Information security guideline

Here you can find the current information security guideline as a PDF file:

ISO 27001 certificate

Here you can find the ISO 27001 certificate:

Privacy Notice in accordance with GDPR

Data protection declaration for the fulfillment of the duty to inform according to Art. 13 DS-GVO

The aim of the following explanations is to describe what data we process for what purpose and what rights you have in this respect.

Name and contact details of the person in charge:

evasys GmbH
Konrad-Zuse-Allee 13
21337 Lüneburg
Germany
Phone: +49 4131 7360 0
Fax: +49 4131 7360 60
support: +49 4131 7360 50
e-mail: team@evasys.de

Contact data protection officer:

datenschutz@evasys.de

 

Purposes for which the personal data is to be collected

A processing of personal data within the framework of this Internet offer is only carried out as far as this is necessary. In the following, you will find information about which of your data we process and on which legal basis we act.

Processing of personal data for information transmission

For certain actions on this site (ordering information, downloading software, participation in competitions, etc.) you will be asked by the operator to provide personal information on web forms/contact forms provided for this purpose. You are free to comply with this request. If you decide to do so, however, it may be necessary to provide your personal information (name, e-mail address, postal address, etc.).

In order to participate in a competition, your data will be stored for the purpose of checking your eligibility and for contacting you later in the event of a win. The operator fully acknowledges the importance of careful handling of your data. Your data will not be forwarded to third parties.

We store your data for as long as we need it for the respective purpose, e.g. the transmission of information, contacting, etc. The data will be deleted upon termination of the subscription.

The legal basis for the collection of personal data for this purpose is based on your consent in accordance with Art. 6 para. 1 letter a DS-GVO.

Processing of personal data in the context of improving the quality of our website through cookies

To improve the quality of our website, we use so-called cookies that track your visit. The cookies enable an evaluation of the movement on the website. What you are looking for, how often you visit which page or which offers you use can also be recorded. There is no connection with other data about you. In addition, the data is pseudonymized so that you cannot be assigned to any other data.

We have integrated the consent management tool “Borlabs Cookies” on our website to request consent for data processing or the use of cookies or comparable functions. Borlabs cookies enable you to grant or deny your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, coverage measurement and personalized advertising.

Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. “Borlabs Cookies” stores your data as long as your user settings are active. You will be asked for your consent again two years after the user settings have been made. The user settings are then stored again for this period.

[borlabs-cookie type=”btn-cookie-preference” title=”Cookie Settings” element=”button”/]
The legal basis for the processing of personal data in the context of cookies is based on your consent in accordance with Art. 6 Para. 1 letter a DS-GVO.

Use of Google Analytics, Google Ads Manager and Google Tag Manager

Our website uses tools for the systematic analysis of your user behaviour on the Internet, specifically Google Analytics, a web analysis service of Google Inc. (“Google”).

Provider of this service is: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The information generated by the cookie about your use of the website, such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server inquiry, is usually transferred to a Google server in the USA and stored there.

The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google. We have also added the code “anonymizeIP” to this website Google Analytics. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

On behalf of Electric Paper GmbH, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator.

[borlabs-cookie type=”btn-cookie-preference” title=”Cookie Settings” element=”button”/]
The legal basis for the use of your personal data is based on your consent (see Art. 6 para. 1 sentence 1 lit. f. DSGVO) within the framework of our cookie settings, which we have already described above.

Connection to LinkedIn and Xing with social plugins

On our website you have the possibility to connect to our profiles in different social networks. If you activate this connection, you will be forwarded to the profile in the social network. At this moment, the social network operators use your personal data as described below:

Connection with LinkedIn:

The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. The LinkedIn data centers for the storage of members’ information are currently located in the USA. This means that LinkedIn processes and stores data outside the EU. LinkedIn provides further information here: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de

When you connect to LinkedIn through our website, LinkedIn receives the following information about you:

  • URL of the website you come from,
  • Website to which you will navigate next,
  • Time of your visit,
  • Information about your network and device (e.g., your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, cookie IDs and/or your Internet service provider or mobile operator)

If you access from a mobile device, this device sends data about your location based on your phone settings. LinkedIn asks for your consent before using GPS or other tools to determine your exact location. The LinkedIn privacy policy can be found here (https://privacy.linkedin.com/de-de)

We would like to point out that the offer of a connection with LinkedIn constitutes a connection in the sense of Art. 26 DS-GVO and that Electric Paper GmbH processes personal data together with LinkedIn Ireland Unlimited Company. In accordance with Art. 26 DS-GVO, jointly responsible persons are obliged to draw up an agreement on the rights and obligations of the persons concerned. LinkedIn has submitted a Page Insights Joint Controller Addendum for this purpose ( https://legal.linkedin.com/pages-joint-controller-addendum).

Connection with XING:

The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

When you connect to XING via our website, XING receives the following information about you:

  • URL of the website you come from,
  • Website to which you will navigate next,
  • Time of your visit,
  • Information about your network and device (e.g., your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, cookie IDs and/or your Internet service provider or mobile operator)

According to XING, the XING data center is operated by an EU-based company and is located in the Netherlands. (Press release NEW WORK SE on April 21, 2020).

We would like to point out that the offer to connect to XING constitutes a connection within the meaning of Art. 26 DS-GVO and that Electric Paper GmbH processes personal data together with New Work SE. In accordance with Art. 26 DS-GVO, jointly responsible persons are obliged to draw up an agreement on the rights and obligations of the persons concerned.

New Work SE has published standard data protection clauses on its website, which can be accessed here: https://dev.xing.com/plugins/terms_and_conditions

In addition, XING uses a data protection-friendly default setting when implementing the social plug-ins (“Privacy by Default”)

Your rights of opposition, cancellation and correction of personal data

You have the right to be informed about the personal data concerning you. You can contact datenschutz@evasys.de at any time to obtain this information.

If a request for information is not made in writing and cannot be verified with certainty in any other way, you must expect us to ask questions to ensure that you are the person you claim to be.

Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so.

Your personal data will be deleted when the purpose of the collection is no longer given. However, an obligation to store data may also be imposed by European or national laws or other regulations. As far as a legal retention period ends, we will immediately delete the corresponding personal data.

You also have the right to object to the processing within the scope of the legal requirements. In particular, if you wish to exercise your right to object to the processing of your data on the basis of the weighing of interests, you must expect that we will examine this carefully, because we have carefully weighed up our interests here. (see Art. 21 para. 1 DS-GVO)

You also have the right to data transferability. Again, this is only granted within the framework of the legal requirements.

Right to appeal to the supervisory authority

Without prejudice to any right to complain to the supervisory authority or to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement is committed, if you consider that the processing of personal data relating to you is in breach of the DS Block Exemption Regulation. The names and contact details of the competent supervisory authorities in the European Union can be found at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

The supervisory authority to which the complaint has been submitted shall inform the complainant about the status and results of the complaint including Possibility of a legal remedy according to Art. 78 DS-GVO.

The State Commissioner for Data Protection of Lower Saxony is the data protection authority responsible for TÜV NORD AG:

Barbara Thiel
Prinzenstrasse 5
30159 Hannover
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
e-mail: poststelle@lfd.niedersachsen.de

1. Name and contact details of the data controller and the data protection officer

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

evasys GmbH
Konrad-Zuse-Allee 13
21337 Lüneburg
Germany

Phone: +49 4131 7360 0
Fax: +49 4131 7360 60
Support: +49 4131 7360 50
E-mail: team@evasys.de

You can reach the data protection officer of the controller at: datenschutz@evasys.de
Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

2. Definitions

Our data protection notice is based on the defined terms of the General Data Protection Regulation (GDPR). Our data protection notice should be easy to read and understand. To ensure this, we explain the terms used in advance:

2.1. Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2. Data subject

Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

2.3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

2.5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location movements.

2.6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

2.7. Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

2.8. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.9. Recipient

Recipient means a natural or legal person, public authority, agency or another bodyk, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

2.10. Third Party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority oft he controller or processor, are authorized to process personal.

2.11. Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. General information on data processing; legal basis, purposes of processing, duration of storage, objection and possibility of elimination

3.1. General information on the legal basis

Personal data is only processed within the scope of this Internet offer if this is necessary. In the following, you will receive information about which data we process from you and on which legal basis we act.

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for compliance of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

3.2. General information on data erasure and storage duration

The personal data of the data subject shall be erased or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

3.3. General information about the processing on our website

Data privacy, data security and protection of secrets are high priorities for us. The permanent protection of your personal data, your company data and your trade secrets is particularly important to us.

In principle, you can visit our website without providing any personal information. However, if you make use of our company’s services via our website, this makes it necessary to provide your personal data. As a rule, we use the data provided by you and collected by the website and stored during use exclusively for our own purposes, namely for the implementation and provision of our website and the initiation, implementation and processing of the services/offers offered via the website (contract fulfillment) and do not pass them on to outside third parties unless there is an officially ordered obligation to do so. In all other cases, we obtain your separate consent.

Your personal data is processed in accordance with the requirements of the General Data Protection Regulation and in compliance with the country-specific data protection provisions applicable to us. By means of this data protection notice, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, we inform you by means of this data protection notice about the rights to which you are entitled.

We have implemented technical and organizational measures to ensure an adequate level of protection for the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that no absolute protection can be guaranteed.

4. Collection of general data and information

Our website collects a series of general data and information with each call by a data subject or an automated system. This general data and information is stored in the log files of the server. The following can be recorded
(1) browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system arrives at our website (so-called referrer),
(4) the sub-websites that are accessed via an accessing system on our website,
(5) the date and time of any access to the Website,
(6) an Internet Protocol (IP) address,
(7) the Internet service provider of the accessing system and
(8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, the evasys GmbH does not draw any conclusions about the data subject. This information is rather required in order
(1) to deliver the contents of our website correctly,
(2) to optimize the content of our website and the advertising for it,
(3) to ensure the permanent operability of our information technology systems and the technology of our website, and
(4) to provide law enforcement authorities with information necessary for prosecution in the event of a cyberattack.

Therefore, the evasys GmbH analyzes anonymously collected data and information on one hand for statistical purposes and on the other hand for the purpose of increasing the data protection and data security of our enterprise, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest)
Storage purpose: The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Storage duration: The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are erased or alienated, so that an assignment of the calling client is no longer possible.
Removal & objection possibility: No, since mandatory for operation of the website.

5. Processing of personal data for contacting/consulting purposes

When requesting and arranging a consultation appointment, we will ask you to provide personal information on web forms/contact forms provided for this purpose. The data is absolutely necessary in order to be able to offer you a consultation appointment tailored to your needs. If you provide your personal data for the purpose of contacting or consulting you, it will be transmitted to our Salesforce Pardot system. This enables our responsible employees to track your request and contact you in a targeted manner.

If you are already a customer of ours, we can merge your request with your already stored personal data by entering your customer number and password.
Otherwise, you will be asked to provide your data yourself. This can be the following data:

  • Business Mail*
  • Phone number*
  • Organization*
  • POSTCODE*
  • Place*
  • First name
  • Last name
  • What service you are interested in

The data marked with * are mandatory. The specification of the remaining data is voluntary.
If you do not wish to use our Online Support System (“OSS”) facility, then you are free to contact us by email or telephone.

Legal basis: Art. 6 (1) (b) GDPR (contract performance)
Storage purpose: The provision of user data is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.
Storage duration: The erasure takes place when the consulting service is completed and no subsequent contract is concluded with us.
Even after the conclusion of the consultation, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.
Removal & objection possibility: If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early erasure of the data is only possible insofar as contractual or legal obligations do not prevent erasure.

6. Processing of personal data for registration to events (webinars, conference)

If you would like to register for one of the events offered by us, we require the following personal data from you in order to carry out your registration.

  • Salutation*
  • First name*
  • Last name*
  • Business address, if applicable
  • Phone number
  • E-mail address
  • Billing address

The data marked with * are mandatory. The provision of the remaining data is voluntary. If you provide your personal data for the purpose of registering for an evasys GmbH event, this data will be transmitted to our Salesforce Pardot system.

In the course of the event, we will again process your name, first name and the company or organization to which you belong as part of the presentation of the event program (if applicable to you) and also as part of the creation of a list of participants.

Legal basis: Art. 6 (1) (b) GDPR (contract performance)
Storage purpose: The provision of user data is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.
Storage duration: The erasure takes place when the consulting service is completed and no subsequent contract is concluded with us.
Even after the conclusion of the consultation, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.
Removal & objection possibility: If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early erasure of the data is only possible insofar as contractual or legal obligations do not prevent erasure.

7. Processing of information for the fulfillment of a contract with the customer

If you decide to use one of our services, we will tell you what information is required from our side for the fulfillment of the contract. This could be all of the following data:

  • Salutation
  • First name
  • Last name
  • Address
  • Phone number
  • E-mail address
  • Account data/bank details

Your data will only be used for internal use and the fulfillment of the requested service, for which they may also be forwarded to a service provider who will also use the data for the purpose of fulfilling the order.

The data will be stored by us as long as this is necessary for the fulfillment of the contract. If the fulfillment of the contract is completed, the data will be erased as long as there are no contractual or legal retention periods to the contrary.

Legal basis: Art. 6 (1) (b) GDPR (contract performance)
Storage purpose: The user’s data is required for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.
Storage duration: The data is stored for the fulfillment of a contract or for the implementation of pre-contractual measures until the point in time when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.
Removal & objection possibility: As a user, you have the option to terminate the contract within the framework of the concluded contractual relationship. You can have the data stored about you changed at any time. If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early erasure of the data is only possible insofar as contractual or legal obligations do not prevent erasure.

8. Processing of personal data for participation in competitions

When participating in competitions on our website or as part of events organized by evasys GmbH, you will be asked to provide information about yourself on web forms/contact forms provided for this purpose. You are free to comply with this request. However, if you decide to do so, it may be necessary to provide your personal details (name, e-mail address, postal address).

To participate in a contest, your information will be stored for the purpose of verifying your eligibility and to contact you later in case you win. The operator fully recognizes the importance of careful handling of your data. Your data will not be passed on to third parties.
We store your data for as long as we need it for the respective purpose. With the conclusion of the competition, the data will be erased.

Legal basis: Art. 6 (1) (a) GDPR
Storage purpose: The provision of the data is necessary so that the determination of the eligibility can happen, the winner can be determined and notified and the prize can be delivered.
Storage duration: Personal data is erased as soon as the purpose for which it was originally collected no longer applies.
Accordingly, the data will be erasedafter completion of the competition if there are no retention periods to the contrary.
Removal & objection possibility: The participant may withdraw his participation in the competition and request the erasure of his data.

9. Processing in the context of applications via our applicant portal

We collect and process personal data from applicants for the purpose of handling the application process. The processing is carried out electronically via our applicant portal at https://jobs.evasys.de. The personal data collected there includes:

  • Salutation
  • Title
  • First name*
  • Last name*
  • Email*
  • Phone number*
  • Application documents* (e.g. cover letter, resume) and personal data contained therein

The data marked with * are mandatory. The specification of the remaining data is voluntary.

The processing of this data serves to process your application. The legal basis is therefore § 26 (1) BDSG in conjunction with. Art. 6 (1) (b) GDPR. In the event of a rejection, we will erase your application data six months after notification of the rejection, provided that there are no legitimate storage reasons for erasure.
In addition, you have the option to consent to the inclusion of our applicant pool. This enables us to contact you in the future for further job offers, regardless of the specific application. In this case, we retain your personal data longer than we would in the case of an individual application, provided that no other legitimate interests or retention obligations prevent erasure.

Legal basis: The legal basis for the processing of data in the case of inquiries via the applicant portal is Section 26 (1) BDSG in conjunction with. Art. 6 (1) (b) GDPR (fulfillment of employment contract; pre-employment measures).
Storage purpose: The storage takes place for the processing of the application.
Storage duration: If the controller does not conclude an employment contract with the applicant, the application documents will be erased six months after notification of the rejection decision, provided that no other legitimate interests or retention obligations of the controller conflict with such erasure (e.g. proceedings under the General Equal Treatment Act (AGG).
Removal & objection possibility: Only general objection and removal options.

10. Processing on our website in the context of cookies and services used

Our website uses cookies and third-party services that use cookies themselves. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The user data collected in this way is pseudonymized by technical measures. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users.
When calling up our website, users are informed by an info banner about the use of cookies and referred to this data protection notice.

10.1. Technically necessary cookies

Technically necessary cookies and services are those that are essential for the proper usability of the website. These cookies are used for security, traceability, load control and compliance with legal regulations on the website. This represents a legitimate interest of the site operator according to Art. 6 (1) (f) GDPR.

10.1.1. Cookiebot

We have integrated the consent management tool “Cookiebot” on our website to request consent for data processing or the use of cookies or comparable functions. With the help of Cookiebot, you have the option of granting or rejecting your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, coverage measurement and personalized advertising.
Our legitimate interests in the processing lies in the storage of user settings and preferences in relation to the use of cookies and other functionalities. Cookiebot stores your consent or selection made as long as the settings are active and the – necessary – cookie set by Cookiebot is stored in your browser. If you erase it via your browser settings, use a new browser or another end device, the settings must be made again.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interests) for technically mandatory cookies.
Storage purpose: The purpose of the processing is to comply with the legal obligation to give consent for cookies and services used and to save the settings for the user in order to save him/her from having to give consent again when revisiting the site.
In these purposes also lies our legitimate interest in the processing of personal data according to Art. 6 (1) (f) GDPR.
Storage duration: Until you withdraw your settings or erase the cookie from your browser.
Removal & objection possibility: General possibility to object to data processing.

10.2. Optional cookies and third-party services

In the case of third-party tools that are not necessary for the operation of the website, your consent must be obtained. This happens via the cookie consent tool. All services used are listed below.

Once cookies have been set, you can withdraw them at any time by pressing the button in the lower left corner, which will take you back to the cookie overview.

10.2.1. Use of Google Analytics
10.2.1.1. General

We have integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to websites. A web analysis service collects, among other things, data about which website a data subject came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed.
evasys GmbH is aware of the transfer of its personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure lawful and secure processing of its personal data.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

10.2.1.2. Anonymization of the IP address

We use the addition “gat.anonymizeIp” for web analysis via Google Analytics. This is a function for shortening the IP address. Accordingly, your IP address is anonymized before being transmitted from a member state or another state party to the Agreement on the European Economic Area to the USA. In exceptional cases, anonymization of the IP address only takes place in the USA.

10.2.1.3. Order processing

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.

By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.

We have concluded an order processing agreement with Google in this regard and in doing so, we comply with the legal requirements of the GDPR as well as the requirements of the German data protection authorities regarding the use of Google Analytics.

10.2.1.4. Further information

Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link.

Legal basis: Art. 6 (1) (a) GDPR (Consent)
Storage purpose: A web analysis is predominantly used to optimize a website and to analyze the cost-benefit of Internet advertising.
The purpose of setting third-party cookies is to improve our offer for you by analyzing your user behavior. As a rule, only a pseudonymised data transfer to the third parties takes place. Incidentally, it is up to you to prevent the transmission of third-party cookies by making the appropriate setting in the cookie banner or within your Internet browser.
Storage duration: Third-party cookies are stored on the user’s computer and transmitted to our site by the user. They are stored until the purpose of the processing no longer applies or you withdraw your consent. Cookies located on the end device can be erased by the user himself, some browsers do this independently on a regular basis.
Removal & objection possibility: By changing the settings of the cookie consent tools, you can disable or restrict the transfer of third-party cookies. Third-party cookies that have already been stored can be erased at any time. This can also be done automatically.

10.2.2. Use of Google Adsense

We have integrated Google Ads on this website. Google Ad consists of Google AdSense, DoubleClick and other services of the Google Ad Network. Google Ads is also an Internet advertising service that allows advertisers to place ads both in Google’s search engine results and in the Google advertising network. Google Ads allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google’s search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.

The operating company of the Google Ads services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
If a data subject accesses our website via a Google ad, a so-called conversion cookie is stored by Google on the data subject’s information technology system. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. The conversion cookie is used to track whether certain subpages on our website have been called up, provided that the cookie has not yet expired.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via Ads , i.e. to determine the success or failure of the respective Ad and to optimize our Ads for the future. Neither our company nor other advertisers of Google AdWords receive information from Google by means of which the data subject could be identified.
By means of the conversion cookie, personal information, for example the websites visited by the data subject, is stored. Whenever our websites are visited, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.
evasys GmbH is aware of the transfer of its personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure lawful and secure processing of its personal data.

For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the provider’s privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.

Legal basis: Art. 6 (1) (a) GDPR (Consent)
Storage purpose: The purpose of Google Ads is to promote our website by displaying interest-relevant advertising on the website of third-party companies and in the search engine results of the Google search engine and a display of third-party advertising on our website.
Incidentally, it is up to you to prevent the transmission of third-party cookies by making the appropriate setting in the cookie banner or within your Internet browser.
Storage duration: Third-party cookies are stored on the user’s computer and transmitted from it to our site. You can erase cookies yourself.
Removal & objection possibility: By changing the settings in the Cookie Consent Tool, you can disable or restrict the transfer of third-party cookies. Third-party cookies that have already been stored can be erased at any time. This can also be done automatically.

10.2.3. Use of Microsoft services

Microsoft services are implemented on our website. The services simplify the direct booking of a consultation for the user via Microsoft Booking (optional cookie). The OutlookSession service can be used to book a direct calendar entry for the consultation.

Microsoft may also process data in the USA. We have implemented appropriate security measures (implementation of standard contractual clauses according to Art. 46 GDPR as well as additional measures) to ensure the security of the transmitted data.

Legal basis: Art. 6 (1) (a) GDPR (Consent)
Storage purpose: The purpose of the use is to facilitate the direct booking of appointments by implementing the Microsoft Booking service, which is opened when the user clicks on the “Book a consultation appointment” button and makes an appointment.
Storage duration: Third-party cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of third-party cookies.
Removal & objection possibility: By changing the settings in the Cookie Consent Tool, you can disable or restrict third-party cookies. Third-party cookies that have already been saved can be erased at any time. This can also be done automatically.

11. Appearances in social networks

11.1. Facebook

We, the evasys GmbH, operate our own Facebook fan page at https://www.facebook.com/evasys. As the operator of this Facebook page, we are jointly responsible with the provider of the social network Facebook (Meta Platforms Ireland Ltd.) within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting our Facebook page, personal data of the page visitors are processed by both controllers.

We have concluded an agreement with Meta on joint responsibility under data protection law (Page Controller Addendum). With this agreement, Meta recognizes the joint responsibility with regard to so-called insights data and assumes essential obligations under data protection law for informing data subjects, for data security or for reporting data protection breaches. In addition, the agreement stipulates that Meta is the primary contact for the exercise of data subjects’ rights (Art. 15 – 22 GDPR). This is because, as the provider of the social network, Meta alone has direct access to the necessary information and can also immediately take any necessary measures and provide information. However, should our support be required, we can be contacted at any time.

11.1.1. Use of Insights and Cookies

In connection with the operation of this Facebook fan page, we use the Insights function from Meta to obtain anonymized statistical data on the users of our Facebook fan page. Information about Insights and Facebook Fanpages is provided by Facebook, for example, via its privacy notices.
In connection with visiting our and other Facebook pages, Facebook also uses cookies and other similar storage technologies. For more information about Meta’s use of cookies, please see their Cookie Policy.

11.1.2. Data sharing

It cannot be ruled out that some of the information collected will also be processed outside the European Union by Meta Platforms Inc. based in the USA. Meta Platforms Inc. has submitted to the standard contractual clauses adopted by the EU Commission and thus undertakes to comply with European data protection requirements.
We ourselves do not share any personal data that we receive through our Facebook page.

11.1.3. Information on contact options and further rights as a data subject

For further information on our contact details, including those of our data protection officer, the rights of data subjects vis-à-vis us and how we process personal data in other respects, please refer to the relevant sections of this data protection declaration.

Legal basis: We operate this Facebook page in order to present, interact and communicate with the users of Facebook as well as other interested persons and our customers who visit our Facebook page. The processing of the users’ personal data is based on our legitimate interests in an optimized company and product presentation (Art. 6 (1) (f) GDPR
Storage purpose: The processing of the information generated by Insights is intended to enable us, as the operator of the Facebook fan page, to obtain statistics that Meta compiles based on visits to our Facebook fan page. The purpose of this is to control the marketing of our activity. For example, it allows us to gain knowledge of the profiles of visitors who like our Facebook page or use applications of the page in order to provide them with more relevant content and develop features that may be of greater interest to them.
In addition, to help us better understand how our Facebook Page can better achieve our business goals, demographic and geographic analyses are also created and provided to us based on the information we collect. We can use this information to target interest-based ads without directly knowing the identity of the visitor. If visitors use Facebook on multiple devices, the collection and analysis can also take place across devices if they are registered visitors who are logged into their own profiles.
The visitor statistics created are transmitted to us exclusively in anonymized form. We have no access to the underlying data. Furthermore, we use our Facebook page to communicate with our customers, interested parties and Facebook users and to inform them about us and our products. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. The processing takes place exclusively for the purpose of communication and interaction with you.
Storage duration: Your data will be erased when the purpose ceases to exist, unless there is a retention obligation.
Removal & objection possibility: Facebook users can influence the extent to which their user behavior may be recorded when visiting our Facebook page under the settings for advertising preferences. Further options are offered by the Facebook settings or the form for the right to object.

11.2. Xing

We operate a XING page. With this privacy policy, we would like to inform you about how we process your personal data via our XING social media profile https://www.xing.com/pages/electricpaperevaluationssystemegmbh and who has access to the data you have deposited.

As the operator of this social media profile, we are (jointly) the responsible party within the meaning of data protection law. This means that we are also responsible for ensuring that your data is processed lawfully via this profile and that you can also exercise your rights regarding your data against us (cf. Art. 26 GDPR).
Data about you may be collected through cookies via this social media profile, whether or not you have an account with XING. Cookies are regularly stored on the user’s terminal device when visiting a XING page, including this profile. The information stored in the cookies is received, recorded and processed by XING, in particular when the user visits XING services, services provided by other members of the group of companies and services provided by other companies that use XING services. In addition, other entities such as XING partners or even third parties may use cookies on the XING services to provide services to companies advertising on XING. For more information on the use of cookies by XING, please refer to their privacy policy.

Cookies are primarily set in order to be able to display personalized advertising to visitors to XING websites, for example. This is done by displaying ads on our XING profile to the user from XING’s advertising partners whose websites the user has previously visited. In addition, cookies enable statistics to be compiled on the use of a social media profile, so that XING and evasys GmbH can track the use of a social media profile.

The collection of your data through cookies in the context of the use of the social media profile is neither legally nor contractually required. Nor is this required for the conclusion of a contract. There is therefore no obligation to transmit your data to XING. However, failure to transmit your data (e.g. by blocking cookies) will mean that we will not be able to offer you our social media profile, or only to a limited extent.

You can request from evasys GmbH regarding the personal data concerning you

  • Information in the form of a copy of the personal data and related information,
  • Provision in a structured and machine-readable format,
  • in case of their inaccuracy, their correction,
  • in particular, in the event of withdrawal of your consent or completion of its purpose, the erasure as well as
  • request the restriction of their processing in certain cases, and
  • object to the use of your data for direct marketing purposes at any time.

XING users can influence the extent to which their user behavior may be recorded when visiting our XING site under the settings for advertising preferences. Further options are offered by the XING settings or the form for the right to object.
The processing of information by means of the cookie used by XING can also be prevented by not allowing cookies from third-party providers or XING in your browser settings.
Further details on the use of cookies by XING can be found in the Data Policy (https://privacy.xing.com/de/datenschutzerklaerung).

11.2.1. Third country transfer

It cannot be ruled out that data from users may be processed on systems outside the European Union. XING has submitted to the standard contractual clauses and has thus undertaken to comply with EU data protection standards.

11.2.2. Information on contact options and further rights as a data subject

For further information on our contact details, including those of our data protection officer, the rights of data subjects and how we process personal data in other respects, please refer to the relevant sections of this data protection declaration.

Legal basis: We operate this XING site in order to present ourselves to, interact with, and communicate with XING users and other interested persons and our customers who visit our XING site. The processing of users’ personal data is based on our legitimate interests in optimizing the presentation of our company (Art. 6 (1) (f) GDPR) as well as when participating in competitions or answering product application questions on the basis of a (pre-)contractual relationship pursuant to Art. 6 (1) (b) GDPR.
Storage purpose: evasys GmbH operates this XING page in order to present itself to XING users and other interested persons who visit this XING page, to present information regarding recruiting under entry opportunities at evasys GmbH, and to communicate with users.
This is also our legitimate interest in an optimized presentation of the company.
Storage duration: Your data will be erased when the purpose ceases to exist, unless there is a retention obligation.
Removal & objection possibility: You can object to the processing of your personal data by XING using the above links. Furthermore, you can object to the processing of your personal data by us via our contact options.

11.3. LinkedIn

We use a page at https://www.linkedin.com/company/evasys-gmbh/ on the platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We use this page to:

  • present our company and services
  • connect and stay in touch with the community and followers
  • keep the community and followers informed about current developments and events in our research area
  • handle questions and concerns from customers and prospects

When visiting our site, LinkedIn as the responsible party collects personal data of the user, for example, through the use of cookies. Such data collection by LinkedIn may also occur for visitors to this site who are not logged in or registered with LinkedIn. Information about the data collection and further processing by LinkedIn can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy?_l=de_DE.

evasys GmbH cannot track which user data LinkedIn collects. Nor does evasys GmbH have full access to the collected data or your profile data. evasys GmbH can only see the public information of your profile. You decide what this information is in your LinkedIn settings.

If our site offers a chat function, evasys GmbH uses your data when using the chat function to answer your inquiry. The service and customer care information collected in this way is used to contact you in order to provide you with the requested information and offers.

Due to legitimate interest, evasys GmbH receives anonymous statistics from LinkedIn regarding the use and utilization of the Page. The following information is provided:

  • Followers: Number of people who follow evasys GmbH – including growth and development over a defined time frame.
  • Reach: Number of people who see a specific post. Number of interactions on a post. This can be used, for example, to determine which content is better received by the community than others.
  • Ad performance: How many people were reached and interacted with a post or paid ad?

These statistics, from which we cannot draw any conclusions about individual users, are used by evasys GmbH to constantly improve its online offering on LinkedIn and to better address the interests of our community. We cannot link the statistical data with the profile data of our followers. You can decide via your LinkedIn settings in which form targeted advertising is displayed to you.

evasys GmbH receives personal data via LinkedIn if you actively communicate this to us via a personal message on LinkedIn. We use your data (e.g. first name, last name, company and position) to respond to your request. Your data will be stored for this purpose.

11.3.1. Third country transfer

It cannot be ruled out that data from users will be processed on systems outside the European Union. LinkedIn has submitted to the standard contractual clauses and has thus undertaken to comply with EU data protection standards.

11.3.2. Information on contact options and further rights as a data subject

For further information on our contact details, including those of our data protection officer, the rights of data subjects and how we process personal data in other respects, please refer to the relevant sections of this data protection declaration.

Legal basis: We operate this LinkedIn page in order to present, interact and communicate with the users of LinkedIn as well as other interested persons and our customers who visit our LinkedIn page. The processing of the users’ personal data is based on our legitimate interests in an optimized company presentation (Art. 6 (1) (f) GDPR as well as when participating in competitions or answering product application questions on the basis of a (pre-)contractual relationship pursuant to Art. 6 (1) (b) GDPR.
Storage purpose: evasys GmbH operates this LinkedIn page in order to present itself to users of LinkedIn as well as other interested persons who visit this LinkedIn page, to present information regarding recruiting under entry opportunities at evasys GmbH and to communicate with users.
This is also our legitimate interest in an optimized presentation of the company.
Storage duration: Your data will be erased when the purpose ceases to exist, unless there is a retention obligation.
Removal & objection possibility: You can object to the processing of your personal data by LinkedIn using the links above. Furthermore, you can object to the processing of your personal data by us via our contact options.