Privacy policy
1. name and contact details of the person responsible
The person responsible within the meaning of the EU General Data Protection Regulation (hereinafter: DSGVO) and the other applicable data protection laws of the Member States and other data protection regulations is
Responsible: Yann Eisenbarth
Export GmbH J. Eisenbarth
Südstraße 3
66701 Beckingen
Beckingen, Germany
E-Mail: info@exportgmbh.de
Telephone: +49 (0) 6835 - 5001
2. name and contact details of the company's data protection officer
The data protection officer of the controller is
Yann Eisenbarth
Export GmbH J. Eisenbarth
Südstrasse 3
66701 Beckingen
Allemagne
E-Mail: info@exportgmbh.de
Phone: +49 (0) 6835 - 5001
3. General information on data processing
3.1 Scope of the processing of personal data
In principle, we only process your personal data to the extent necessary to provide a functional website and our content and services offered, and regularly only with your consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
3.2 Legal basis for the processing of personal data
The legal basis for consent to the processing of personal data is Art. 6 para. 1 lit. a DSGVO.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.
3.3 Data erasure and storage duration
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
4. provision of the website and creation of log files
4.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.
The following data is collected:
IP address of the requesting computer (anonymized),
Date and time of access,
Name and URL of the retrieved file,
Website from which the access was made (referrer URL),
browser used and, if applicable, the operating system of your computer and the name of your access provider
The data is also stored in the log files of our system. This data is not stored together with your other personal data.
4.2 Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.
4.3 Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your computer. For this purpose, your IP address must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of our website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes or to draw conclusions about your person in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f DSGVO.
4.4 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after 30 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
4.5 Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.
5. contact form and e-mail contact
5.1 Description and scope of data processing
There is a contact form on our website which can be used to contact us electronically. If you use this option, both the content of the mandatory fields and the optional content will be transmitted to us and stored.
Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.
Alternatively, you can contact us via the e-mail address provided. In this case, your personal data transmitted with the e-mail will be stored.
No data will be passed on to third parties in this context. The data will be used exclusively for processing the conversation.
5.2 Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if you have given your consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
5.3 Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
5.4 Duration of storage
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
5.5 Possibility of objection and removal
You have the option to withdraw your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, the conversation can no longer be continued.
You can revoke your consent and object to storage via the e-mail address provided in the legal notice or by telephone using the telephone number provided.
All personal data stored in the course of contacting us will be deleted in this case.
6 Plugins and tools
6.1 Google Maps
a) Description and scope of data processing
We have integrated map material from the Google Maps service into our website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. In order to display the content in your browser, your IP address must be transmitted to Google, otherwise Google would not be able to provide you with this integrated content.
This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
b) Legal Basis for Data Processing
The legal basis for processing the data is Article 6(1)(f) GDPR. If consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the European Commission. For details, please see:
https://privacy.google.com/businesses/gdprcontrollerterms/
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
c) Purpose of Data Processing
The purpose, and at the same time the legitimate interest, arises from our need for an appealing presentation of our online offering and the easy findability of the locations specified on our homepage. For example, you can see at a glance where our company headquarters are located. The directions feature helps you find the fastest or shortest route to us.
d) Storage Duration
Some data is stored by Google for a specified period. For other data, Google provides the option to delete it manually. Furthermore, Google anonymizes information in server logs by deleting part of the IP address after 9 or 18 months.
For more information about how Google handles user data, please see Google’s privacy policy:
https://policies.google.com/privacy?hl=en.
6.2. WP Statistics
a) Description and Scope of Data Processing
We use the WP Statistics tool on our website to statistically analyze visitor access. The provider is Veronalabs, ARENCO Tower, 27th Floor, Dubai Media City, Dubai, Dubai 23816, UAE (https://veronalabs.com).
We collect, among other things:
The IP address of the requesting computer (anonymized)
The website from which the access occurs (referrer URL)
The browser used
The search engine used
Visitor actions (e.g., clicks and views)
b) Legal Basis for Data Processing
The storage of WP Statistics data is based on Article 6(1)(f) GDPR.
c) Purpose of Data Processing
There is a legitimate interest in the anonymized analysis of user behavior to continuously optimize the website for visitors. In no case do we use the collected data to draw conclusions about your person.
d) Type and Duration of Storage
The collected data is stored exclusively locally on the web server until it is no longer used for the stated purposes. The data is not shared with third parties.
6.3. Wordfence Security
a) Description and Scope of Data Processing
To secure our website, we use the "Wordfence Security" service, provided by Defiant Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA.
The website uses the service to protect against viruses and malware and to defend against attacks by cybercriminals. To protect against brute-force and DDoS attacks or comment spam, IP addresses are stored on Wordfence servers. IP addresses deemed harmless are added to a whitelist.
b) Legal Basis for Data Processing
The data collection is based on our legitimate interests pursuant to Article 6(1)(f) GDPR.
c) Purpose of Data Processing
Wordfence Security protects our website and, in turn, website visitors from viruses and malware. This constitutes a legitimate interest under Article 6(1)(f) GDPR.
Further information on data collection and use by Wordfence Security can be found in Defiant’s privacy policy:
https://www.wordfence.com/privacy-policy/.
7. Rights of the Data Subject
If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:
7.1. Right of Access
You can request confirmation from the controller as to whether personal data concerning you is being processed. If such processing exists, you can request information from the controller about the following:
The purposes for which the personal data is processed;
The categories of personal data being processed;
The recipients or categories of recipients to whom the personal data has been or will be disclosed;
The planned duration of the storage of the personal data concerning you, or, if specific information is not possible, the criteria used to determine the storage duration;
The existence of the right to rectification or erasure of personal data concerning you, the right to restrict processing by the controller, or the right to object to such processing;
The existence of a right to lodge a complaint with a supervisory authority;
All available information on the origin of the data if the personal data was not collected from the data subject;
The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Right to Information on Data Transfers
You have the right to request information as to whether your personal data is being transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
7.2. Right to Rectification
You have the right to request the rectification and/or completion of inaccurate or incomplete personal data concerning you from the controller. The controller must make the correction without delay.
7.3. Right to Restriction of Processing
You may request the restriction of the processing of your personal data under the following conditions:
If you contest the accuracy of your personal data for a period enabling the controller to verify its accuracy;
The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead;
The controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims; or
You have objected to processing pursuant to Article 21(1) GDPR, pending the verification of whether the legitimate grounds of the controller override yours.
If the processing of your personal data has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.
If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
7.4. Right to Erasure ("Right to Be Forgotten")
a) Obligation to Erase
You have the right to request that the controller erase your personal data without undue delay, and the controller is obligated to erase this data without undue delay if one of the following reasons applies:
The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and where there is no other legal basis for processing.
You object to processing pursuant to Article 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or you object to processing pursuant to Article 21(2) GDPR.
The personal data has been unlawfully processed.
The personal data must be erased to comply with a legal obligation in Union or Member State law to which the controller is subject.
The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
b) Notification of Third Parties
If the controller has made your personal data public and is obliged pursuant to Article 17(1) GDPR to erase it, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you have requested the erasure of any links to, or copies or replications of, such personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary:
For exercising the right of freedom of expression and information;
For compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
For reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i), as well as Article 9(3) GDPR;
For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) GDPR, to the extent that the right referred to in Section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
For the establishment, exercise, or defense of legal claims.
7.5. Right to Notification
If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obligated to communicate this to all recipients to whom your personal data has been disclosed unless this proves impossible or involves disproportionate effort.
You also have the right to be informed about these recipients by the controller.
7.6. Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance, provided that:
The processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR; and
The processing is carried out by automated means.
You also have the right to have the personal data transmitted directly from one controller to another, where technically feasible, provided that the rights and freedoms of others are not adversely affected.
The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7.7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, including profiling related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
7.8. Right to Withdraw Consent
You have the right to withdraw your consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
7.9. Right to Automated Individual Decision-Making, Including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Exceptions apply if the decision:
Is necessary for entering into or performing a contract between you and the controller;
Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
Is based on your explicit consent.
In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.
7.10. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.
