Data protection information
(as of 22 October 2022)
This document contains information on the personal data processing activities performed by erfal GmbH & Co. KG (hereinafter referred to as “erfal”) in accordance with the provisions of the General Data Protection Regulation (Art. 13 GDPR).
1. Name and contact details of the person responsible for processing the data (Controller) and the company’s data protection officer
erfal GmbH & Co. KG
Phone: +49 37 45 / 750 0
Fax: +49 37 45 / 750 299
erfal’s data protection officer can be contacted at the above address, care of the data protection officer, or e-mailed at email@example.com.
2. Data processing purposes, legal bases, legitimate interests of erfal or third parties and categories of recipients
2.1 Processing of general user data in logfiles
When accessing our website, the browser on your device automatically sends information to our website server, where it is temporarily stored in logfiles. During this process, the following information typically is collected without your active involvement and stored until automatically deleted:
- IP address of the internet-ready device sending the query,
- date and time of access,
- name and URL of the accessed file,
- website from which the access originated (referrer URL),
- browser used by you and operating system of your internet-ready computer, if applicable.
The legal basis for the processing of this user data is Art. 6 (1) lit. f GDPR. Our legitimate interest arises from the data processing purposes stated below. We would like to point out here that we are unable to draw direct conclusions about your identity from the data collected, neitherdo we attempt to do so. The IP address of your device and other data listed above are used for the following purposes:
- ensuring a smooth connection,
- ensuring easy use of our website,
- analysing system security and stability,
- denial of service attacks and bot use.
The data is stored for a period of 90 days, after which it is automatically deleted.
2.2 Data processing activities when using the search function on erfal.de
In order to optimise our website and product range, we process search terms and searches anonymously within the scope of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR.
2.3 Retailer search and language settings data processing activities
By specifying a location (postcode / town), erfal will be able to show you the closest retailers for this area on demand.
For this, we integrate the maps of the service “Google Maps” owned by Google. The processed data may include particularly the IP addresses and your location information.
The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The above-mentioned processing can result in a data exchange transmitted to the servers in the USA, i.e. in a such-called third country. The data is transmitted in accordance with the principles of the so-called EU-US Privacy Shield and based on such-called standard contractual clauses of the EU Commission. This guarantees you, the user, an appropriate level of data protection, particularly legally binding and enforceable rights.
In addition, erfal detects the preferred language setting in your operating system and shows you the most suitable language version of our website. This information is not stored in a person-related manner.
This data processing takes place in the context of our legitimate interest in accordance with Art. 6 Para. 1 lit. f GDPR, to make a user-friendly, service-oriented online offer.
2.4 Data processing activities for optimising our online contents
2.4.1 Cookies – general information
If you have an erfal customer account and are logged in, the information stored in the cookies described above will also be stored in your customer account.
You can adjust your browser settings to block cookies or to always display a warning before installing a new cookie. You can also delete previously installed cookies at any time. However, if you deactivate all cookies, you may not be able to use all of the functions on our website. You should be able to find information on managing your cookie settings by clicking on “Help” in your browser. The storage period of the cookies depends on their purpose and may differ.
2.4.2 Google Analytics reach analysis
Within the scope of our legitimate interest in a user-friendly perception of our online contents, we use reach analyses and statistical analyses on the basis of Art. 6 (1) lit. f GDPR to design, and to continuously optimise, a needs-based website. We use Google Analytics for this purpose. Google Ireland Limited (“Google”), a company registered and operated under Irish law (commercial register number: 368047) with head office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), processes information from cookies stored on your device by our order. Pseudonymised user profiles are created and statistically analysed in this regard. The information created by the cookie on your use of this website, such as browser type / version, operating system, referrer URL (previously visited website), host name of accessing computer (IP address) and time of server query, may be transferred to and stored on a Google server in the USA. The information is used for analysing the use of the website, compiling website activity reports and providing other services relating to the use of the website and internet for the purpose of market research and the needs-based design of this website. The _ga cookie installed for measuring reach remains stored for 24 months, unless you delete it yourself. The other cookies, _gat and _gid, are deleted by the browser after one day. Your IP address will never be combined with other Google data. The IP addresses are anonymised to make it impossible to allocate them (IP masking). You can prevent cookies from being installed by adjusting your browser settings accordingly. However, we would like to point out that if you do so, you may not be able to fully use all of the functions on this website. You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing this Browser Add-on. For further information on data privacy in connection with Google Analytics, please go to the Google Analytics website.
The Google Tag Manager is also used on this website. This is a non-cookie domain that does not collect any personal data. The Google Tag Manager triggers other tags (including cookies) that may in turn collect data. We would like to remind you of this fact at this point. The Google Tag Manager does not access this data.
The above processing activities may effect data transfer to the servers of the web analysis technology providers we engage. The data transfer complies with the principles of the EU-US Privacy Shield and the Standard Contractual Clauses of the EU Commission. This provides you, the user, with a guaranteed data protection standard and, in particular, legally binding and enforceable rights.
2.4.3 Typekit fonts
Within the scope of our legitimate interest in a user-friendly perception of our online contents, we integrate contents hosted on other servers in order to freely design the website and also to be more efficient and save costs.
The above processing activities may effect data transfer to the servers of the web analysis technology providers we engage.
The servers of this service are located in the USA. The data transfer complies with the principles of the EU-US Privacy Shield and the Standard Contractual Clauses of the EU Commission. This provides you, the user, with a guaranteed data protection standard and, in particular, legally binding and enforceable rights.
2.5 E-mail contact
erfal manufactures the “products” outlined on the website and sells goods to registered specialist retailers. We may process personal data in this respect and to the extent required to fulfil our contractual obligations. Please read the additional data protection declaration on erfal-shop.de.
When you contact us via e-mail, we process your name, contact details (such as phone number, e-mail address and postal address). as well as all other information, for the fulfilment of precontractual measures (Art. 6 (1) lit. b GDPR). This includes information provided by you when you ask us a question or give us feedback.
2.6 Processing of applicants’ data
If you send us job application documents, via e-mail for instance, we process your personal data for the purpose of implementing the recruitment process in accordance with Section 26 of the Federal Data protection Act (Bundesdatenschutzgesetz – BDSG) in conjunction with Art. 6 (1) lit. b GDPR. This information primarily contains your personal details, including:
- contact details: name, phone number, e-mail address, private address, etc.;
- application details: CV, certificates, covering letter, previous jobs and positions in other organisations, vocational training, professional qualifications, reference contact details, position preferences, willingness to relocate, salary expectations, interests, wishes, etc.;
- sensitive information: gender, origin, religious beliefs, marital status, age, if applicable, details on health and degree of disability or physical limitations, etc.;
- convictions and sanctions: criminal convictions, sanctions by supervisory or professional organisations, etc.;
- all other information that you send to us (whilst corresponding with us).
Personal data may also be contained in the minutes of a job interview or assessment documents we prepare.
We may also receive personal details about you from third parties, such as
- recruitmentagencies we engage;
- public sources, such as professional social media networks (Xing or LinkedIn).
Personal data may also be contained in the minutes of a job interview or assessment documents we prepare.
We process the data provided by you in connection with your job application solely toassess your suitability for the position (or any other vacancies within our company) and to implementthe recruitment process. Within erfal, the only instances provided with this data are those in need of it for processing the application.
In the event of us concluding an employment contract with you, your personal data may also be processed for implementing the employment relationship in compliance with the legal provisions. In such case, we shall notify you separately about the processing of your personal data within the scope of the employment relationship.
Other application documents are deleted no later than five months from the announcement of the rejection, unless such deletion is opposed by other legitimate interests. Within this meaning, another legitimate interest is, for instance, an obligation to provide evidence in proceedings in accordance with the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz – AGG).
Insofar as required and if your rights do not outweigh our interests, we process your data for the purpose of maintaining our legitimate interests or those of third parties (Art. 6 (1) lit. f GDPR) in order to:
- improve our recruiting processes and activities;
- effectively manage and operate our company;
- assert legal claims and defend legal disputes;
- ensure IT security and IP operations, data security and data protection controls;
- operate CCTV to control access to our premises, prevent crime and collect evidence in the event of a suspected crime;
- implement building security measures (such as data collection in the visitors’ book for access control).
If you give us your consent and/or indicate your consent in your job application (by naming another erfal Group company, for instance), we shall also forward your documents to the responsible HR employees of other erfal companies.
In addition to the recipients named in the individual data processing activities, we shall transfer your only data if permitted or obliged to do so by law, you have given your consent for us to do so and/or the order processors engaged by us guarantee compliance with the provisions of the GDPR.
Under these conditions, recipients of personal data may include:
- public instances and institutions (such as public prosecutor’s office, police, etc.) for handling enquiries from authorities, insofar as this is in the interest of the customer or we have a legal obligation to cooperate;
- order processors to whom we transfer personal data for the implementationof the business relationship with you, such as for supporting / maintaining IT applications, archiving, receipt processing, call centre service, compliance and audit, controlling, data destruction, purchasing / procurement, marketing, software development, risk controlling, telephony, hosting and website management.
2.8 Newsfeed Telegram
We are offering to our customers and interested persons to receive news of erfal directly in their Telegram Messenger. Further, you can interact with us about this platform. You have to acceppt the general terms and conditions, on which erfal has no influence, if you want to use the Messenger service Telegram on your mobile phone. erfal has no influence on the data-legal regulations and settings of this platform. erfal points out that Telegram is not located in the EU but assures that the data is stored in the EU. Also, according to Telegram Messenger Inc., Telegram users can exercise the data protection rights they are entitled to in the EU. You can find more information about the data protection of Telegram here: https://telegram.org/privacy . When using the erfal newsfeed typically no personal data is processed by erfal. Within the scope of the legitimate interests in an efficient and direct external communication we process messages, which you send to the erfal via Telegram, as well as your ID which is assigned to your Telegram profile, the user name (not your phone number) and if given to Telegram: First Name and Last Name. You can always log out from the Telegram Newsfeed of erfal by clicking on Leave in the upper part of the channel.
2.10 Provision of website content for third-party embeds
It happens that we provide selected business partners with website content created by us for embedding on the business partners website. In this context, visitors to the business partner's site are redirected to online resources provided by erfal. Therefore, IP addresses and the terminal device data of the visitors of the website are processed. The processing of personal data serves exclusively to enable the users a smooth surfing experience and due to IT security reasons.
3. Your data privacy rights
In addition to the right to withdraw your consent given to us, you have the following rights under the respective legal conditions:
- right to information on your personal data stored in accordance with Art. 15 GDPR; in particular, you may request information on the processing purposes, categories of your personal data, categories of recipients to whom your data has been, or is being, disclosed, planned storage period and origin of your data, if it was not collected directly from you,
- right to rectification of inaccurate or completion of accurate data in accordance with Art. 16 GDPR,
- right to erasure of your data stored by us in accordance with Art. 17 GDPR, unless legal or contractual retention periods or other legal obligations and/or rights for further storage are to be observed,
- right to restriction of processing your data in accordance with Art. 18 GDPR if you dispute the accuracy of the data or the data is being processed illegitimately but you object to it being deleted; the controller no longer requires the data but you still require it for asserting, executing or defending legal claims or if you have objected to the processing activities in accordance with Art. 21 GDPR,
- right to data portability in accordance with Art. 20 GDPR, i.e. the right to receive data provided by you and stored by us in a commonly used and machine-readable format, orthe transfer of this data to another controller,
- right to complain to a supervisory authority. You can usually contact the supervisory authority in your regular place of residence or work or in the location of our head office for this purpose.
- Right to object
In accordance with Art. 21 (1) GDPR, an objection may be raised against the data processing activities for reasons arising from the specific situation of the data subject.
4. Links to other websites