Privacy statement of EPLASS project collaboration GmbH (hereinafter: EPLASS) as information for the website visitor (hereinafter: user).
In Authority of:
Data protection official
A. Blücher, firstname.lastname@example.org
Processing purpose of the personal data and the legal basis
Personal data is information, which refers to an identified or identifiable physical person.
This embraces information such as name, address, phone number and date of birth.
However, any information which cannot be related to the user’s real identity - such as number of users of a specific page - is not defined as personal data.
Recording and processing of personal data
The provider uses the personal data entered by the user only in accordance with the German and European data privacy law.
For reasons of data security, when a user visits EPLASS web pages, the provider’s web servers temporarily save by default, the required user’s connection data, the visited web pages, the date and duration of the visit, the identification data of the used type of browser and the operating system as well as the web page from which the user visited EPLASS pages.
Any additional personal information beyond that, such as the user’s name, address, phone number or E-mail address is not being recorded, unless the data was given voluntarily. For example, in the case of a registration, a survey, a tender or in such cases as the user requesting information from the provider or closing a contract with EPLASS.
Using and forwarding personal data
The provider uses the personal data entered by the user only for technical administration of the web pages and to fulfill the user’s requests and requirements, I.e. usually for processing the concluded contract, for billing purposes or for answering the user’s enquiry.
The provider uses this data for product-related surveys and marketing purposes only if the user has given his or her agreement before or - if legal provisions / regulations allow the permission of this use.
The user’s personal data is not sold to third parties.
If the necessary conditions are set, the provider is authorized to record, process, and use required personal data that is necessary to identify and prevent illegal usage and claims. If necessary, in individual cases, EPLASS is authorized to record, process, and use the user’s data and connection data for the identification and prevention of illegal enforcement of rights in communication systems.
According to the applicable / effective provisions, EPLASS is authorized to forward the information for the purposes of prosecution to the appropriate prosecution authorities.
Apart from that, the legal basis for the handling of data is always an effective agreement, the accomplishment of preliminary agreements, a legal commitment, or justified interests.
Justified interests, pursued by the responsible or a third person
When the legal basis for the data processing is of justified interest, it is an issue of ensuring the operation as well as the security and the improvement of the website. In the practical case of technical problems or attacks, the provider uses the data exclusively for the analysis, tracking and prevention of further problems.
Intention to transmit personal data to a third country or an international organization
Data is only transmitted to a third country, if it is explicitly agreed or if it is necessary to complete an order or other legal transaction, or if the provider is legally obligated to do so.
The same applies to the transmission of data to an international organization.
Storage time for personal data
All personal data will be deleted immediately after the purpose for storing has ended. This does not apply in cases where legal provisions regulate compulsory archiving or in cases of other justified interests.
Right of access
According to the General Data Protection Regulation (GDPR) every user has the right of information about his personal data, stored by EPLASS. Furthermore, if applicable, the user has the right to correction, deletion, limitation of processing, opposition to processing transmission.
The user may demand these rights at any time under the above contact data.
Right of Complaint
Should the user feel, that the processing of his personal data is not in accordance with the GDPR, he has the right of appeal with a controlling authority.
Legal or contractual obligation for the provision of data, consequences of non-provisioning
In cases of a legal or contractual obligation towards EPASS to provide personal data, the user may take the consequences from the underlying law or the underlying contract.
EPLASS does not profile.
Website statistics with Matomo
Should the user specifically want to prevent the recording of data by Mamoto, he may object here
In this case, an Opt-Out-Cookie will be filed in the user’s browser which assures, that Mamoto does not transfer any session data. Please note, that this setting will be lost when this cookie is deleted.
If, in exceptional cases, the provider must also store personal data in a cookie, the user’s permission is emphatically requested. Furthermore, the provider informs the user, that browsers usually have functions for the administration of cookies.
Notes on the newsletter and consents
With the following notes, EPLASS informs about the content of the EPLASS newsletter as well as the registration and delivery process and the user’s right of objection. By subscribing to the EPLASS newsletter, he complies with its receipt and the process as described.
Content of the newsletter
EPLASS sends newsletters, e-mails, and other electronic communication with promotional content (hereinafter: newsletter) only with the recipient’s consent or a legal permission. As far as the contents of a newsletter are concretely described, they are authoritative for the consent of the users. Furthermore, the newsletter contains product information. This may be blogs, lectures, or workshops as well as services and online presentations.
Double-Opt-In and logging
The subscription for a newsletter is made in a so-called Double-Opt-In process. After the subscription the user gets an e-mail, asking for confirmation. This confirmation is necessary to prevent the subscription of external e-mail addresses.
The subscription of a newsletter is recorded for proving the subscription process according to the legal requirements. This includes the storage of the time of the subscription as well as the time of confirmation and the user’s data as provided for the registration.
Cancellation / Revocation Policy
The receipt of the newsletter may be cancelled at any time. Please find the link for the cancellation at the bottom of every newsletter.
Legal bases of the General Data Protection Regulation (GDPR)
In accordance with the specifications as stated in the GDPR, EPLASS informs that the consent for the e-mail dispatch follows article 6, par. 1 lit a, 7 GDPR as well as § 7, subpar. 2 no. 3, resp. subpar. 3 UWG.
Furthermore, the provider informs, that the user may at any time opt out from the future processing of his personal data according to the legal requirements as stated in article 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.
EPLASS takes comprehensive and organizational security measures to protect the user’s personal data from loss or misuse. The user’s data is stored in a secure operating environment, which is not accessible for the public. In specific cases, personal data is encrypted for transmission by using the so-called Secure-Socket-Layer-Technology (SSL). This practice uses an approved cryptographic technique for the communication between the user’s computer and the provider’s servers, assuming, that the user’s browser supports the SSL technology.
When the user contacts the provider via e-mail, the provider indicates, that the confidentiality of the transferred data is not guaranteed. Third parties may view the contents of unencrypted e-mails.
Therefore, the provider recommends for confidential information to be sent exclusively by mail.