1. General information

With this privacy policy we inform you about the processing of your personal data in the context of the use of this website. We want you to feel safe when visiting this site and using the services. Eschenbach Optik GmbH ensures compliance with the applicable provisions, particularly the European General Data Protection Regulation (GDPR) as a matter of course.

The protection of your personal data is a top priority for us. In order to protect your data as comprehensively as possible, we use the SecuMails service from FTAPI Software GmbH, Steinerstraße 15f, 81369 Munich, which allows us to send and receive emails utilizing the highest security standards.

2. Responsible body

Eschenbach Optik GmbH

Fürther Straße 252

90429 Nuremberg

Germany

Phone: +49 911 3600-0

Fax: +49 911 3600-358

e-mail:

Internet: www.eschenbach-optik.com

is the responsible body within the meaning of the GDPR. It decides alone or jointly with others on the purposes and means of processing personal data (hereinafter referred to as “data”).

3. Definition of terms

To ensure that our privacy policy is easy for you to read and understand, we provide the most important definitions in the following paragraphs.

According to Art. 4 No. 1 GDPR, “personal data” means any information relating to an identified or identifiable natural person (data subject). A natural person is identifiable if they can be identified directly or indirectly, in particular by reference to an identifier (such as name, address, telephone number, email address, IP address, location data or specific characteristics such as the genetic, economic and social identity of that natural person).

According to Art. 4 No. 2 GDPR, “processing” means any operation or set of operations which is performed on data or on sets of data, whether or not by automated means. This includes, in particular, the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction.

According to Art. 4 No. 11 GDPR, “consent” of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

According to Art. 4 No. 8 GDPR, a “processor” isa natural or legal person, public authority, agency or other body which processes personal data on behalf of the responsible body.

Regarding the other data protection terms used, we refer to the definitions in Art. 4 GDPR.

4. Purpose limitation of the processing of personal data

We process the data provided by you in accordance with the principles of data minimisation and purpose limitation (Art. 5 para. 1 lit. b and c GDPR). The principle of purpose limitation states that data is collected for specified, clear and legitimate purposes and may not further processed in a manner incompatible with these purposes. Further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes is not considered incompatible with the original purposes. The purpose of data processing in this case is primarily the secure exchange of information.

For a more detailed list of the purposes of data processing, please refer to the privacy policy at https://www.eschenbach-optik.com/en/privacy-policy/.

5. Legal basis for the processing of personal data

Any processing of personal data is initially prohibited by law, Art. 5 para. 1 lit. a GDPR. Data processing is only permitted if it can be based on a legal basis or is covered by an authorisation.

If the processing of data is necessary for the performance of the employment relationship, the legal basis of Art. 6 para. 1 lit. b GDPR is cited. Processing of the data is necessary to fulfil the rights and obligations arising from the employment contract for both parties.

If consent has been obtained for data processing operations, consent constitutes the legal basis for data processing, Art. 6 para. 1 lit. a GDPR.

If data processing is required to fulfil a legal obligation, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest and if the interests, fundamental rights and freedoms of the data subject do not outweigh this, Art. 6 para. 1 lit. f GDPR forms the legal basis.

Please also refer to the privacy policy at https://www.eschenbach-optik.com/en/privacy-policy/.

6. Data erasure and storage duration

90 days after the last login, your user account will be automatically deleted and all saved data will also be deleted. Storage and delivery uploads are also deleted after 90 days.

We only store your data until the purpose has been fulfilled and there are no other statutory retention obligations (e.g. under commercial or tax law).

If you have given us your consent, we will store the data until you revoke it or for up to 90 days, provided there is no other legal basis for processing your data and no statutory retention obligations prevent deletion.

In individual cases, longer storage may be appropriate for the defence or enforcement of claims under civil or public law.

7. Disclosure of data to third parties

Your data will only be passed on to external service providers (processors) working on our behalf if this is necessary to fulfil a contractual relationship, for example to use this service. For more information, please refer to the FTAPI privacy policy: https://www.ftapi.com/en/privacy-policy.

Furthermore, data will only be passed on to third parties in exceptional cases to affiliated companies, insofar as this is necessary for the fulfilment of a contractual obligation, to state institutions and authorities, if we are legally obliged to do so or if you consent to this.

We conclude the corresponding data processing agreements with the processors based on Art. 28 GDPR. The service providers commissioned by us are obliged to maintain confidentiality and to comply with the applicable legal requirements. The data passed on may only be used by our service providers to fulfil their task. Any other use of the information is not permitted and does not take place with any of the processors commissioned by us.

The transfer and further processing of data to state institutions and authorities entitled to receive information only takes place within the framework of the relevant laws or if we are obliged to do so by a court decision.

Beyond this, we do not pass on any data to third parties unless you have expressly consented to this.

8. Hosting

This website is hosted and operated by FTAPI Software GmbH, Steinerstraße 15f, 81369 Munich, Germany. Reference is made to FTAPI’s privacy policy at this point: https://www.ftapi.com/en/privacy-policy.

9. Applicant data

If you send us your applicant data via the FTAPI exchange platform, you consent to the processing of your data for the purpose of the respective application process. No further processing of your data will take place without your consent. We also refer to the following privacy policy: https://www.eschenbach-optik.com/en/privacy-policy/.

10. Rights of data subjects

If we process your data, you have extensive rights as a data subject. You can assert these rights against us at any time. You will find the necessary contact details at the beginning of our privacy policy.

10.1. Revocation of consent

If you have given us your consent to process your data, you can revoke your consent at any time with effect for the future in accordance with Art. 7 para. 3 sentence 1 GDPR. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

10.2. Right to information

You can obtain information about your data processed by us at any time in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of the processing, the categories of data processed, categories of possible recipients and the planned storage period.

10.3. Right to rectification

You are entitled to request the correction or completion of your data stored by us if the data is incorrect within the scope of Art. 16 GDPR.

10.4. Right to cancellation

In accordance with Art. 17 GDPR, you can request the erasure of the data if the storage of the data is no longer necessary and there is no other legal basis for the processing.

You can also request the deletion if you have objected to the processing and there are no overriding legitimate reasons for the further processing of your data and if your data has been processed unlawfully or if there is a legal obligation to delete it under European or national law.

10.5. Right to restriction of processing

In addition, you have a right to restriction of processing under Art. 18 GDPR if you contest the accuracy of the data for a period enabling the responsible body to verify the accuracy of the data, if the processing is unlawful but you refuse to delete the data, if the purpose of the processing has ceased, but the data is necessary for the assertion of your legal claims or if you have objected pursuant to Art. 21 GDPR and it is not yet certain whether the legitimate grounds of the responsible body override your interests.

10.6. Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive the data concerning you in a commonly used, structured and machine-readable format (data portability). In addition, under certain conditions, you can request that your data be transmitted directly by a responsible body, insofar as this is technically possible.

10.7. Right of objection

You have the right to object to the use of your data for the above-mentioned purposes at any time (Art. 21 GDPR). This is possible if the objection is directed against direct advertising or if there are reasons for this arising from your situation. In the event of an objection to direct marketing, you have a general right to object, which we will implement without specifying a particular situation.

10.8. Right to lodge a complaint with the supervisory authority

We would also like to point out that, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of data relating to you infringes the GDPR.

A current list of supervisory authorities (for the non-public sector) with addresses can be found at

https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

The data protection supervisory authority responsible for us is

Bavarian State Office for Data Protection Supervision

Promenade 18

91522 Ansbach

Phone: +49 981 180093-0

e-mail:

Internet: www.lda-bayern.de

11. Questions, suggestions, complaints to the data protection officer

If you have any questions about our data protection information or the processing of your data, you can contact our data protection officer directly:

Costard law firm

Law firm for IT law and data protection

Attorney Thomas P. Costard

EUROCOM Business Park

Lina-Ammon-Straße 9

90471 Nuremberg

Phone: +49 911 7903034

Fax: +49 911 7903035

e-mail:

Internet: www.it-rechtsberater.de

He is also available to you as a contact person in the event of requests for information, suggestions or complaints.

12. Changes to our privacy policy

We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments. In such cases, we will also adapt our data protection information accordingly. Please therefore note the current version of our data protection declaration.