Privacy Policy

1. General

This privacy policy informs you about how Eisenmann Thermal Solutions GmbH & Co. KG, Leinetal / Auf der Mauer 1, 37120 Bovenden  (hereinafter "Eisenmann") handles your personal data and serves to inform you, in particular, about the collection and use of your personal data when you visit Eisenmann's website (https://www.ruhstrat.com) as well as our pages on Facebook (https://www.facebook.com/Eisenmann.SE) and YouTube (https://www.youtube.com/user/EISENMANNAG) and when you use the services offered on these pages. Personal data are individual details about personal or material relationships of an identified or identifiable natural person. This means all data which can be used to identify you personally, e.g. your name, address, e-mail address, user behaviour (see under "6. Details relating to data processing").

2. Name of the company and contact details of the person responsible for data processing as well as the company's data protection officer

Eisenmann Thermal Solutions GmbH & Co. KG
Leinetal / Auf der Mauer 1
D-37120 Bovenden
Mrs Antje Duderstadt
E-mail:     info@ruhstrat.com
Telephone: +49 (0) 551 820 830 - 0
Fax: +49 (0) 551 820 830 - 50

Eisenmann Thermal Solutions GmbH & Co. KG data protection officer can be reached at the above address, correspondence to be marked "for the attention of the data protection officer", or by e-mail antje.duderstadt@eisenmann.com.

3. Preconditions for data processing

We only collect and use your personal data to the extent that we are permitted to do so by a legal provision, especially to the extent that this is necessary in order to establish, draw up the content of or terminate a contractual relationship with you, to allow you to visit our website and other pages on the Internet and to use the services offered on these pages or where you have consented to the processing of your personal data. Your data are also only transmitted subject to these preconditions or if a court or official order requires us to pass on the data.

4. Data protection and websites of third parties

Our website and other pages on the Internet may contain links to and from websites of third parties. When clicking on a link to one of these websites, please note that we are unable to guarantee that they comply with the data protection provisions. Please check the relevant data protection provisions before you transmit personal data to these websites.

5. Data security

We maintain up-to-date technical measures to ensure data security, especially to protect your personal data against risks during data transmission and against third parties obtaining access to your data. These are adjusted in line with the current state of the art as necessary. For your website visit, we use the widely-used SSL-procedure (Secure Socket Layer) in connection with the respective highest encryption level supported by your browser. This is normally a 256-bit encryption. If your browser does not support a 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in an encrypted manner by consulting the address bar in your browser which changes from "http://" to "https://" as well as checking for the key or lock icon in the bottom status bar of your browser.

6. Details relating to data processing

a) Visiting our website for information purposes

When you visit our website exclusively for information purposes, i.e. if you do not register for individual services, sign in or transmit other information to us, we do not collect personal information with the exception of the data which your browser transmits in order to allow you to visit the website. This information is:

- the IP address,
- the date and time of the request,
- the time zone difference to Greenwich Mean Time (GMT),
- the content of the request (specific page),
- access status/HTTP status code,
- the amount of data transmitted in each case,
- the website from which the request was sent,
- the browser,
- the operating system and its interface,
- the language and version of the browser software.

This information is temporarily stored in a "log file" without you having to do anything and is stored until it is automatically deleted. We use these data in order to ensure that the connection to our website is properly established and to ensure ease of use of our website as well as to evaluate system security and stability.

The data processing for these purposes is necessary for the purpose of protecting our legitimate interests pursuant to point (f) of sentence 1 of Art. 6(1) General Data Protection Regulation ("GDPR"). Under no circumstances do we use the data collected for the purpose of making inferences about you.

b) Cookies

When you use our website, "cookies" are also stored on your receiving device. Cookies are small text files which can be stored on your receiving device and which can be allocated to the browser you used and via which certain information is sent to the party setting the cookie (us in this case). Cookies cannot run any programs or transmit viruses to your receiving device. They serve to make the website more user-friendly and effective in general. The extent to which our website uses cookies is as follows:

Transient cookies (temporary use) are deleted automatically when you close the browser. These especially include session cookies. These store a "session ID" which can be used to allocate various requests from your browser to the single session. This makes it possible to recognise your receiving device when you visit the website again. The session cookies are deleted when you log out or close the browser. This information is stored separately from any other data held by us. The cookie data are especially not linked to your other data.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a notice is always displayed before a new cookie is stored. However, completely deactivating cookies may mean that you are unable to use all of the functions of our website.

The use of corresponding cookies for these purposes is necessary for the purpose of protecting our legitimate interests pursuant to point (f) of sentence 1 of Art. 6(1) GDPR. Under no circumstances do we use the data collected for the purpose of making inferences about you.

c) Google Analytics

We also make use of Google Analytics, a website analysis service offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"). Google Analytics uses cookies which make it possible to analyse your website visit. The information generated by the cookie about your visit to the website is normally transmitted to a Google server in the USA and stored there. Since IP anonymisation is activated on this website, your IP address is first shortened by Google in Member States of the European Union or in other contracting states of the Agreement on the European Economic Area.

Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google uses this information on our instructions in order to evaluate your use of the website, to draw up reports on the website activities and for the purpose of providing further services connected with use of the website and Internet use for us. The IP address transmitted by your browser in the framework of Google Analytics is not amalgamated with other Google data.

Sessions and campaigns are ended after expiry of a set period of time. Sessions are ended after 30 minutes of inactivity as standard and campaigns after six months. The time limit for campaigns can be a maximum of two years. Further information on the terms of use and privacy is available at:

https://www.google.com/analytics/terms/de.html

https://policies.google.com/privacy?hl=de

You can prevent cookies being stored by choosing the corresponding settings in your browser software. However, we wish to inform you that, in this case, you may not be able to use all of the functions of this website in their entirety. You can also prevent the data generated by the cookie which are related to use of the website (including your IP address) being sent to Google as well as the processing of these data by Google by downloading and installing the browser plug-in from the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

Opt-out cookies also prevent your data being collected in future when you visit this website. You can install the opt-out cookie by clicking here.

The tracking measures carried out by way of Google Analytics are performed on the basis of point (f) of sentence 1 of Article 6(1) GDPR. For the exceptional cases in which personal data are transmitted to the USA, Google has undertaken to comply with the EU-US Privacy Shield:

https://www.privacyshield.gov

The purpose of this is to ensure that our website is tailored to user needs and that it is continuously improved. This measure also serves the collection of statistics about the use of our website and the evaluation of our website for the purpose of making improvements to the services we offer.

d) AddThis Plugins

Our website uses social plugins ("plugins") of the bookmarking service AddThis which is operated by Oracle America, Inc., 500 Oracle Parkway, Redwood Shores, CA 94065, USA ("Oracle"). The plugins are usually marked with an AddThis logo, e.g. in the form of a white addition sign on an orange background. An overview of the AddThis plugins and what they look like is available here:

www.addthis.com/get/share

When you access a page of our website which contains such a plugin, your browser establishes a direct connection to the AddThis servers. The content of the plugin is transmitted by AddThis directly to your browser and embedded in the website. This plugin enables AddThis to obtain the information that your browser accessed the corresponding page of our website and stores a cookie on your end device in order to identify your browser. This information (including your IP address) is directly transmitted to a server of AddThis in the USA and stored there. AddThis uses the data to create anonymised user profiles which serve as the basis for personalised and interest-related marketing to visitors to websites with AddThis plugins. The purpose and scope of the data collection and the further processing and use of the data by AddThis is set out in the privacy policy of AddThis:

http://www.addthis.com/privacy/privacy-policy

If you do not want AddThis to collect data in the future, you can set an "opt-out" cookie which you can download from the following link:

http://www.addthis.com/privacy/opt-out

You can prevent the AddThis plugins loading at all by using add-ons for your browser, e.g. the script blocker "no script":

https://noscript.net/

The measures carried out by way of AddThis are performed on the basis of point (f) of sentence 1 of Article 6(1) GDPR. For the cases in which personal data are transmitted to the USA, Oracle has undertaken to comply with the EU-US Privacy Shield:

https://www.privacyshield.gov

e) Social links/pages on Facebook and YouTube

Our website also contains links to services such as Facebook and YouTube where we also have company web pages. When you click on the embedded logo you are forwarded to the website of the respective website operator, i.e. only then is user information transmitted to the respective website operator.

If on our website you click on a link to corresponding services your browser establishes a direct connection to the servers of the respective operator. When you click on the link, the operator receives the information that your browser accessed the corresponding page of our website, even if you do not have a user account with the respective operator or are not logged in at the time. This information is directly transmitted to a server of the respective operator and stored there.

If you are logged in to an operator's website, the operator can directly allocate your visit to our website to your user account. If you interact with corresponding plugins, e.g. you click the "LIKE" or "SHARE" button on Facebook, the corresponding information is also directly transmitted to the respective server of the operator and stored there. The information may also be published on your profile with the respective operator and shown to your contacts.

The respective operator can use this information for the purpose of advertising, market research and to tailor its service to user needs. For this the operator creates user, interest and relationship profiles, e.g. in order to evaluate your use of our website with respect to the advertisements displayed to you by the operator, to inform other users about your activities on our website and in order to provide further services connected with the use of the operator.

If you do not want the operator to allocate the data collected about our website to your user account, you must log out from the respective operator before visiting our website.

We use our website and other Internet pages on the basis of point (f) of sentence 1 of Article 6(1) in order to promote our company and to provide the user with additional information. For the cases in which personal data are transmitted to the USA, the service operators or their representatives have undertaken to comply with the EU-US Privacy Shield:

https://www.privacyshield.gov

Further information about the services embedded in our website can be found under the following points below.

aa)    Facebook plug-ins

The plugins of the social network Facebook, operator: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are embedded in our website. You can recognise the Facebook plugins from the Facebook logo on our website. An overview of the Facebook plugins is available here:

https://developers.facebook.com/docs/plugins/

When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. In this way, Facebook is informed that you have visited our website from your IP address. If you click the Facebook "like button" whilst logged into your Facebook profile, you can link to the content of our pages from your Facebook profile. This allows Facebook to allocate the visit to our website to your user account. Please note that, as website operator, we do not receive any information about the content of the data transmitted or their use by Facebook. Further information on this can be found in Facebook's privacy policy which is available at:

https://facebook.com/policy.php

If you do not want Facebook to be able to allocate your visit to our website to your Facebook user account, please log out of your Facebook user account.

bb)    YouTube plug-ins

Our website uses plugins of the YouTube service. The operator of the service is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"). If you visit our website with a YouTube plugin, a connection is established to YouTube's servers. In this way YouTube's server is informed that you have visited our website. If you are logged into your YouTube account, you allow YouTube to directly allocate your surfing behaviour to your personal profile. You can prevent this by logging out of your YouTube account.

Further information on this can be found in YouTube's privacy policy which is available at:

https://policies.google.com/privacy?hl=de

f) Use of our e-mail address and our contact forms

For questions of all kinds we offer you the possibility of contacting us via the e-mail addresses or contact forms provided on the website. When you contact us, we process the personal data you provide for the purpose of answering your enquiry. All information is provided on a voluntary basis.

Pursuant to point (a) of sentence 1 of Art. 6(1) GDPR, the legal basis for the data processing for the purpose of contacting us is your voluntary consent.

The personal data we collect in this connection is deleted once we have dealt with your enquiry.

g) Application as supplier

If you want to apply to be a supplier, we collect general information about the company, the contact person at the company (especially communication data) as well as the relevant product categories.

The data are processed for the purpose of taking pre-contractual measures further to your enquiry (point (b) of the first sentence of Art. 6(1) GDPR).

The personal data which we collect in this connection are deleted once we have dealt with your enquiry and are stored in the event that a supply relationship is established between us for the purpose of the contractual relationship.

 

h) Application as employee

Further-reaching data protection notices in connection with your application for a position with us is provided at the corresponding place in the application tool.

 

i) Portals

On request Eisenmann provides employees, customer and suppliers with special portals which, for example, allow data to be exchanged between Eisenmann, customer and supplier, secure access by employees and authorised external parties to the Eisenmann network or to parts of this by setting up a VPN tunnel as well as proper management of contractual relationships with suppliers (Supplier Relationship Management).

If you wish to use such portals, Eisenmann collects data such as [#please list data or data categories as completely as possible]. After you register, you will be allocated a username and a password which you can use to log into the portal.

Communication data for the portals is stored in "log files" which are automatically deleted after a reasonable period. If you use our portals, we save the data necessary for performance of the contact until your access finally expires.

In the framework of the communication via these portals we use the services of Juniper Networks GmbH (portal "data exchange", "Eisenmann employees" and "Eisenmann partners") or SAP SE ("supplier portal SAP").

Pursuant to point (a) of sentence 1 of Art. 6(1), the legal basis for use of the portals is your consent.

 

j) Newsletters

If you have expressly granted your consent in accordance with point (a) of sentence 1 of Art. 6(1) GDPR , we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter it is sufficient for you to provide an e-mail address.

You can unsubscribe at any time, for example by clicking a link at the end of every newsletter. Alternatively you can send your unsubscribe request to us by e-mail to info@ruhsrat.com at any time. If you withdraw your consent we will erase the data you provided exclusively for the purpose of sending you our newsletter.

7. Rights of data subjects

You have the right,

–    on the basis of Art. 15 GDPR, to obtain information about your personal data being processed by us. You can, in particular, obtain information about the purposes of the processing, the categories of personal data concerned, the categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, where the personal data were not collected by us any available information as to their source, as well as the existence of automated decision-making, including profiling, and significant information about the details, where applicable;

–    on the basis of Art. 16 GDPR, to obtain rectification of your inaccurate or incomplete personal data stored by us;

–    on the basis of Art. 17 GDPR, to obtain erasure of your personal data stored by us unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

–    on the basis of Art. 18 GDPR, to obtain restriction of processing of your personal data where the accuracy of the personal data is contested by you, the processing is unlawful but you oppose the erasure of the personal data and we no longer need the personal data but you require them for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Art. 21 GDPR;

–    on the basis of Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to have those data transmitted to another controller;

–    on the basis of Art. 7(3) GDPR, to withdraw your consent at any time; a corresponding e-mail to info@ruhstrat.com is sufficient. The consequence of this is that we will then no longer be able to continue the data processing which was based on this consent;

–    For information, rectification and deletion requests, please contact our data protection officer via the email address antje.duderstadt@eisenmann.com.

–    on the basis of Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can lodge the complaint with the supervisory authority of your habitual residence, place of work or the place where our company is established.

8. Objection right

If your personal data are processed on the basis of legitimate interests in accordance with point (f) of sentence 1 of Article 6(1) GDPR, you have the right, on the basis of Art. 21 GDPR, to object to the processing of your personal data on grounds relating to your particular situation or to object to processing for direct marketing purposes. In the latter case, you have a general right to object which we will respect without you providing grounds relating to a particular situation. If you would like to exercise your right to object, it is sufficient to send a corresponding e-mail to info@ruhstrat.com.

For data breaches, please contact our data protection officer via the email address antje.duderstadt@eisenmann.com.

9. Updating the privacy policy

This privacy policy is currently valid.

It may be necessary to modify this privacy policy as a result of further developments to the services we offer on our website, other pages on the Internet and in our app or on the basis of changes to statutory or official requirements. We will not expressly notify you of changes to the privacy policy. We therefore recommend that you read through our privacy policy on a regular basis.

The respective current valid version is available to you on our website and on our other pages on the Internet at all times and you can also print it out.

Date: May 2018