Data Protection Declaration

a) When visiting our website
When you visit our website - https://www.escha.net, the browser used on your device automatically sends information to our website server. This information is stored temporarily in what is known as a log file. This log file is sent in an encrypted format.

The following information is collected without your involvement and is saved until its automatic deletion:
- IP address of the computer making the request
- Date and time of access
- Name and URL of the file accessed
- Website from which access occurs (referrer URL)
- Browser used and if necessary also the operating system of your computer as well as the name of your access provider.
- Access status
- Transferred data volume.

We process the aforementioned data for the following purposes:
- To ensure the connection process to the website runs smoothly
- To ensure our website is easy to use
- Evaluate system security and stability as well as
- for additional administrative purposes
The legal basis for processing data is Art. 6 Para. 1 P. 1 f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances will we use the collected data to identify you personally.

The data is anonymized after no more than 30 days by shortening the IP address at domain level to prevent its use to identify an individual user. The anonymized data is also processed for statistical purposes where required. At no point is the data stored together with other personal data of the user, nor is it compared to other data or passed to third parties.

In addition, we use cookies and analysis services for visits to our website. You can find more detailed explanations on this under 5 and 7 of this data protection declaration.

b) When signing up to the ESCHA Newsletter
Providing you have given your consent in accordance with Art. 6 Para. 1 P. 1 a GDPR, we will use your email address to regularly send you our newsletter.

The following information is required to sign up.
- Title
- First Name
- Last Name
- E-Mail
- Company

Signing up to our newsletter is carried out through a double-opt-in process. This means that after you have signed up you will receive an email in which you are asked to confirm your intent. This confirmation is required so that somebody cannot sign up using somebody else's email address.
A log is kept of sign-ups to the newsletter to prove that the sign-up process conforms with legal requirements. This includes storing the time when the sign-up and confirmation took place as well as the IP address.

Unsubscribing is possible at any time by using, for example, a link at the end of every newsletter. Alternatively, you can also tell us you wish to unsubscribe by sending us an email at any time to news@escha.net.

Our email newsletter is distributed by CleverReach GmbH & Co. KG, a technical service provider whose address is Mühlenstraße 43, 26180 und Rastede ("CleverReach"), and to whom we pass the data provided by a user when they sign up to the newsletter. The data is sent in accordance with Art. 6, Para. 1(f) GDPR and the transmission is in our legitimate interests to use a secure and user-friendly newsletter system which is effective in terms of its marketing impact. The data you enter to receive the newsletter (e.g. email address) is saved on CleverReach servers in Germany.

CleverReach uses this information to send the newsletter and analyse it statistically on our behalf. The emails sent contain what are called web beacons or tracking pixels which are single-pixel picture files stored on our website. They allow you to determine whether a newsletter has been opened and which links have been clicked. With the help of what is known as conversion tracking, analysis can also ascertain whether a predefined action, such as buying a product on our website, has taken place after a link in the newsletter has been clicked. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is only collected in pseudo-anonymized form. It is not linked to your personal data and it does not personally identify you. This data is only used to statistically analyse newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of recipients.

You can object to your data being analysed for statistical purposes by unsubscribing from the newsletter.

We have concluded an order data processing contract with CleverReach which obliges CleverReach to protect the data of our customers and not to pass it to third parties.
You can view the data protection declaration of CleverReach here: https://www.cleverreach.com/de/datenschutz/.

c) When using our leaflet
When you have enquiries about any kind of product, we allow you to get in touch with us using a form made available on the website.

The following information is required here
- First Name
- Last Name
- Company
- E-Mail

d) Registering for myESCHA as a customer
Our technical sales team would be happy to give you access to myESCHA. Then you can find out about stock levels, your sales and your goods on order.

Type of processed data
- Stock Data
- Content Data
- Contact Data

e) Sending an application
If you make an application to us using a web form, we collect the following personal data:
- Title
- First Name
- Surname
- Street
- House number
- Postcode
- Town/City
- E-mail

We also collect additional information you have provided on your background (e.g. CV, qualifications, degrees and professional experience) and about you (e.g. covering letter, personal interests). This could also include special categories of personal data, such as information on a severe disability. Your personal data is normally collected directly during the application process and encrypted during the electronic transmission. The data comes from the application form filled in online and the files uploaded.

The data is processed to initiate an employment relationship. The predominant legal basis for this is Art. 6, Para. 1(b) GDPR in connection with Section 26, Para. 1 Federal Data Protection Act. In addition, consent can be obtained in accordance with Art. 6, Para. 1(a), 7 GDPR in connection with Section 26, Para. 2 Federal Data Protection Act. Providing that the processing of your data is based on consent, then you have the right at any time to revoke your consent from that point forward. Within our company only those people and functions (e.g. HR) have access to your personal data who absolutely require it to carry out the application process or to fulfil our legal obligations. For this purpose, your applications are forwarded to those responsible to examine. Under no circumstances is your personal data passed to third parties without your authorisation.

During an ongoing application process, your data from an application for a specific position is stored and processed. At the end of the application process (e.g. which takes the form of an offer or rejection), the application procedure including all personal data is deleted from the system after 6 months from the end of the application process. In the case of an offer, we reserve the right to store your application for a longer period if the first day of employment is more than six months in the future.

There is no disclosure of your personal data to third parties for any reason other that those in the following section.

We will only pass your personal data to third parties if:
- We explicitly indicated on that in the description of the particular data processing.
- You have given us your express consent to do so in accordance with Art. 6 Para. 1 P. 1 a GDPR.
- Disclosure is required in accordance with Art. 6 Para. 1 P. 1 f GDPR to make, or defend legal claims and there is no reason to assume that you have a legitimate and overriding interest in the non-disclosure of your data.
- A legal obligation requires disclosure in accordance with Art. 6 Para. 1 P. 1 c GDPR.
- This is legally permissible and is required to administer contractual relationships in accordance with Art. 6 Para. 1 P. 1 b GDPR.

In addition, we use external service providers to run our services, who we have carefully selected and commissioned in writing. They must follow our instructions and are checked by us regularly. With whom we have, where required, concluded order processing contracts in accordance with Art. 28 GDPR. These are service providers for web hosting, the dispatch of emails as well as maintenance of our IT systems etc. These service providers will not pass this data to third parties.

We use cookies. Cookies are small files which your browser automatically creates and are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device, do not contain viruses, trojans or other malicious software.

Information is stored in the cookies which arises in connection with the specific device in use. But this does not mean that this gives us direct access to information about your identity.

Using cookies allows, on the one hand, making our website more pleasant for you. We use what are known as session cookies to see that you have already visited a number of pages on our site. These are automatically deleted once you leave our site.

In addition to this we also use temporary cookies to optimise user friendliness which are stored on your device for a certain period of time. If you visit our site again to use a service, then the system recognises that you have already visited as well as the entries and settings you made so that you do not have to input them again.

The data processed using cookies is required to protect our legitimate interests as well as those of third parties in accordance with Art. 6 Para. 1 P. 1 f GDPR.

Our website uses the online map service Google Maps via an interface. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functions of Google Maps, storing your IP address is required. This information is transmitted to a Google server in the USA and saved there. The provider of this page has no influence on this transmission of data. The use of the map service Google Maps is in the interests of an appealing online offering and to make it easy to find the addresses listed on our website. This is a legitimate interest in accordance with Art. 6, Para. 1(f) GDPR. Google is certified under the Privacy-Shield agreement and therefore provides a guarantee to observe European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

You can find additional information on the handling of user data in the data protection declaration of Google. https://www.google.com/intl/en_en/help/terms_maps.html.
Opt-Out: https://www.google.com/settings/ads/

Our website uses YouTube plugins operated by Google. The operator of the pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you visit one of our pages which has the YouTube plugin, a connection is established with the YouTube servers. The YouTube server is told which of our pages you have visited.

If you have logged into your YouTube account, you allow YouTube to relate your surfing behaviour to your personal profile. You can prevent this by logging out of your YouTube account. You can find additional information on the handling of user data in the data protection declaration of YouTube at https://www.google.de/intl/de/policies/privacy.

The tracking measures described in the following section are carried out in accordance with Art. 6 Para. 1 P. 1 f GDPR. By using the coming tracking measures we want to ensure our website is designed according to your needs and that it is continually improved. On the other hand, we use the tracking measures to record the use of our website statistically and to evaluate it to optimise our offer for you. These interests are legitimate within the scope of the aforementioned regulations.

The respective data protection purposes and data categories can be taken from the corresponding tracking tools.

i) Google Analytics
We use Google Analytics for customised design and the continual optimisation of our site. Google Analytics is a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). In this context pseudonymised user profiles are created and cookies (see under 4) are used. The information created by the cookie on the use of this website, such as
- Browser type / version,
- Operating system used,
- Referrer URL (the previously visited site),
- Host name of the accessing computer (IP address),
- Time of the server request,
is transmitted to a Google server in the USA and saved there. The information is used to look at how the website is used, to produce reports on website activity and to provide other services connected with the use of the website and the Internet for the purposes of market research and customised design of these Internet sites. This information may also be passed to third parties if this is stipulated by law or third parties process this data on their behalf. Under no circumstances would your IP be brought together with other data from Google. The IP addresses are anonymised so that allocation is not possible (IP masking). This means that in member states of the European Union and in other states party to the Agreement on the European Economic Area the IP address of the user is abbreviated by Google which prevents data from being related to a person. Google Inc. whose headquarters are in the USA is certified under the US-European data protection convention Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.

You can prevent cookies being installed by changing your browser settings, however if you do so, then some functions of this website might not work in full.

You can also prevent the collection of the data relating to use of the website, which is created by the cookie, (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, in particular for browsers on mobile devices, you can prevent collection by Google Analytics by clicking on this link. OPT-OUT An opt-out cookie is created to prevent the future collection of your data when visiting this website.

If you delete the cookies in this browser, then you have to create the opt-out cookie again.
You can find further information on data protection with Google Analytics e.g. at Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

The opt-out cookie only applies in this browser and only for this website and is stored on your device

ii) etracker
This website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. etracker does not use cookies by default. If you explicitly agree to the setting of analysis cookies, cookies are used to enable the statistical analysis of the use of this website by its visitors and to display usage-related content or advertising. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that would allow a user to be identified.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR).Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as the IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time.

Further information on data protection with etracker can be found here.

The protection of your personal data is very important to us. The following section contains information on the handling of your data which is collected through your use of social media in social networks and platforms. Your data is processed in accordance with statutory rules.

A) Provider

i) Facebook Fanpage

1) Data controller
If the data you send to us is also or only processed by Facebook, then as well as us - or in our place - Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland is the data controller for the processing of data under the GDPR. In this regard we have concluded an agreement in accordance with Art. 26 GDPR on joint responsibility for the processing of data (controller addendum). This agreement stipulates which data processing steps we or Facebook are responsible for when you visit our Facebook fan page. You can view this agreement under the following link: https://www.facebook.com/legal/terms/page_controller_addendum As a visitor to the site if you want to exercise your rights (information, correction, deletion, restriction, data transfer, complaint to the supervisory authority, objection or revocation), then you can contact Facebook orus. You can adjust your advertising settings yourself in your user account. To do this click on the following link and log in: https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com

You can obtain further details from Facebook's data privacy declaration: https://www.facebook.com/about/privacy/

2) Data protection officer of Facebook
To contact the data protection officer of Facebook, you can use the online contact form provided by Facebook under the following link: https://www.facebook.com/help/contact/540977946302970

3) Data procession for statistical purposes by means of Page Insights
Facebook makes Page Insights available for our Facebook fanpage. https://www.facebook.com/business/a/page/page-insights. This contains summarised data which illustrates how people interact with our pages. Page Insights can be based on personal data which is collected in connection with a visit or an interaction of people at or using our site and in connection with the content provided. Please note which personal data you share with us via Facebook. Your data could be processed for market research and advertising purposes even if you are not logged into Facebook and don't have a Facebook account. User profiles are created in this way, e.g. from user behaviour and the interests of the users deduced from this. The user profiles can in turn by used, for example, to activate advertisements in and outside the platforms which are supposed to correspond to the interests of the users. This recording of data takes place through the use of cookies which are stored on your device. In addition, data which is independent of the devices used by the users can be saved in the user profiles, in particular if the users are members of the respective platforms and logged into them. The legal basis for processing the data is Art. 6, Para. 1(f) GDPR. Our legitimate interest is in the optimised representation of what we offer, effective information and communication with customers and interested parties as well as targeted advertising. Please note that we do not have any influence on the collection of data and further processing by Facebook. Consequently, we cannot provide any information on the scope, location and duration of storage of the data by Facebook. In addition, we cannot state the extent to which Facebook complies with existing deletion obligations, what evaluations and connections are created by Facebook and to whom the Facebook data is passed. If you want to avoid the processing of your personal data by Facebook, then please contact us in another way.

ii) Other social media providers

1) Data controller
If your personal data is processed by one of the providers listed in the following section, then this provider is the data controller in respect of data processing within the meaning of the GDPR. To assert your rights as the person affected, then we would like to point out that this is most effective if done with the respective providers. Only they have access to the data recorded about you. If, however you require help, then please contact us at any time.
We have sites on social media platforms of the following providers.
- Instagram Inc., Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland
- YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
- XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany

2) Data protection officer
You can find instructions on contacting the data controllers of the other social media providers here:
- Instagram Inc.: https://www.facebook.com/help/contact/540977946302970
- LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
- XING SE: Datenschutzbeauftragter@xing.com

In respect of contacting the data controller of Google+ and YouTube please contact Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

B) General data on social media platform by ESCHA GmbH & Co. KG

i) Data controller
The following entity is the data controller within the meaning of the GDPR provided we process the data sent by you via the social media platforms ourselves.
ESCHA GmbH & Co. KG
Elberfelder Straße 32
58553 Halver
+49 2353 708-800
info@escha.net
www.escha.net

ii) Our data controller
If you have a question regarding data processing carried out by us as data controllers, then you can contact our data protection officer using the following contact information:

JURANDO GmbH / jurando.de
Dr. Dennis Werner
Rathausplatz 21
58507 Lüdenscheid, Germany
datenschutz@escha.net

iii) General data processing on social media platforms

1) Data processing for market research and marketing
Generally personal data is processed on the company page for market research and advertising. For this purpose, a cookie is stored in your browser which allows the respective provider to recognise you when you revisit a website. User profiles can be created using the data collected. These are used to activate advertisements in and outside the platform which are intended to match your interests. In addition, data which is independent of the devices that you use can be stored in the user profiles. This is regularly the case if you are a member of the respective platforms and are logged in to them.

2) Data processing when making contact
We record personal data ourselves when you establish contact with us, for example, using a messenger service such as Facebook Messenger. Which data is recorded depends on your information as well as the contact data provided or released by you. This is stored to respond to the enquiry and in the event of follow-up questions. Under no circumstances will we pass it to third parties without your consent. The legal basis for the processing of data is our legitimate interest in answering your enquiry in accordance with Art. 6, Para. 1(f) GDPR as well as possibly Art. 6, Para. 1(b) GDPR if your enquiry seeks to conclude a contract. Your data is deleted after the subsequent processing of your enquiry provided legal retention obligations do not prevent this. Subsequent processing is finished when circumstances suggest that the relevant matter has been sufficiently clarified.

3) Data processing for contract execution
If the intention of you making contact via a social network or another platform is to conclude a contract with us for the delivery of goods or the provision of services, then we will process your data to fulfil the contract, implement pre-contractual measures or to provide the desired services. The legal basis for the processing of your data in this instance is Art. 6, Para. 1(b) GDPR. Your data is deleted if it is no longer required to implement the contract or it is clear that the pre-contractual measures will not lead to the conclusion of a contract which the establishment of contact intended. Please note that even after the conclusion of the contract it might be required to store personal data of our contractual partners in order to meet contractual or statutory obligations.

4) Data processing based on consent
If you are asked by the respective platform providers to provide your consent to process data for a particular purpose, then the legal basis for processing is Art. 6, Para. 1(a), Art. 7 GDPR. Consent can be revoked at any time with future effect.

iv) Dissemination of data and recipients
Please note that by using social media platforms data may be processed outside the EU and European Economic Area, meaning that European data protection levels cannot always be guaranteed. The cited social media providers whose headquarters are in the USA are certified under the US-European data protection convention Privacy Shield which ensures compliance with the level of data protection applicable in the EU. We do not have any influence on the processing and handling of your personal data by the respective providers. Nor do we have any information on this. If you would like further information, please check the data protection declaration of the respective provider:
- Instagram data protection declaration/opt-out: http://instagram.com/about/legal/privacy/
- YouTube/Google data protection declaration: https://policies.google.com/privacy?hl=de&gl=de
Opt-out: https://adssettings.google.com/authenticated
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
- LinkedIn data protection declaration: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
- XING data protection declaration/opt-out: https://privacy.xing.com/de/datenschutzerklaerung

You have the right:
- in accordance with Art. 15 GDPR to request your personal data we have processed. In particular, you can request information on the processing purpose, the category of personal data, the categories of recipient to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to rectification, to erasure, to restrict processing, the right to object, the origin of your data if it was not collected with us, as well as the existence of automatic decision making including profiling and if necessary meaningful information on the individual details;
- in accordance with Art. 16 GDPR you can request the immediate correction of your inaccurate or incomplete personal information stored with us;
- in accordance with Art. 17 GDPR you can request the erasure of your personal information stored with us providing it is not required to assert a right of freedom of expression and information, to fulfil a legal obligation, for the public interest or to make or defend legal claims;
- in accordance with Art. 18 GDPR the restriction of the processing of your personal data if the accuracy of your data is contested, processing is unlawful, the deletion of which, however, you reject and we no longer require the data where you require it to make or defend legal claims or you have made an objection to its processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR to receive your personal data that you have made available to us in a structured, common, machine-readable format or to request it is sent to another controller;
- in accordance with Art. 7 Para. 3 GDPR to revoke your one-ff consent in respect of us. The consequence of this is that we are no longer permitted to process the data subject to this consent and
- in accordance with Art. 77 GDPR to lodge a complaint with a supervisory authority. Generally you can contact a supervisory authority at your regular place of residence or work or at our company headquarters.

The duration of personal data storage is measured according to the relevant legislative storage period (e.g. following the commercial- and tax laws). The relevant data are routinely deleted upon expiry of the respective deadline. As far as the data for contractual performance or contract initiation are required or in case there is a justified interest in further storage on our side, these data will be deleted if they are not anymore required for these purposes or you make use of your right of withdrawal or objection.

If your personal data is processed for legitimate interests in accordance with Art. 6 Para. 1 P. 1 f GDPR, then you have the right in accordance with Art. 21 GDPR to object to the processing of your personal data providing there are reasons for this arising from the specific situation, or if the objection is against direct advertising. In the latter case you have a general right of objection which is implemented by us without having to provide information on a specific situation.

If you would like to assert your right of revocation or objection, then just send an email to datenschutz@escha.net.

Within the website visit we use the popular SSL procedure (Secure Socket Layer) in combination with the highest level of encryption supported by your browser. This is generally 256 bit encryption. If your browser does not support 256 bit encryption, then we use 128 bit v3 technology. If a page of our Internet site is transmitted to you in an encrypted format, then you can recognise this by the closed key or lock symbol in the bottom status bar of your browser.

We take suitable technical and organisational steps in accordance with Art. 32 GDPR taking into consideration the state of the art, implementation costs and the type, scope, situation and purposes of processing as well as the different probabilities of occurrence and severity of the risks to the rights and freedoms of natural persons in order to ensure a level of protection commensurate with the risk. These measures include in particular ensuring the confidentiality, integrity and availability of data by checking physical access to the data as well as the access, input, disclosure and the assurance of availability and separation which concerns you.

The security measures include in particular the encrypted transmittance (No. 9) of data between your browser and our server.

Social networks (Facebook, Instagram and Xing) are only incorporated into our website as a link to the corresponding services. After clicking the embedded text/picture links you are directed to the respective provider. Only once you have been forwarded is user information sent to the respective provider. You can obtain information on the handling of your personal data when using these websites in the respective data protection provisions of the providers you use.

This data protection declaration of May 2020 is the current valid version

It might be necessary to make alterations to this data protection declaration through the further development of our website and offers or due to altered legal or official regulations.

The current data protection regulation can be accessed, downloaded and/or printed from the website at https://www.escha.net/data_protection_declaration at any time.