Privacy Policy

Last updated on: July 1st 2021

The Elinvar GmbH (hereafter Elinvar) appreciates your interest in the company and the resulting visit to the website.

The protection of your privacy when using our website is important to us. According to the principles of data economy and privacy-by-design, we try to avoid the processing of personal data when using our website. Therefore, we refrain from integrating third-party services, passing on usage data to third parties, using personal tracking technologies and using cookies. This enables us to present our website without “cookie banner” / “consent management banner”. Nevertheless, we treat any personal data collected during the use of this website confidentially.

With this privacy policy, we would like to inform you about the type, scope and purpose of the collection, use and application of personal data. Please therefore take note of the following information:

Controller

Elinvar GmbH
Winsstraße 62
10405 Berlin
Germany

Email: contact@elinvar.de

Registration court: Amtsgericht Charlottenburg (Berlin, Germany)
Registration number: HRB 167185 B

Authorized Managing Directors and those responsible for content

Christian Bartz
Sebastian Böttner

Data Protection Officer

You can reach our data protection officer at:

Elinvar GmbH
Data Protection Officer
Winsstraße 62
10405 Berlin
Germany
Email: datenschutz@elinvar.de

Types of data processed

Elinvar processes inventory data (e.g. names, addresses), contact data (e.g. e-mail), usage data (e.g. websites visited, access times), metadata (e.g. IP addresses) and employee information (e.g. photos, names, positions) within the scope of this website.

Processing of special categories of data (Art. 9 para. 1 GDPR)

Elinvar does not process any special categories of data within the scope of this website.

Categories of individuals affected by the processing operation

Within the scope of this website, Elinvar processes data from visitors and interested parties, hereinafter collectively referred to as “users”, as well as from employees.

Purpose of processing

Within the scope of this website, Elinvar processes personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) for the purpose of providing the website and related content and functions, for the purpose of advertising, marketing and market research, for communication with users, for answering contact enquiries and within the framework of security measures (IT security).

Elinvar processes personal data only if legally permitted to do so and in compliance with the relevant data protection regulations. Accordingly, personal data will only be processed if this is necessary or legally required, in particular

  • for the provision of contractual services (order processing)
  • for the provision of online services
  • in the case of user consent
  • and in the legitimate interest of Elinvar.

The personal data processed by Elinvar are subject to the following legal principles in accordance with Art. 13 GDPR:

  • Art. 6 para. 1 lit. a. GDPR for consents
  • Art. 6 para. 1 lit. b. DSCGO for the processing for the fulfilment of the services rendered by us and the implementation of contractual measures
  • Art. 6 para. 1 lit. c. GDPR for processing for the fulfilment of our legal obligations
  • Art. 6 para. 1 lit. d. GDPR for processing for the purpose of fulfilling the vital interests of the data subject or another natural person
  • Art. 6. para. 1 lit. f. GDPR for processing to safeguard our legitimate interests

Subject of data protection

Subject of data protection are personal data in the sense of the. Art. 4 of the General Data Protection Regulation (GDPR), i.e. all information relating to an identified or identifiable natural person (hereinafter referred to as the data subject). An identifiable natural person is one who can be identified directly or indirectly, by assigning an identifier, via the data required for the transaction. This includes, for example, your name, your address, your telephone number, your e-mail address and other data required for business transactions. Data that cannot be associated with your person are not included.

Security measures

In accordance with Art. 32 GDPR, Elinvar shall take appropriate technical, organisational and contractual measures to ensure processing, taking into account the state of the art as well as the type, scope, circumstance, purpose of processing and implementation costs, in order to protect the user’s personal data against unintentional or unlawful manipulation, destruction, deletion, loss and against unauthorised access or disclosure.

Security measures include, in particular, ensuring the confidentiality, integrity and availability of data through physical access and logical access controls as well as other controls relating to the input, transmission, security, availability and separation of personal data. This also includes the encrypted transmission of data between your browser and our server.

Elinvar also has procedures in place to respond to data breaches, data deletion, and the exercise of data subjects’ rights.

Disclosure of data to third parties and third-party providers

To protect the personal data of our users, we try to avoid all direct connections to third parties within the scope of our online offer.

Elinvar will only pass on data within the framework of the legal requirements on the basis of Art. 6 Para. 1 lit. b. GDPR (contract purposes), in accordance with Art. 6 Para. 1 lit. f. GDPR (legitimate interest), on the basis of a consent given by you or if a legal obligation provides for this.

No data is passed on to third parties as part of the use of this website. Third-party services used are integrated locally in a data protection-friendly manner, so that no data is passed on to third parties.

All external service providers are carefully selected by us and checked for compliance with the contractual requirements and thus also the provisions of the GDPR. All external service providers are obliged to treat the information in accordance with this data protection declaration or the applicable data protection regulations. They are contractually obliged to comply with data protection regulations and are not regarded as third parties in the sense of data protection law. Inclusion in data processing is then based on an agreement on order processing pursuant to Art. 28 GDPR. Personal data will not be passed on or sold.

Transfers to third countries

A data transfer to places in states outside the European Union (so-called third countries) in the context of a processing (e.g. by using the services of third parties) or a disclosure or transfer of data to third parties only takes place to fulfill our (pre)contractual obligations, due to a statutory provision or according to your consent. Here the requirements of Art. 44 ff. GDPR with regard to the requirement of guarantees for compliance with a data protection level corresponding to the EU on the basis of international agreements (e.g. EU-US Privacy Shield) or EU standard contract clauses.

Collection and storage of personal data

Your personal data will only be collected if you provide it to us on request for specific purposes – e.g. to answer enquiries. Personal data that you voluntarily provide to us when using electronic forms, such as contact forms, or by e-mail, is only collected, processed and used for the purpose for which it was provided, such as registering for personalized services, responding to inquiries, technical administration or processing a contractual relationship. Your personal data will always be treated confidentially and will only be stored until the purpose for which it was provided has been fulfilled or the legal obligation to retain it has expired. The personal data is used to provide services. If you have explicitly agreed to this, you will also receive product information.

Contact

If you contact us by e-mail or contact form, your details will be processed in accordance with Art. 6 para. 1 lit. b. GDPR for the treatment and processing of the contact inquiry. The requests will be deleted if they are no longer necessary. They are checked once a year.

Collection of access data

On the basis of the legitimate interest of Elinvar within the meaning of Article 6(1)(f) GDPR, data on access to the server is collected via so-called server log files. The data collected includes the name of your Internet service provider and an IP address assigned by this provider, the website from which you visit us, the web pages you visit on our site, the files accessed, the browser used, the operating system used and the date and time of your visit. The access data is stored in order to ensure the functionality of our Internet offer. This information is used to optimize the website and to ensure the security of our IT systems and services. An evaluation for marketing purposes does not take place in this context.

For security reasons, the server log files and the information contained therein are stored for a period of 30 days and then deleted. If certain server log files are necessary for the clarification of fraud or abuse actions or for evidence purposes, they are stored until the final clarification of the respective incident and then deleted.

Cookies

Cookies are small text files that are stored on your device and can thus be used by websites.

We do not use cookies within the scope of our online offer. For the analysis of data traffic, we use the technically-related usage data (server logs). For social media functions, the user is only redirected to the corresponding pages after desired interaction by the user (links).

Website analysis with Matomo

Elinvar uses a local installation of the open source software Matomo within the scope of this website for the statistical evaluation of website usage (legitimate interest according to Art. 6 para. 1 lit. f. GDPR). Analyzing the behaviour of our users on our website in this way enables us to constantly improve user experience and to identify errors. In order to take sufficient account of the users’ interest in the protection of their personal data, Matomo is operated exclusively locally, the data is not passed on to any third party and the IP address is anonymized immediately after processing and before its storage and evaluation.

External Links

On our websites you will find links which refer to pages of third parties. We have no influence whatsoever on the design and content of websites operated by third parties. For this reason, our assurances given to you do not apply to them.

The operators of the respective services are responsible for the collection, storage and processing of personal data. We refer to their respective data protection declarations. Elinvar will only process user data if users communicate with Elinvar within social networks in the form of posts or messages.

Third party websites to which we refer are in particular:

In case of requests for information as well as the assertion of your user rights, it is best to contact the respective provider directly due to the data storage by the providers and their access to the data. We have documented the necessary links to the data protection declarations of the providers above.

Applicant data

The data you provide will only be processed for the purpose of handling your application on the basis of Art. 88 DSGVO in conjunction with. § 26 of the German Federal Data Protection Act (BDSG). Your objection is possible, but then we cannot process your application.

Your application will not be passed on to third parties without your consent. Your data will be deleted after 6 months, unless you give Elinvar permission on request to store your data for longer for future consideration in filling a vacancy.

Within the scope of this processing, you have the right to information, correction, restriction of processing and deletion of your data, as well as to lodge a complaint with the data protection supervisory authority responsible for us.

As part of the online application process, you will be transferred (link) to our application portal at Recruitee B.V. (jobs.elinvar.de). In this context, you can also apply directly with your Indeed profile. With regard to the application portal at Recruitee B.V., as well as the use of Indeed, we refer to the Privacy Policies of these providers:

  • recruitee.com of Recruitee B.V., Johan Huizingalaan 763A, 1066VH, Amsterdam („Recruitee“), Netherlands
    Privacy Policy: https://recruitee.com/privacy
  • indeed.com of Indeed Ireland Operations Limited, 124 St. Stephen’s Green, Dublin 2, Ireland
    Privacy Policy: https://de.indeed.com/legal

Protection for minors

This Privacy Policy does not cover the use of our website by minors. We are aware of the importance of protecting information about minors on the Internet. Therefore, we do not knowingly collect or maintain information about children.

Right of information, revocation and deletion

Pursuant to Art. 15 GDPR, as an affected party you have the right at any time to request free information on the personal data stored by us, its origin and recipient as well as the purpose of the data processing.

In addition, you have the right to have personal data corrected (pursuant to Art. 16 GDPR), blocked (pursuant to Art. 18 GDPR) and deleted (pursuant to Art. 17 GDPR) and, if applicable, to have data portability (pursuant to Art. 20 GDPR). Furthermore, you have the right to file a complaint (pursuant to Art. 77 GDPR) with the responsible supervisory authority if unlawful data processing is assumed. Please send a corresponding request or a request for correction, blocking, deletion or data portability of your personal data stored by us via e-mail to datenschutz@elinvar.de. Alternatively, please state in the subject line: “Data deletion” or “Data blocking” or “”Data correction”” or “Data portability”. We will arrange for the deletion or blocking of your data or make the necessary corrections or data portability as far as legally possible.

You also have the right to revoke your consent, in principle with effect for the future, pursuant to Art. 7 para. 3 GDPR. Please send a corresponding request or a request for revocation by e-mail to datenschutz@elinvar.de. As an alternative, please state “Revocation” in the subject line.

Furthermore, you may object to future processing of your personal data in accordance with Art. 21 GDPR at any time. To do so, it is sufficient to send us an according e-mail to datenschutz@elinvar.de.

The stored personal data will be deleted if there are no legal obligations to retain the data or if the personal data is no longer required for its intended use in accordance with Art. 17 GDPR. If there is a legally permissible reason for the further storage of the personal data, Elinvar will restrict its processing in accordance with Art. 18 GDPR, in which this data is blocked and no longer processed for other purposes. This applies in particular to data which must be stored for tax and commercial reasons.

The duration of the storage of personal data depends on the respective legal requirements. According to § 257 para. 1 HGB (German Commercial Code) (including commercial books, annual financial statements and commercial letters) the data must be kept for 6 years and according to § 147 para. 1 AO (including records, books and commercial and business letters) the data must be kept for 10 years.

If you have any questions about the collection, processing and use of your personal data, about data protection in general or in the event of complaints, please contact our data protection officer, who is also available to you in the event of complaints at datenschutz@elinvar.de

We will endeavor to answer your questions as quickly as possible.

Subject to change

We always keep this privacy policy up to date. Therefore, we reserve the right to adapt this data protection declaration in the event of legal and/or technical requirements, for reasons of clarifying explanations or changes to the service as well as data processing. The changes, however, only apply with regard to declarations on data processing. If, however, components of the data protection declaration contain provisions of the contractual relationship with the users or if user consents are required, the respective change shall only take place with the consent of the users.

We therefore ask you to observe the current version of this data protection declaration and to inform yourself regularly about the content of the data protection declaration.

A printout or a storage of the data protection regulations is possible at any time.