Creditreform Münster Riegel & Riegel, Scharnhorststraße 46, 48151 Münster). Creditreform uses these data to provide us with a credit risk assessment. Insofar as data transmitted to Creditreform includes personally identifiable data, these are processed on the basis of our legitimate interest to minimise risk of payment default according to Art. 6 (1) f) GDPR.

We use the statistics-based information regarding the likelihood of payment default provided by Creditreform to determine whether we will enter into, fulfil or terminate a contract with you. Creditreform’s assessment of your credit risk can include probability values (so-called score values). If and insofar as score values are included in the assessment of a person’s credit risk, these are based on a scientifically validated mathematical-statistical procedure. According to Creditreform, calculation of score values factors in address data in addition to further information. All personal rights and freedoms will be protected and personal data will be processed pursuant to legislation.

Further information about Creditreform´s data processing is available at: https://www.creditreform-muenster.de/EU-DSGVO/.

5. Payment via Credit Card

Credit card payment will be handled by our banking institution, VR-Bank Kreis Steinfurt eG, Matthiasstraße 30, 48431 Rheine. In case of credit card payment, we transfer the following data to VR-Bank Kreis Steinfurt eG:

  • Credit card number
  • Card Owner
  • Expiry date (month and year)
  • CVC

Data transfer for payment processing according to Art. 6 (1b) GDPR. We only transfer data inasmuch as is necessary for processing payment.

6. When Registering for Our Newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about our current offers. In order to be able to ensure that no mistakes have been made when entering the e-mail address, we use the so-called double opt-in procedure (DOI procedure) to register for our newsletter. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter.

The mandatory information for sending the newsletter is your e-mail address, your title and your name. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 (1) lit. a DSGVO (consent to receive the newsletter).

We use technology from sendinblue to send the newsletter and to evaluate your interaction with the newsletter. Therefore, we transmit your data (title, name and email address) provided in the context of the newsletter to sendinblue (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin).

Sendinblue takes all measures required in accordance with Art. 32 DSGVO to ensure the security of personal data, in particular to prevent it from being falsified or damaged or unauthorised third parties from gaining access to it.

These measures include:

  • Multi-level firewall
  • Proven virus protection and detection of hacking attempts
  • Encrypted data transmission with SSL/https/VPN technology
  • ISO 27001 certified data centres

 

In addition, access to processing through Sendinblue services requires authentication of accessing individuals through an individual access code and password. The password and access code are sufficiently secure and are renewed regularly.

Data transmitted via unsecured communication channels are subject to technical measures designed to make this data unrecognisable to unauthorised persons.

Right of revocation: You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details given in the imprint.

The use of the dispatch service provider, the performance of statistical surveys and analyses as well as the logging of the registration process are based on our legitimate interests pursuant to Art. 6 (1) lit. a DSGVO. We are interested in the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users.


7. Usage Analysis by Google Analytics

We use technology by Google Analytics to analyse usage of our services. Hence, we transfer the following data for purpose of analysis to Google in the USA (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA):

  • IP address
  • date and time of request
  • time zone difference to Greenwich Mean Time (GMT)
  • specific page accessed
  • HTTP status code
  • data volume transferred
  • website sending the request
  • browser
  • operating system and user interface
  • language and version of browser used
  • device information
  • window and display resolution
  • approximate location
  • viewing duration
  • features and functionality used on the website

 

Google analyses data regarding your usage of our website on our behalf to create reports about usage of our online services and to provide us with further services connected to usage of these services and the internet. To this end, cookies are used to identify your browser and from the collected data, pseudonymous user profiles may be created. These data are required for us to ensure and further improve stability and security of the website. Basis for data processing is Art. 6 (1f) GDPR.

Google stores these data for us for a period of 24 months as instructed by us.

Google is certified for the EU-US Privacy Shield treaty: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

We only employ Google Analytics with active IP anonymisation. This means that only a shortened version of your IP address will be transmitted by Google within EU member states or in states belonging to the European Economic Area. The full IP will only be transmitted to the US and subsequently shortened in exceptional cases.

Google will not link the IP address collected from the browser with other data.

Right to object: To prevent cookies from being stored on your computer, you may set up your internet browser to disable cookies or to delete existing cookies. Disabling all cookies may lead to impaired functionality of our website. Furthermore, you may prevent usage data collected by the cookie from being transferred to Google by downloading and installing the browser plug-in available at this URL: http://tools.google.com/dlpage/gaoptout?hl=de.

Right to object: You may object to the creation of a pseudonymous user profile at any time with effect for the future. If you want to make use of your right to object, you may send an e-mail to datenschutz@eve.de or alternatively use the contact information provided in Section 2.

Further information about data processing by Google, settings and rights to object are available on Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (“Advertising”), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).

7. Leadinfo

We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP-addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.

 

6. Erasure of Data

Data processed by us is erased according to Art. 17 GDPR or processing will be limited according to Art. 18 GDPR.

Unless otherwise stipulated in this policy, processed data will be deleted once they are no longer required for their intended purpose and no legal requirement to preserve data exists. Necessity of data preservation is reviewed every six months. If data are not deleted because they are required for other, legally permitted purposes, processing will be limited. That means data will be locked and not used. For example, this applies to data that are mandated to be kept by commercial or tax law.

Under German law, trading books, inventories, opening balances, statutory accounts, commercial correspondence, account vouchers, etc. have to be preserved for six years according to Art. 257 (1) HGB (Handelsgesetzbuch, German Commercial Code). Furthermore, according to Art. 147 (1) AO (Abgabenordnung, General Fiscal Law), accounts, business records, management reports, account vouchers, commercial correspondence as well as tax-related documents have to be kept for ten years.

 

7. Rights of the Sata Subject

You have the right:

  • according to Art. 15 GDPR to obtain information concerning your personal data. In particular, you may obtain information on purposes of processing, category of personal data concerned, recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, to request rectification or erasure of personal data or restriction of processing or to object to such processing, to lodge a complaint, where the data is not collected from you, to obtain any available information as to their source, to obtain information concerning existence of automated decision-making, including profiling and meaningful information about the logic involved.
  • according to Art. 16 GDPR to obtain rectification of inaccurate personal data without undue delay.
  • according to Art. 17 GDPR to obtain erasure of personal data as long as processing of data is not required for exercising the right of freedom of expression and information or for complying with a legal obligation or for reasons of public interest or for establishment, exercise or defence of a legal claim.
  • according to Art. 18 GDPR to obtain restriction of processing of the personal data you provided if you contest the accuracy, if the processing is unlawful but you oppose the erasure of the data and instead request the restriction of their use and we no longer need the personal data but you require them for the establishment, exercise or defence of legal claims or you have objected to processing according to Art. 21 GDPR.
  • according to Art. 20 GDPR to obtain the data provided to us by you in a structured, commonly used an machine-readble format and to have the personal data transmitted directly from us to another controller.
  • according to Art. 7 (3) GDPR to revoke your consent at any time. This means that processing that was based on this consent shall not be permitted in the future and
  • according to Art. 77 GDPR the right to lodge a complaint with a supervisory authority. Ordinarily, you can contact the supervisory authority of your place of habitual residence or place of work or our company domicile.

 

8. Right of Revocation and Right to Object

1. Revocation of Consent

Should we be processing your personal data based on your consent according to Art. 6 (1a) GDPR, you have the right to withdraw your consent at any time with effect for the future, according to Art. 7 (3) GDPR.

If you wish to make use of your right to withdraw your consent, you may inform us via e-mail to datenschutz@eve.de. Alternatively, you may use the contact information provided in Section 2.

2. Right to Object to Processing Based on Legimitade Interest

Insofar as we process your personal data based on our legitimate interest according to Art. 6 (1f) GDPR, you have the right to object to processing of your personal data, based on grounds relating to your particular situation or if the objection is directed against processing for direct marketing purposes, according to Art. 21 GDPR. In the latter case, you have a general right to object which we will adhere to without the need to cite a particular situation.

If you wish to make use of your right to object, you may inform us via e-mail to datenschutz@eve.de. Alternatively, you may use the contact information provided in Section 2.

9. Security Measures

We implement organisational, contractual and technical security measures according to the state of technology to ensure that regulations concerning data protection are adhered to and to safeguard the data collected by us against accidental or deliberate manipulation, loss, destruction or unauthorised access. These measures include encrypted transmission of data between your browser and our server.

10. Final Provisions

We retain the right to change our data protection policy if new technologies or changes in our data processing procedures necessitate alterations or to adapt to changes to the applicable legislation. This applies only to this data protection policy. As far as we are processing your personal data based on your consent or parts of the data protection policy contain stipulations affecting contractual relations with you, possible changes will only be effected with your consent.

The most current version of our data protection policy is available at https://www.eve-electronics.com/data-privacy.

Patrick Overhage

from the eBusiness Team
"With advice and action I will be happy to assist you!"

Tel: +49 (0) 25 72 / 93 51 - 515

contact me