Privacy PolicyEschenbach Optik GmbH

Controller

As the operator of this website, Eschenbach Optik GmbH, Fürther Straße 252, 90429 Nürnberg, Germany is the controller in the sense of the EU General Data Protection Regulation (GDPR) who individually or jointly makes decisions on the purposes and means of the processing of personal data, hereafter referred to as “data”.

Processing of Personal Data

According to the General Data Protection Regulation, personal data is any information concerning an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Use of our website does not require you to provide data. However, in certain cases, we will need your name, address and additional information to perform your requested services.

The same applies to, e.g., the sending of information material and ordered goods and to responses to individual inquiries. We will notify you when required. Furthermore, we only process data you provide to us voluntarily and data that is collected automatically when our website is visited (e.g., your IP address and the names of the pages you opened, your browser and operating system, time and date of access, search engines used or names of downloaded files).

If you request our services, usually only the data required for us to perform the service will be collected. Any additional data we may request may be provided voluntarily.

If you enter your personal information in the context of the use of apps yourself, you give us your consent in the context of your action, that we may collect, process and use your personal data in the app you use for our own business purposes. If your personal information is entered into the app by third parties as part of conversations with you, we will inform you about the collection, processing and use of your personal data, e.g. in the context of a customer discussion.

Data will only be processed to perform requested services and to safeguard our legitimate business interests (Art. 6 subsection 1 sentence 1 under b and f GDPR).

We transmit your personal data according to any legal or contractual obligations we might have. Due to licence agreements with third parties we may be contractually obliged to transmit data of the optician’s such as customer IDs, address data, item numbers, product descriptions, sales figures, discounts and customer complaints to the license partner. Examples for license partners are Marc O’Polo, MINI, etc.

Protection of Your Personal Data

Thank you for your interest in our company and our products and services. We want you to feel safe about your data when visiting our website. We take the protection of your data very seriously and strictly adhere to the General Data Protection Regulation and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) in its respectively valid form.

We implemented technical and organizational measures to ensure compliance with data protection regulations by both us and our commissioned external service providers. We require our employees and commissioned service providers to maintain confidentiality and adhere to the General Data Protection Regulation and the German Federal Data Protection Act in its respectively valid form.

As part of our obligation to provide information, we want this Privacy Policy to be as transparent as possible and will explain the purposes for processing your data and use of tracking/analysis tools, cookies and social media plugins hereafter.

Purposes for Processing Personal Data

We will process the data you provide in accordance with the principles of data economy and purpose limitation. The principle of purpose limitation states that data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is not considered to be incompatible with the initial purposes.

We only process your data to answer inquiries, handle your orders and provide access to certain information or offers to you. Maintaining customer relationships may also require us or a commissioned service provider to use this data to inform you about product offers or to conduct online surveys to fulfill the tasks and requirements set by our customers.

We will only process the data you provide online for the stated purposes. Your data will not be transferred to third parties without your express consent.

Data will only be collected or transmitted to authorized state institutions and officials in accordance with applicable laws or if we are required to do so due to a court order.

We respect that you may not wish to provide your data to support our customer relationship (especially not for direct marketing or market research purposes). We will not sell your data to third parties or otherwise market your data without your consent.

Data Collected Automatically When Visiting Our Website

When using our website, the following data may be processed for technical and organizational reasons:

  • the IP address of your requesting Internet-enabled device;
  • the date and time of your access to the website;
  • the website / application from which the access was made (referrer URL);
  • the browser type and version you are using;
  • the operating system of your internet-capable computer;
  • the name of your Internet service provider;
  • the subsites that are accessed via your accessing system on our website;
  • the files downloaded from our website (e.g. PDF or Word documents).

Cookies

When visiting our web pages, different information can be stored on your computer in the form of a cookie. Cookies are small text files which are sent by a web server to your browser and saved on the hard drive of your computer. Some cookies are deleted after the end of the browser session; i.e. after you close your browser (known as session cookies). Other cookies remain on your end device and enable the recognition of your browser the next time you visit (known as persistent cookies). Persistent cookies are deleted automatically after a predefined time, which can vary depending on the cookie.

When you open our web page, cookies that are technically required (session cookies) are saved on the hard drive of your computer. Cookies that are necessary to ensure technically correct and optimized provision of our services (technically necessary cookies) are saved based on our justified interest, as per point (f) of Article 6(1) of the GDPR. In doing so, the name of the pages you have visited, the browser and operating system you use, the date and time of access, the search engines used, as well as the names of downloaded files and the IP address can potentially be processed. This is necessary for the operation, presentation and security-relevant functionality of the web page. If you do not wish us to recognize your computer again, you can prevent the saving of cookies on your hard drive by selecting the setting “Do not accept cookies” in your browser settings. To find out how this works in detail, please refer to your browser manual. Please note, however, that this can lead to impairment of the functionality on our web page.

Furthermore, cookies can be used for analysis, marketing, and statistical purposes and to register your preferences (technically non-essential cookies). Technically non-essential cookies are set only if you grant consent (on the legal basis of point (a) of Article 6(1) of the GDPR).

In the cookie statement from Cookiebot listed as follows you can view and adapt your cookie settings at any time, and revoke any consent you have granted thus far.

More information on the cookies used can be found below the Cookiebot statement.

Cookiebot

Our web pages use the cookie consent technology of Cookiebot to obtain your consent to save certain cookies in your browser and to document these in a way that conforms to privacy protection. Cookiebot is a product of Cybot A/S, Havnegade 39, 1058 Copenhagen. When you start our web pages, a Cookiebot cookie is saved in your browser in which the consents you grant or the revocation of these consents are saved. This data is not passed on to the providers of Cookiebot.

If you delete the cookies in your browser, your consent to cookies will again be requested when you visit the web page or load it again.

Cookiebot consent technology is used to obtain the legally required consents for the use of cookies. The legal basis for this is point (c) of Article 6(1) of the GDPR.

The registered data is saved until you request us to delete it or you delete the Cookiebot cookie yourself, or until the purpose of saving the data becomes inapplicable. Mandatory legal retention periods remain unaffected.

More information on data processing by Cookiebot can be found at https://www.cookiebot.com/en/privacy-policy/.

Use of Google Analytics

Our website uses Google Analytics, a web analysis service of Google LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. Google Analytics uses so-called cookies, text files saved onto your computer that allow your use of the website to be analyzed.

The information on your website use generated by the cookie is generally transmitted to a Google server in the USA where it is saved. If IP-anonymization is activated on our website, your IP address will be shortened by Google within a Member state of the European Union or in another state party to the European Economic Area Agreement (so-called IP masking).

Only in exceptions will your full IP address be transferred to a Google server in the US and shortened there. On behalf of the operators of this website, Google will use this information to assess your use of this website, to compile reports about website activity and to perform additional services related to use of the website and the Internet for the website operators.

The IP address transmitted by your browser through Google Analytics will not be merged with other Google data. You can prevent cookie storage through your browser settings at any time. However, please note that you may not be able to use every function of this website. Furthermore, you can prevent the collection of cookie-generated data (including your IP address) on your use of the website and the processing of this data by Google by downloading and installing the browser plug-in provided under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

As an alternative to the browser plugin and on browsers on mobile devices, you may also prevent data collection by Google Analytics by activating the following link which will install an opt-out cookie that will block any future collection of your data when visiting our website. Please note that this link must be activated again if you delete your cookies.

For Google’s Privacy Policy, please see https://policies.google.com/privacy?hl=en. For the Google Terms of Service, please see https://policies.google.com/terms?hl=en.

Use of Google Tag Manager

Our website uses Google Tag Manager of Google LLC (“Google”). Google Tag Manager is a solution that provides a surface for marketers to manage website tags. Google Tag Manager is a cookie-free domain that does not collect personal data. Although Google Tag Manager activates other tags which may collect data, Google Tag Manager does not access this data. In case of deactivation on the domain or cookie level, the deactivation will remain in place for all tracking tags implemented through Google Tag Manager.

You can find detailed information about the Google Tag Manager at the following link: www.google.com/tagmanager/use-policy.html

Utilisation of Facebook Pixel, Custom Audiences and Facebook Conversion

We employ the so-called Facebook Pixel of the Facebook social network operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: “Facebook”).

Facebook Pixel enables Facebook to identify you, as a viewer of our online content, as a target for the display of advertisements (so-called Facebook ads). Correspondingly, we use the Facebook Pixel to ensure that our Facebook ads are shown solely to those Facebook users who have also indicated an interest in our online offerings, or who exhibit certain characteristics (e.g., an interest in certain topics or products that has been identified on the basis of the web pages they have visited), which we in turn transfer to Facebook (so-called custom audiences). With the help of the Facebook Pixel, we also wish to ensure that our Facebook ads correspond to the potential interests of users and do not have an irritating effect. The Facebook Pixel also helps us to assess the efficacy of Facebook ads for statistical and market research purposes, by enabling us to see whether users were transferred to our website by clicking on a Facebook ad (so-called conversion).

The data collected in this manner have been anonymised before we, the operator of the website, use them. We are thus unable to draw any conclusions as to the identity of the users in question. These data are however stored and processed by Facebook in such a way that a connection to a given user profile is possible and Facebook can further employ the data for its own advertising purposes, in accordance with Facebook data processing guidelines. As a result, Facebook can enable the placement of advertisements on its pages and elsewhere. We, as webpage operators, are unable to influence this use of data.

General information on the processing of the data by Facebook and the display of Facebook ads can be found in Facebook’s guidelines for the use of data, via https://www.facebook.com/policy.php. Special information and details on the Facebook Pixel and how it functions can be found via: https://www.facebook.com/business/help/651294705016616.

If you have a Facebook account, you can object to the collection of your data by means of the Facebook Pixel and the use of your data in connection with the display of Facebook ads. To determine which types of advertisements are presented to you within Facebook, you can retrieve the relevant Facebook page for this purpose, and follow the instructions for adjusting the settings for user-based advertising: https://www.facebook.com/settings?tab=ads. To do so, one must be registered with Facebook. The settings are platform-independent, i.e., they are accepted for all devices, be they mobile or desk-top based.

If you do not have a Facebook account, you can deactivate user-based advertising from Facebook via the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Online Surveys, LamaPoll

We use the survey tool LamaPoll from Lamano GmbH & Co. KG. The service provider used by us stores all answers of the participants, personal master data, customer data, IP addresses and protocol data as well as statistics about e.g. answer duration or devices.

In the case of anonymous surveys, we only have access to the results of the participants. Our service provider uses the collected data to put the survey results into an exportable form or to allow us access to his results in edited form. The survey results are only processed automatically by the service provider and made available to us. The survey results are not passed on to third parties or otherwise used or processed by the service provider.

In general all surveys of our survey tool LamaPoll are anonymous. IP addresses are encrypted (with a one-way function). To protect participants it is not possible to change the anonymity settings of a started survey. If a survey is started anonymously, it is ensured that all survey results remain completely anonymous. We only conduct anonymous surveys. In addition, a survey can ask for data which can then be used to identify the participant.

Non-anonymous surveys require consent. We obtain this in the case of a non-anonymous survey.

If a participant has been invited by us via LamaPoll, all data that we have uploaded into the LamaPoll system will be saved (usually email address, attributes, gender, depending on the data status of the survey creator/user). This data is only temporarily stored in the LamaPoll system. We have the possibility to remove any self-uploaded data and survey results at any time.

We have concluded the necessary agreement with our service provider LamaPoll for order processing in accordance with Art. 28 DS-GVO in order to implement an adequate level of data protection.

You can find further information on data protection at our service provider LamaPoll at:

https://www.lamapoll.com/SupportCenter/Datenschutz.

Secure exchange of information with FTAPI

For secure communication and file exchange, we use the FTAPI exchange platform, operated by our data processor FTAPI Software GmbH, Steinerstraße 15f, 81369 Munich.

When using this service, your email address, IP address, the information about the end-user device required to provide the service and all the data you transmit are processed. The legal basis for the processing is Article 6 para 1 lit b GDPR.

For further information, please refer to the FTAPI privacy policy: https://ftapi.com/en/privacy-policy.

Participation in contests

We take this opportunity to inform you that we process the personal data supplied by you when participating in contests (e.g., first name, last name and email address) exclusively for the execution of the contest and in particular for purposes of evaluating the contest and determining the winner, i.e., insofar as you, as a participant, have not granted further consent for the further processing of the details you have supplied, including your personal data, in connection with your participation in the contest.

Beyond the evaluation of the contest, your data are not processed or passed on to third parties, unless you have granted prior permission for this.

You can at any time withdraw your consent for the processing of your data, via the post to Eschenbach Optik GmbH, Fürther Straße 252, 90429 Nürnberg, Germany or via email to datenschutz(at)eschenbach-optik.com. In the event of deletion of the data, participation in the prize draw shall be excluded.

Detailed information can be found in the individual terms and conditions of participation for the individual contests. The legal basis for such data processing can be found in Art. 6 subsection 1 sentence 1 under a, b and f GDPR.

Projects and actions in cooperation with customers

In order to implement various projects, e.g. in the field of marketing, sales, etc., we process various personal data from you. This may include, in particular, identification data (e.g. surname, first name, company address of the customer), contact data (e.g. address, (private) telephone numbers and e-mail address) of the customer and their contacts, appointments and documents exchanged with the customer, structural conditions of the customer’s business, including routes for power lines and network cabling, parking situation, opening hours of the customer’s business, information regarding our use of their systems, devices, e.g. access to the internet router, etc., and the customer’s business. This information may include, for example, access to the Internet router of the customer’s business, customer numbers and contract master data, user reports of unusual occurrences in connection with hardware and software, in particular damage, loss, theft and malfunctions of hardware and software, location data of hardware and software and advertising media and photographs from the customer’s business for the installation of hardware and software and advertising media.

Product registration & software updates

Certain products can be registered with us and/or insured against breakage and theft. In addition, you can register on our websites for a software update. For registration, such data as your identification and contact data and product data are required. Should you supply these in our contact form, we shall store these data and use them for purposes of implementing the agreement or providing the service you have requested (Art. 6 subsection 1 sentence 1 under b GDPR).

Children and Young People

Our website is aimed exclusively at potential applicants/customers, business partners and media representatives.

Persons under 16 years of age should not transmit data to us without the permission of a parent or guardian. We do not request data from children or youths who have not yet completed their sixteenth year of life. We do not collect such data or provide such data to third parties.

Security

We implemented technical and operational protective measures in accordance with the applicable legal regulations to protect your data from, loss, destruction, manipulation and unauthorized access. Our security measures are reviewed regularly and adjusted to technological advances. All our employees and all persons participating in data processing are required to adhere to the General Data Protection Regulation, the German Federal Data Processing Act in its respectively valid form and other laws relevant for data protection and must treat data confidentially.

Furthermore, we conclude according agreements with any external service providers we commission.

Our security measures are regularly reviewed and adjusted in accordance with technological advances.

Changes to Our Privacy Policy

We reserve the right to make changes to our security and data protection measures if required due to technical developments. In such cases, we will also adjust our Privacy Policy. Therefore, please note the respectively current version of our Privacy Policy.

Consent

Should the processing of your data require your consent, we will obtain it from you and use your data for the stated purposes for which we requested your consent. Your consent will be documented digitally.

You may revoke your consent at any time with future effect. To do so, please write us at Eschenbach Optik GmbH, Fürther Straße 252, 90429 Nürnberg, Germany or email us at datenschutz(at)eschenbach-optik.com.

Newsletter

If you subscribed to one of our newsletters and agreed to regularly receive interesting offers and information from the Eschenbach Optik GmbH, you expressly granted your consent for us to use your email address for direct marketing purposes. You will receive newsletters and information about the following topics: Advertising, current offers, seminar information, collection training

We documented your consent and are required to keep it retrievable at all times.

You may revoke your consent at any time with future effect. To do so, please write us at Eschenbach Optik GmbH, Fürther Straße 252, 90429 Nürnberg, Germany or email us at datenschutz(at)eschenbach-optik.com.

Application Process

By transmitting your applicant data, you consent to the processing of your data for the respective application process. You may revoke your consent at any time with future effect.

Data Subject Rights

If we process your data, you are entitled the following extensive rights as a data subject:

a) Right to Information

Under Art. 15 of the General Data Protection Regulation, you have the right to information about the data processed by us.

You may especially obtain information about the purposes of the processing, the categories of personal data concerned, the categories of possible recipients and the envisaged period for which the personal data will be stored.

Please submit information requests to Eschenbach Optik GmbH, Fürther Straße 252, 90429 Nürnberg, Germany or by email to datenschutz(at)eschenbach-optik.com.

b) Right to Rectification

Under Art. 16 of the General Data Protection Regulation, you have the right to obtain rectification or completion of your data from us.

You may exercise this right by contacting the above-stated addresses.

c) Right to Erasure

Under Art. 17 of the General Data Protection Regulation, you have the right to obtain erasure of personal data concerning you if storage of the data is no longer required and if there is no other legal ground for its processing. You may also obtain erasure if you object to the processing and there are no overriding legitimate grounds for the processing and if your data was processed unlawfully or if the personal data must be erased for compliance with a legal obligation under EU or national law.

You may exercise this right by contacting the above-stated addresses.

d) Right to Restriction of Processing

Under Art. 18 of the General Data Protection Regulation, you have the right to obtain the restriction of processing if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of your personal data; if the processing is unlawful, but you oppose the erasure of your personal data; the purposes for the processing cease to apply, but the data is required for the establishment, exercise or defense of legal claims or if you objected in accordance with Art. 21 of the General Data Protection Regulation and if whether the legitimate grounds of the controller outweigh your interests has not yet been determined.

You may exercise this right by contacting the above-stated addresses.

e) Right to Data Portability

Under Art. 20 of the General Data Protection Regulation, you have the right receive your personal data in a structured, commonly used and machine-readable format (data portability). In addition, under certain circumstances, you may also receive your data directly from a controller if technically possible.

You may exercise this right by contacting the above-stated addresses.

Right to Object

You have the right to object to use of your data for the above-stated purposes at any time (Art. 21 of the General Data Protection Regulation). This is possible for objections to direct marketing or on grounds relating to your particular personal situation. If you object to direct marketing, we will implement your general objection right without information about your particular personal situation.

To exercise your right to object, please write us at Eschenbach Optik GmbH, Fürther Straße 252, 90429 Nürnberg, Germany or email us at datenschutz(at)eschenbach-optik.com.

Questions, Suggestions, Complaints to the Internal / External Data Protection Officer

Should you have any questions about our Privacy Policy, data protection or the processing of your personal data, please contact our data protection officer directly:

Rechtsanwaltskanzlei Costard
Kanzlei für IT-Recht und Datenschutz
Rechtsanwalt Thomas P. Costard
EUROCOM Businesspark
Lina-Ammon-Straße 9
90471 Nürnberg
Germany
Phone: +49 911 7903034
Fax: +49 911 790 30-35
E-Mail: costard(at)it-rechtsberater.de
http://www.it-rechtsberater.de/en/

Information requests, suggestions and complaints may also be submitted to the data protection officer.

Right to Submit a Complaint to a Supervisory Authority

Please also note that, irrespective of other administrative or legal remedies, you have the right to submit complaints to supervisory authorities, especially in the Member state of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data infringes on the General Data Protection Regulation.

A list of (non-public sector) supervisory authorities and their addresses is provided (in German) at:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.