Data protection information

Data Privacy Policy –

(as of 15 June 2021)


This document contains information connected to personal data processing activities performed by erfal GmbH & Co. KG (hereinafter referred to as “erfal”) in accordance with the provisions of the General Data Protection Regulation (Art. 13 GDPR).

This Data Privacy Policy applies to data processing activities within the scope of the provision of the website by erfal (“Controller”).

Please do not hesitate to send any questions or suggestions you may have relating to this Data Privacy Policy to the e-mail address stated in Section 1.


1. Name and Contact Details of the Person Responsible for Processing the Data (Controller) and the Company’s Data Protection Officer



erfal GmbH & Co. KG
Gewerbering 8
08223 Falkenstein

Phone:: +49 37 45 / 750 0
Fax: +49 37 45 / 750 299

erfal’s data protection officer can be contacted at the above address, care of the data protection officer, or e-mailed at


2. Data Processing Purposes, Legal Basis, Legitimate Interests of Erfal or Third Parties and Categories of Recipients


2.1 Processing of General User Data in Logfiles


When accessing our website, the browser on your device automatically sends information to our website server, where it is temporarily stored in logfiles. During this process, the following information typically is collected without your active involvement and stored until automatically deleted:


  • IP address of the internet-ready device sending the query,
  • date and time of access,
  • name and URL of the accessed file,
  • website from which the access originated (referrer URL),
  • browser used by you and operating system of your internet-ready computer, if applicable.


The legal basis for the processing of this user data is Art. 6 (1) lit. f GDPR. Our legitimate interest arises from the data processing purposes stated below. We would like to point out here that we are unable to draw direct conclusions about your identity from the data collected, neitherdo we attempt to do so. The IP address of your device and other data listed above are used for the following purposes:


  • ensuring a smooth connection,
  • ensuring easy use of our website,
  • analysing system security and stability,
  • denial of service attacks and bot use.


The data is stored for a period of 90 days, after which it is automatically deleted.

We also use cookies on our website. Section 2.4 below provides further details on the exact type of procedures and how your data is used in this respect.


2.2 Data Processing Activities when Using the Search Function on


In order to optimise our website and product range, we process search terms and searches anonymously within the scope of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR.


2.3 Retailer Search and Language Settings Data Processing Activities


By specifying a location (postcode / city), erfal can show you the nearest specialist retailer for this area at your request.

We use services from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D 04 E5W5, Ireland (“Google” or “Google Maps”). Google Maps is a web service for displaying interactive maps - in order to visually display geographic information. The use of the specialist dealer search on our website, which is based on Google Maps, can cause the transmission and storage of information about your use of our website (e.g. your IP address) to Google servers. This can result in a transmission to the servers of Google LLC. come in the USA. This would be done regardless of whether Google provides a user account that you are logged into, or whether a user account exists. If you are logged into Google, your data would be assigned directly to your account. If you do not wish to be assigned to your profile on Google, you would have to log out before using the function.

Google stores your data (also for users who are not logged in) as usage profiles and evaluates them. The processing (including collection, storage and evaluation) takes place in accordance with Art. 6 Paragraph 1 lit.f GDPR on the basis of Google's legitimate interest in displaying personalized advertising, market research and / or the needs-based design of Google websites. You have the right to object to the creation of these user profiles. To exercise your right to object, you must contact Google directly.

If you do not agree to the future transmission of your data to Google when using Google Maps, you have the option of completely deactivating the Google Maps web service. To do this, you must deactivate the JavaScript application in your browser. Functions of Google Maps (e.g. map display, other functions of the specialist dealer search) can then not be used or not fully used. Further information can be found in Google's data protection declaration at . Details on Google's terms of use can be found at , and explicitly on Google Maps at / help / terms_maps / .

In addition, erfal detects the preferred language setting in your operating system and shows you the most suitable language version of our website for you. This information is not saved in a way that can be related to a person. This data processing takes place within the scope of our legitimate interest in accordance with Art. 6 Para. 1 lit.f GDPR to make a user-friendly online offer.


2.4 Data Processing Activities for the Optimisation of our Online Content


2.4.1 Cookies – General Information


We use cookies on our website on the basis of Art. 6 (1) lit. f GDPR. Our interest inoptimising our website is therefore regarded as legitimate within the meaning of the above provision. Cookies are small files created automatically by your browser and are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause damage to your device and do not contain viruses, Trojans or other malware. Cookies store information generated in connection with the specifically used device. This does not mean, however, that we obtain direct knowledge of your identity. Cookies are used to create an easy user experience when you access our online contents. We use session cookies, for example, in order to recognise that you have previously visited individual pages of our website or that you have already logged into your customer account. These cookies are automatically deleted when you leave our website. We also use temporary cookies that are stored on your device for a certain period of time in order to make our online contents user friendly. If you visit our website again to use our services, the cookies automatically recognise that you have previously visited us and remember your previous inputs and settings so that you do not have to enter all data again.

If you have an erfal customer account and are logged in, the information stored in the cookies described above will also be stored in your customer account.

You can adjust your browser settings to block cookies or to always display a warning before installing a new cookie. You can also delete previously installed cookies at any time. However, if you deactivate all cookies, you may not be able to use all of the functions on our website. You should be able to find information on managing your cookie settings by clicking the “Help” or „Setings“ section in your browser. The storage period of the cookies depends on their purpose and may differ.


2.4.2 Range Analysis Using Google Analytics


As part of our legitimate interest in a user-friendly perception of our online offer, we employ range measurements and statistical analyzes on the basis of Art. 6 Para. 1 lit. f GDPR for the needs-based design and continuous optimization of our pages. We use Google Analytics for this. On our behalf, Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland - registration number: 368047 ("Google") - a company incorporated and operated under Irish law - processes information from cookies stored on your device. In this context, pseudonymized usage profiles are created and statistically analyzed. The information generated by the cookie about your use of this website, such as browser type / version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server request, may be sent to a Transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and needs-based design of this website. The cookie _ga placed to measure the range remains stored for 24 months unless you delete it yourself; the other cookies _gat, _gid are discarded by the browser after 1 day. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (so-called IP masking). You can prevent the installation of cookies by setting the browser software accordingly; however, we would like to point out that in this case not all functions of this website can be used to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing this browser add-on . Further information on data protection in connection with Google Analytics can be found on the Google Analytics website .

The Google Tag Manager is also used on this website. This is a cookie-free domain that does not collect any personal data. The Google Tag Manager triggers other tags (including cookies), which in turn may collect data, which we would like to point out separately. The Google Tag Manager does not access this data.

The aforementioned processing can cause data to be transmitted to the servers of Google LLC. Due to the anonymous nature of the data processing, any further processing on servers of the service provider Google in the USA does not affect the rights and freedoms of our users.


2.5 Typekit Fonts


As part of our legitimate interest in a user-friendly perception of our online offer, we include content that is hosted on other servers for the free design of the website, also taking efficiency and cost-saving considerations into account.

We use external fonts (Adobe Typekit Web Fonts) from Adobe Systems Software Ireland Ltd. for a uniform display across all devices and for improved loading times. which gives us access to a font library. To incorporate the fonts we use, your browser must connect to an Adobe server in the USA and download the font required for our website. This informs Adobe that our website has been accessed from your IP address. Further information on Adobe Typekit can be found in Adobe's data protection information, which you can access here: .

The aforementioned processing can cause data to be transmitted to the servers of the providers of web analysis technologies commissioned by us. The servers of this service are located in the USA. The data is transmitted on the basis of so-called standard contractual clauses of the EU Commission. This guarantees you as a user an adequate level of data protection, in particular legally binding and enforceable rights.


2.6 Contact via E-Mail


The object of activity of erfal is the production of the “products” outlined online and the sale of goods to registered specialist dealers. In this context, we process personal data to the extent necessary to fulfill contractual obligations. Please note the additional data protection declaration for using

In case inquiries are sent to us by e-mail, we process your name, contact details (e.g. telephone number, e-mail address and postal address) as well as all other information to fulfill pre-contractual measures (Art. 6 Para. 1 lit.b GDPR). This includes information that is provide to us, in case a question is asked, or feedback is provided.


2.7 Data Processing of Applicants


If you send us application documents, e.g. by e-mail, we will process your personal data for the purpose of carrying out the application process in accordance with Section 26 of the German Data Protection Law in conjunction with Art. 6 Para. 1 lit.b GDPR. This information is particularly your personal information, including:

Contact details: e.g. name, telephone number, email address, home address;

  • Application data: e.g. curriculum vitae, certificates, cover letters, previous activities and positions in other organizations, training, professional qualifications, reference contact information, position preferences, willingness to move, salary expectations, interests and wishes;
  • Sensitive information: e.g. gender, origin, religion, marital status, age, possibly health data and degree of disability or restrictions;
  • Convictions and sanctions: e.g. criminal convictions, sanctions from supervisory or professional organizations;
  • All other information that you provide to us (during correspondence with us). In addition, personal data can result from the documentation of a job interview or from evaluation documents created by us.


We may also receive personal data about you from third parties, such as


  • by contracted recruitment agencies;
  • from publicly available sources, such as professional social media networks (Xing or LinkedIn).

In addition, personal data can result from the documentation of a job interview or from evaluation documents created by us.

We process the data that you sent us in connection with your application exclusively to check your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process. Within the erfal, only those positions have access to this data that need it to process the application.

If we conclude an employment contract with you, your personal data can also be processed for the implementation of the employment relationship in compliance with the statutory provisions. In this case, we will inform you separately about the processing of your personal data in the context of the employment relationship.

Remaining application documents will be deleted no later than five months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (German law to prevent discrimination).


If necessary and your rights do not outweigh our interests, we process your data to safeguard our legitimate interests or those of third parties (Art. 6 Para. 1 lit.f GDPR), for:


  • improving our recruiting processes and activities;
  • effective administration and operation of our company;
  • Assertion of legal claims and defense in legal disputes;
  • Guarantee of IT security and IT operations, data backup and data protection control;
  • Video surveillance to maintain house rules, to prevent criminal offenses or to collect evidence if a criminal offense is suspected;
  • Measures for building security (e.g. data collection in the visitor book for access control).


If you give us your consent or indicate this in your application (e.g. by naming another company of the erfal group of companies), we will also forward your documents to the HR managers of other erfal companies.


2.8 Recipients


Beyond the recipients named in the individual processing, we only pass on your data if legal provisions permit or provide for this, you have consented and / or contract processors commissioned by us guarantee compliance with the requirements of the GDPR. Under these conditions, recipients of personal data can be, for example:


  • Public bodies and institutions (e.g. public prosecutor's office, police) for handling official inquiries, provided this is in the interest of the customer or there is a legal obligation to cooperate;
  • Processors to whom we transfer personal data in order to carry out the business relationship with you: for example to support / maintain IT applications, archiving, document processing, call center services, compliance and audit, controlling, data destruction, purchasing / procurement, marketing, Software development, risk controlling, telephony, hosting, website management.


3 Your Data Privacy Rights


3. 1 Overview


In addition to the right to revoke your consent given to us, you are entitled to the following further rights if the respective legal requirements are accomplished:

  • Right to information about your personal data stored by us in accordance with Art.15 GDPR; in particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected directly from you,
  • Right to have incorrect data corrected or correct data completed in accordance with Art. 16 GDPR,
  • Right to delete your data stored by us in accordance with Art.17 GDPR insofar as no legal or contractual retention periods or other legal obligations or rights to further storage are to be observed,
  • Right to restrict the processing of your data pursuant to Art.18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure; the controller no longer requires the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR,
  • Right to data portability pursuant to Art. 20 GDPR, i.e. the right to have data provided by you and stored by us about you transferred in a common, machine-readable format, or to request the transfer to another controller.
  • The right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.


3. 2 Right to Object


Under the conditions of Art. 21 Paragraph 1 GDPR, data processing can be objected to for reasons arising from the particular situation of the person concerned.

The above general right of objection applies to all processing purposes described in this data protection information, which are processed on the basis of Art. 6 Paragraph 1 lit. In contrast to the special right to object to data processing for advertising purposes, according to the GDPR we are only obliged to implement such a general objection if you give us reasons of overriding importance. In addition, there is the possibility of contacting the supervisory authority responsible for erfal.


4 Links to other Websites


The websites on this internet presence may contain links to other providers outside of erfal, to which the data protection declaration does not apply. When you leave our website, it is recommended that you carefully read the privacy policy of every website that collects personal data.