Data protection | ECS GmbH

Privacy Policy

We are pleased that you are visiting our website. Protecting and securing your personal information when using our website is very important to us. Therefore, we would like to inform you here about which of your personal data we collect when you visit our website and for which purposes this data is used.

This privacy policy applies to the online presence of ECS GmbH, which is accessible under the domain www.ecs-gmbh.de as well as the various subdomains ("our website").

Who is responsible and how can you contact us?

Responsible Party

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR):

ECS Engineering Consulting & Solutions GmbH
Amberger Str. 82
92318 Neumarkt
Phone: +49 9181 4764-10
Email: info@ecs-gmbh.de

Data Protection Officer

Datenschutz Pöllinger GmbH
Dresdner Str. 38
92318 Neumarkt
Phone.: 09181 - 2705770
Email: datenschutz@datenschutz-poellinger.de

Our obligation to provide information pursuant to Articles 13 and 14 GDPR can be found here:

Applicants
Customers / Interested Parties
Suppliers
Social Media

What is this about?

This privacy policy complies with the legal requirements for transparency in the processing of personal data. Personal data refers to any information that relates to an identified or identifiable natural person. This includes, for example, your name, age, address, phone number, date of birth, email address, IP address, or user behavior when visiting a website. Informationthat we cannot link to you (or only with disproportionate effort), e.g., through anonymization, is not considered personal data. The processing of personal data (e.g., collection, querying, use, storage, or transfer) always requires a legal basis and a defined purpose.

Stored personal data is deleted once the purpose of processing has been fulfilled and there are no lawful reasons for further retention of the data. We inform you about specific storage periods or criteria for storage in the individual processing procedures. Regardless of this, we store your personal data in individual cases for the assertion, exercise, or defense of legal claims and where statutory retention obligations exist.

Who has access to my data?

We only share the personal data processed on our website with third parties if this is necessary to achieve the specified purposes and is covered by a legal basis (e.g., consent or legitimate interest). Additionally, in individual cases, we may disclose personal data to third parties if necessary to assert, exercise, or defend legal claims. Potential recipients may include law enforcement agencies, lawyers, auditors, courts, etc.

If we use service providers for the operation of our website who process personal data on our behalf in accordance with Art. 28 GDPR, they may also be recipients of your personal data. More details on the use of processors and web services can be found in the overview of individual processing procedures.

Do you use cookies?

Cookies are small text files that we send to your browser during your visit to our website, where they are stored. As an alternative to cookies, information can also be stored in your browser’s local storage. Some functions of our website cannot operate without the use of cookies or local storage (technically necessary cookies). Other cookies allow us to perform various analyses, for example, to recognize your browser upon a return visit and transmit different information to us (non-essential cookies). Cookies help us make our website more user-friendly and efficient by analyzing your usage and remembering your preferred settings (e.g., country and language preferences).When third parties process information via cookies, they collect it directly through your browser. Cookies do not harm your device, cannot run programs, and do not contain viruses.

We provide information on the respective services for which we use cookies in the individual processing procedures. You can find detailed information about the cookies we use in the cookie settings or this website’s Consent Manager.

What rights do I have?

Under the legal provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

Right of access pursuant to Art. 15 GDPR to information about the data stored about you, including meaningful details of the processing and a copy of your data.
Right to rectification pursuant to Art. 16 GDPR of inaccurate or incomplete data stored by us.
Right to erasure pursuant to Art. 17 GDPR of the data we have stored, unless processing is necessary to exercise the right to freedom of expression and information, comply with a legal obligation, serve the public interest, or establish, exercise, or defend legal claims.
Right to restriction of processing pursuant to Art. 18 GDPR, if you contest the accuracy of the data, the processing is unlawful, we no longer need the data, and you oppose its deletion because you require it to establish, exercise, or defend legal claims, or if you have objected to the processing pursuant to Art. 21 GDPR.
Right to data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data based on consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG or on the basis of a contract pursuant to Art. 6 para. 1 lit. b GDPR, and this data has been processed by us using automated procedures. You will receive your data in a structured, commonly used, and machine-readable format. Where technically feasible, we will transfer it directly to another controller.
Right to object pursuant to Art. 21 GDPR to the processing of your personal data, provided that this processing is based on Art. 6 para. 1 lit. e or f GDPR, and there are reasons arising from your particular situation or the objection relates to direct marketing. The right to object does not apply if overriding legitimate grounds for the processing are demonstrated, or the processing is necessary for the establishment, exercise, or defense of legal claims. Where the right to object does not apply to individual processing activities, this is specified accordingly.
Right to withdraw consent pursuant to Art. 7 para. 3 GDPR of any consent granted, with effect for the future.
Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data violates the GDPR. You can generally contact the supervisory authority responsible for your usual place of residence, workplace, or our company headquarters.

How is my data processed in detail?

Below, we provide details on individual data processing activities, including their scope, purpose, legal basis, any obligation to provide data, and storage duration. No automated decision-making or profiling takes place.

Provision of the website

Nature and Scope of Processing

When you visit our website, we collect personal data that your browser automatically transmits to our server. The following information is temporarily stored in a log file:

IP address of the requesting device
Date and time of access
Name and URL of the retrieved file
Website from which the access occurs (referrer URL)
Browser used and, if applicable, your operating system and the name of your access provider

Our website is not hosted by us directly but by a service provider who processes the above-mentioned data on our behalf under Art. 28 GDPR.

Purpose and legal basis

Processing is based on our overriding legitimate interest in displaying our website and ensuring its security and stability (Art. 6(1)(f) GDPR). Data collection and storage in log files are essential for website operation. There is no right to object under the exception in Art. 21(1) GDPR. If further storage of log files is required by law, processing is based on Art. 6(1)(c) GDPR. There is no legal or contractual obligation to provide this data; however, accessing our website without providing it is technically impossible.

Storage duration

The data mentioned above is stored for the duration of the website display and for technical reasons for up to seven days beyond this period.

Contact form

Nature and Scope of Processing

We offer you the opportunity to contact us via a form provided on our website. The information collected in the mandatory fields is required to process the request. You may also voluntarily provide additional information that you deem necessary for handling your inquiry.

Your personal data will not be shared with third parties when using the contact form.

Purpose and legal basis

We process your data submitted via the contact form for the purpose of communication and handling your inquiry, based on your consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG). If your inquiry pertains to an existing contractual relationship, processing is carried out to fulfill the contract under Art. 6(1)(b) GDPR. There is no legal or contractual obligation to provide your data. However, we cannot process your request without the mandatory field information. If you do not wish to provide this data, please contact us via alternative means.

Storage duration

If you use the contact form based on your consent, we store the collected data for three years, starting from the resolution of your request or until you withdraw your consent.

If you use the contact form as part of a contractual relationship, we store the collected data for three years after the end of the contractual relationship.

Newsletter Subscription

Nature and Scope of Processing

If you register to receive our newsletter on our website, we collect your email address and name and store this information along with the registration date and your IP address. You will then receive a confirmation email in which you must confirm your newsletter subscription (double opt-in). If you do not confirm the subscription, your data will not be used for sending newsletters.

We use a service provider to send the newsletter, who processes your personal data on our behalf under Art. 28 GDPR. Your data will not be shared with third parties.

Purpose and legal basis

We process your data to send newsletters based on your consent (Art. 6(1)(a) GDPR). You may withdraw your consent at any time with effect for the future by unsubscribing from the newsletter (Art. 7(3) GDPR). There is no legal or contractual obligation to provide your data, but without it, we cannot send the newsletter.

Storage duration

After successful confirmation, we store your data until you withdraw your consent (unsubscribe from the newsletter) and for technical reasons for a maximum of seven days thereafter.

CCM19

Nature and Scope of Processing

We have integrated CCM19 on our website. CCM19 is a consent management solution from Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany, which allows us to obtain and document consent for the storage of cookies. CCM19 uses cookies or other web technologies to recognize users and store granted or revoked consent.

Purpose and legal basis

The use of this service is based on obtaining the legally required consent for the use of cookies in accordance with Art. 6(1)(c) GDPR.

Storage duration

The specific storage period of the processed data cannot be influenced by us, but is determined by Papoo Software & Media GmbH. Further information can be found in the privacy policy for CCM19: https://www.ccm19.de/datenschutzerklaerung.html.

kununu CND

Nature and Scope of Processing

We use kununu CDN to properly deliver the content of our website. kununu CDN is a service provided by kununu GmbH, which acts as a Content Delivery Network (CDN) on our website.

A CDN helps provide content from our online offerings—especially files such as graphics or scripts—faster by using regionally or internationally distributed servers. When accessing these contents, a connection is established to the servers of kununu GmbH, Neutorgasse 4-8, Top 3.02, A - 1010 Vienna, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. These data are processed exclusively for the purposes mentioned above and for maintaining the security and functionality of kununu CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interest in a secure and efficient provision and optimization of our online offering, in accordance with Art. 6(1)(f) GDPR.

Storage duration

The specific storage duration of the processed data is determined by kununu GmbH. Further information can be found in the privacy policy of kununu CDN: privacy policy at XING.

Privacy policy for online eebinars with GoToWebinar by LogMeIn Inc.

Purpose and scope of data processing

We use the GoToWebinar software to offer online meetings, webinars, and lectures. The data processing is carried out exclusively for conducting these events. To participate in a webinar, you can use the desktop app, browser, mobile app, or your phone.

Legal basis for the processing

Our legitimate interest lies in the effective execution of online webinars. The legal basis for processing is Art. 6(1)(f) GDPR. If the online webinar is conducted within the framework of an existing or developing contractual relationship, the additional legal basis is Art. 6(1)(b) GDPR. A recording of online webinars is only made if we have informed you in advance and you have given your consent. The legal basis in this case is Art. 6(1)(a) GDPR and § 25(1) TTDSG.

User information in the registration process

If you are invited to participate in a webinar, you must first register for the session. Clicking on the registration link opens the registration page. During registration, you will be asked to enter your first name, last name, email address, and, depending on the webinar, your organizational unit. A confirmation link will be sent to your email address.

Webinar participation

When participating in a webinar, so-called metadata is processed. This data must be processed for technical reasons in relation to the respective webinar and includes the following categories:

User Details: First name, last name, phone (optional), email address, department (optional), organization (optional)
Meeting Metadata: Topic, description (optional), participant IP address, device, hardware information, location, language settings, operating system
For Recordings (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat[/stm_iconlist][vc_column_text]

Phone dial-in

When dialing in via phone, information about the incoming and outgoing phone number, country name, start and end time is processed. If necessary, further connection data such as the IP address may be stored when using Voice-over-IP (VOIP).

Processing of text data

We have the option to record our webinars. Recordings are only made with the prior consent of the participant. If you contribute verbally and/or use the video function to enable the visual transmission of your image, this personal data will be processed for communication purposes within the webinar. If you activate the microphone or camera of your device yourself, the aforementioned data processing may take place.

Data recipients and third-country transfers (non-EU countries)

We have concluded a data processing agreement with the provider LogMeIn Ireland Limited, The Reflector 10 Hanover Quay, Dublin 2, D02R573, Ireland (hereinafter “LogMeIn”) in accordance with Art. 28 GDPR. The software provider LogMeIn Inc. is based in the USA, a third country. Guarantees under Art. 44 ff. GDPR are ensured through the use of EU standard contractual clauses.

Other participants in the webinar may see and hear your contributions and are therefore recipients of your data. Your data will not be shared with third parties outside the scope described here without your explicit consent.

LogMeIn Inc. has enabled Google Analytics on its corporate website. We have neither control over nor access to this data processing by LogMeIn Inc. However, we would like to inform you about this processing: Details on the use of Google Analytics by LogMeIn Inc. can be found here . You can also set your browser not to accept cookies before clicking on the registration or participation link.

Data retention and deletion

All webinar-related data will be deleted no later than six months after the webinar. Data on your device remains until you clear your browser data. The retention period for recorded webinars will be communicated to you before recording begins. If you withdraw your consent, we will delete your recorded data.

Right to object and opt-out options

You can object to data processing at any time by leaving the webinar. To object to the storage of your data in reports, please send a message to the specified contact details. Any consent for recording webinars can be revoked at any time. The revocation does not affect the legality of processing prior to withdrawal.

The original German version applies, other versions are for information purposes only.