Information security guideline
Here you can find the current information security guideline as a PDF file:
ISO 27001 certificate
Here you can find the ISO 27001 certificate:
Privacy Notice in accordance with GDPR
Data protection declaration for the fulfillment of the duty to inform according to Art. 13 DS-GVO
The aim of the following explanations is to describe what data we process for what purpose and what rights you have in this respect.
Name and contact details of the person in charge:
evasys GmbH
Konrad-Zuse-Allee 13
21337 Lüneburg
Germany
Phone: +49 4131 7360 0
Fax: +49 4131 7360 60
support: +49 4131 7360 50
e-mail: team@evasys.de
Contact data protection officer:
Purposes for which the personal data is to be collected
A processing of personal data within the framework of this Internet offer is only carried out as far as this is necessary. In the following, you will find information about which of your data we process and on which legal basis we act.
Processing of personal data for information transmission
For certain actions on this site (ordering information, downloading software, participation in competitions, etc.) you will be asked by the operator to provide personal information on web forms/contact forms provided for this purpose. You are free to comply with this request. If you decide to do so, however, it may be necessary to provide your personal information (name, e-mail address, postal address, etc.).
In order to participate in a competition, your data will be stored for the purpose of checking your eligibility and for contacting you later in the event of a win. The operator fully acknowledges the importance of careful handling of your data. Your data will not be forwarded to third parties.
We store your data for as long as we need it for the respective purpose, e.g. the transmission of information, contacting, etc. The data will be deleted upon termination of the subscription.
The legal basis for the collection of personal data for this purpose is based on your consent in accordance with Art. 6 para. 1 letter a DS-GVO.
Processing of personal data in the context of improving the quality of our website through cookies
To improve the quality of our website, we use so-called cookies that track your visit. The cookies enable an evaluation of the movement on the website. What you are looking for, how often you visit which page or which offers you use can also be recorded. There is no connection with other data about you. In addition, the data is pseudonymized so that you cannot be assigned to any other data.
We have integrated the consent management tool “Borlabs Cookies” on our website to request consent for data processing or the use of cookies or comparable functions. Borlabs cookies enable you to grant or deny your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, coverage measurement and personalized advertising.
Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. “Borlabs Cookies” stores your data as long as your user settings are active. You will be asked for your consent again two years after the user settings have been made. The user settings are then stored again for this period.
[borlabs-cookie type=”btn-cookie-preference” title=”Cookie Settings” element=”button”/]
The legal basis for the processing of personal data in the context of cookies is based on your consent in accordance with Art. 6 Para. 1 letter a DS-GVO.
Use of Google Analytics, Google Ads Manager and Google Tag Manager
Our website uses tools for the systematic analysis of your user behaviour on the Internet, specifically Google Analytics, a web analysis service of Google Inc. (“Google”).
Provider of this service is: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
The information generated by the cookie about your use of the website, such as browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), time of the server inquiry, is usually transferred to a Google server in the USA and stored there.
The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google. We have also added the code “anonymizeIP” to this website Google Analytics. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
On behalf of Electric Paper GmbH, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator.
[borlabs-cookie type=”btn-cookie-preference” title=”Cookie Settings” element=”button”/]
The legal basis for the use of your personal data is based on your consent (see Art. 6 para. 1 sentence 1 lit. f. DSGVO) within the framework of our cookie settings, which we have already described above.
Connection to LinkedIn and Xing with social plugins
On our website you have the possibility to connect to our profiles in different social networks. If you activate this connection, you will be forwarded to the profile in the social network. At this moment, the social network operators use your personal data as described below:
Connection with LinkedIn:
The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. The LinkedIn data centers for the storage of members’ information are currently located in the USA. This means that LinkedIn processes and stores data outside the EU. LinkedIn provides further information here: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de
When you connect to LinkedIn through our website, LinkedIn receives the following information about you:
- URL of the website you come from,
- Website to which you will navigate next,
- Time of your visit,
- Information about your network and device (e.g., your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, cookie IDs and/or your Internet service provider or mobile operator)
If you access from a mobile device, this device sends data about your location based on your phone settings. LinkedIn asks for your consent before using GPS or other tools to determine your exact location. The LinkedIn privacy policy can be found here (https://privacy.linkedin.com/de-de)
We would like to point out that the offer of a connection with LinkedIn constitutes a connection in the sense of Art. 26 DS-GVO and that Electric Paper GmbH processes personal data together with LinkedIn Ireland Unlimited Company. In accordance with Art. 26 DS-GVO, jointly responsible persons are obliged to draw up an agreement on the rights and obligations of the persons concerned. LinkedIn has submitted a Page Insights Joint Controller Addendum for this purpose ( https://legal.linkedin.com/pages-joint-controller-addendum).
Connection with XING:
The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
When you connect to XING via our website, XING receives the following information about you:
- URL of the website you come from,
- Website to which you will navigate next,
- Time of your visit,
- Information about your network and device (e.g., your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, cookie IDs and/or your Internet service provider or mobile operator)
According to XING, the XING data center is operated by an EU-based company and is located in the Netherlands. (Press release NEW WORK SE on April 21, 2020).
We would like to point out that the offer to connect to XING constitutes a connection within the meaning of Art. 26 DS-GVO and that Electric Paper GmbH processes personal data together with New Work SE. In accordance with Art. 26 DS-GVO, jointly responsible persons are obliged to draw up an agreement on the rights and obligations of the persons concerned.
New Work SE has published standard data protection clauses on its website, which can be accessed here: https://dev.xing.com/plugins/terms_and_conditions
In addition, XING uses a data protection-friendly default setting when implementing the social plug-ins (“Privacy by Default”)
Your rights of opposition, cancellation and correction of personal data
You have the right to be informed about the personal data concerning you. You can contact datenschutz@evasys.de at any time to obtain this information.
If a request for information is not made in writing and cannot be verified with certainty in any other way, you must expect us to ask questions to ensure that you are the person you claim to be.
Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so.
Your personal data will be deleted when the purpose of the collection is no longer given. However, an obligation to store data may also be imposed by European or national laws or other regulations. As far as a legal retention period ends, we will immediately delete the corresponding personal data.
You also have the right to object to the processing within the scope of the legal requirements. In particular, if you wish to exercise your right to object to the processing of your data on the basis of the weighing of interests, you must expect that we will examine this carefully, because we have carefully weighed up our interests here. (see Art. 21 para. 1 DS-GVO)
You also have the right to data transferability. Again, this is only granted within the framework of the legal requirements.
Right to appeal to the supervisory authority
Without prejudice to any right to complain to the supervisory authority or to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement is committed, if you consider that the processing of personal data relating to you is in breach of the DS Block Exemption Regulation. The names and contact details of the competent supervisory authorities in the European Union can be found at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
The supervisory authority to which the complaint has been submitted shall inform the complainant about the status and results of the complaint including Possibility of a legal remedy according to Art. 78 DS-GVO.
The State Commissioner for Data Protection of Lower Saxony is the data protection authority responsible for TÜV NORD AG:
Barbara Thiel
Prinzenstrasse 5
30159 Hannover
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
e-mail: poststelle@lfd.niedersachsen.de
Privacy policy for information to be provided according to Art. 13 GDPR
The aim of the following explanations is to describe which data we process for which purpose and which rights you have in this regard.
1. Name and contact details of the data controller and the data protection officer
2. Definitions
3. General information on data processing; legal basis, purposes of processing, duration of storage, objection and possibility of elimination
4. Collection of general data and information
5. Processing of personal data for contacting/consulting purposes
6. Processing of personal data for registration to events (webinars, conference)
7. Processing of information for the fulfillment of a contract with the customer
8. Processing of personal data for participation in competitions
9. Processing in the context of applications via our applicant portal
10. Processing on our website in the context of cookies and services used
11. Appearances in social networks
12. Your rights of opposition, erasure and rectification of personal data
13. Right to complain to the supervisory authority
1. Name and contact details of the data controller and the data protection officer
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
evasys GmbH
Konrad-Zuse-Allee 13
21337 Lüneburg
Germany
Phone: +49 4131 7360 0
Fax: +49 4131 7360 60
Support: +49 4131 7360 50
E-mail: team@evasys.de
You can reach the data protection officer of the controller at: datenschutz@evasys.de
Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
2. Definitions
Our data protection notice is based on the defined terms of the General Data Protection Regulation (GDPR). Our data protection notice should be easy to read and understand. To ensure this, we explain the terms used in advance:
2.1. Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2. Data subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
2.3. Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
2.5. Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location movements.
2.6. Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
2.7. Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.8. Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
2.9. Recipient
Recipient means a natural or legal person, public authority, agency or another bodyk, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
2.10. Third Party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority oft he controller or processor, are authorized to process personal.
2.11. Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. General information on data processing; legal basis, purposes of processing, duration of storage, objection and possibility of elimination
3.1. General information on the legal basis
Personal data is only processed within the scope of this Internet offer if this is necessary. In the following, you will receive information about which data we process from you and on which legal basis we act.
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for compliance of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
3.2. General information on data erasure and storage duration
The personal data of the data subject shall be erased or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
3.3. General information about the processing on our website
Data privacy, data security and protection of secrets are high priorities for us. The permanent protection of your personal data, your company data and your trade secrets is particularly important to us.
In principle, you can visit our website without providing any personal information. However, if you make use of our company’s services via our website, this makes it necessary to provide your personal data. As a rule, we use the data provided by you and collected by the website and stored during use exclusively for our own purposes, namely for the implementation and provision of our website and the initiation, implementation and processing of the services/offers offered via the website (contract fulfillment) and do not pass them on to outside third parties unless there is an officially ordered obligation to do so. In all other cases, we obtain your separate consent.
Your personal data is processed in accordance with the requirements of the General Data Protection Regulation and in compliance with the country-specific data protection provisions applicable to us. By means of this data protection notice, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, we inform you by means of this data protection notice about the rights to which you are entitled.
We have implemented technical and organizational measures to ensure an adequate level of protection for the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that no absolute protection can be guaranteed.
4. Collection of general data and information
Our website collects a series of general data and information with each call by a data subject or an automated system. This general data and information is stored in the log files of the server. The following can be recorded
(1) browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system arrives at our website (so-called referrer),
(4) the sub-websites that are accessed via an accessing system on our website,
(5) the date and time of any access to the Website,
(6) an Internet Protocol (IP) address,
(7) the Internet service provider of the accessing system and
(8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, the evasys GmbH does not draw any conclusions about the data subject. This information is rather required in order
(1) to deliver the contents of our website correctly,
(2) to optimize the content of our website and the advertising for it,
(3) to ensure the permanent operability of our information technology systems and the technology of our website, and
(4) to provide law enforcement authorities with information necessary for prosecution in the event of a cyberattack.
Therefore, the evasys GmbH analyzes anonymously collected data and information on one hand for statistical purposes and on the other hand for the purpose of increasing the data protection and data security of our enterprise, and ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest)
Storage purpose: The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Storage duration: The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are erased or alienated, so that an assignment of the calling client is no longer possible.
Removal & objection possibility: No, since mandatory for operation of the website.
5. Processing of personal data for contacting/consulting purposes
When requesting and arranging a consultation appointment, we will ask you to provide personal information on web forms/contact forms provided for this purpose. The data is absolutely necessary in order to be able to offer you a consultation appointment tailored to your needs. If you provide your personal data for the purpose of contacting or consulting you, it will be transmitted to our Salesforce Pardot system. This enables our responsible employees to track your request and contact you in a targeted manner.
If you are already a customer of ours, we can merge your request with your already stored personal data by entering your customer number and password.
Otherwise, you will be asked to provide your data yourself. This can be the following data:
- Business Mail*
- Phone number*
- Organization*
- POSTCODE*
- Place*
- First name
- Last name
- What service you are interested in
The data marked with * are mandatory. The specification of the remaining data is voluntary.
If you do not wish to use our Online Support System (“OSS”) facility, then you are free to contact us by email or telephone.
Legal basis: Art. 6 (1) (b) GDPR (contract performance)
Storage purpose: The provision of user data is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.
Storage duration: The erasure takes place when the consulting service is completed and no subsequent contract is concluded with us.
Even after the conclusion of the consultation, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.
Removal & objection possibility: If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early erasure of the data is only possible insofar as contractual or legal obligations do not prevent erasure.
6. Processing of personal data for registration to events (webinars, conference)
If you would like to register for one of the events offered by us, we require the following personal data from you in order to carry out your registration.
- Salutation*
- First name*
- Last name*
- Business address, if applicable
- Phone number
- E-mail address
- Billing address
The data marked with * are mandatory. The provision of the remaining data is voluntary. If you provide your personal data for the purpose of registering for an evasys GmbH event, this data will be transmitted to our Salesforce Pardot system.
In the course of the event, we will again process your name, first name and the company or organization to which you belong as part of the presentation of the event program (if applicable to you) and also as part of the creation of a list of participants.
Legal basis: Art. 6 (1) (b) GDPR (contract performance)
Storage purpose: The provision of user data is necessary for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.
Storage duration: The erasure takes place when the consulting service is completed and no subsequent contract is concluded with us.
Even after the conclusion of the consultation, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.
Removal & objection possibility: If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early erasure of the data is only possible insofar as contractual or legal obligations do not prevent erasure.
7. Processing of information for the fulfillment of a contract with the customer
If you decide to use one of our services, we will tell you what information is required from our side for the fulfillment of the contract. This could be all of the following data:
- Salutation
- First name
- Last name
- Address
- Phone number
- E-mail address
- Account data/bank details
Your data will only be used for internal use and the fulfillment of the requested service, for which they may also be forwarded to a service provider who will also use the data for the purpose of fulfilling the order.
The data will be stored by us as long as this is necessary for the fulfillment of the contract. If the fulfillment of the contract is completed, the data will be erased as long as there are no contractual or legal retention periods to the contrary.
Legal basis: Art. 6 (1) (b) GDPR (contract performance)
Storage purpose: The user’s data is required for the fulfillment of a contract with the user or for the implementation of pre-contractual measures.
Storage duration: The data is stored for the fulfillment of a contract or for the implementation of pre-contractual measures until the point in time when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations.
Removal & objection possibility: As a user, you have the option to terminate the contract within the framework of the concluded contractual relationship. You can have the data stored about you changed at any time. If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, early erasure of the data is only possible insofar as contractual or legal obligations do not prevent erasure.
8. Processing of personal data for participation in competitions
When participating in competitions on our website or as part of events organized by evasys GmbH, you will be asked to provide information about yourself on web forms/contact forms provided for this purpose. You are free to comply with this request. However, if you decide to do so, it may be necessary to provide your personal details (name, e-mail address, postal address).
To participate in a contest, your information will be stored for the purpose of verifying your eligibility and to contact you later in case you win. The operator fully recognizes the importance of careful handling of your data. Your data will not be passed on to third parties.
We store your data for as long as we need it for the respective purpose. With the conclusion of the competition, the data will be erased.
Legal basis: Art. 6 (1) (a) GDPR
Storage purpose: The provision of the data is necessary so that the determination of the eligibility can happen, the winner can be determined and notified and the prize can be delivered.
Storage duration: Personal data is erased as soon as the purpose for which it was originally collected no longer applies.
Accordingly, the data will be erasedafter completion of the competition if there are no retention periods to the contrary.
Removal & objection possibility: The participant may withdraw his participation in the competition and request the erasure of his data.
9. Processing in the context of applications via our applicant portal
We collect and process personal data from applicants for the purpose of handling the application process. The processing is carried out electronically via our applicant portal at https://jobs.evasys.de. The personal data collected there includes:
- Salutation
- Title
- First name*
- Last name*
- Email*
- Phone number*
- Application documents* (e.g. cover letter, resume) and personal data contained therein
The data marked with * are mandatory. The specification of the remaining data is voluntary.
The processing of this data serves to process your application. The legal basis is therefore § 26 (1) BDSG in conjunction with. Art. 6 (1) (b) GDPR. In the event of a rejection, we will erase your application data six months after notification of the rejection, provided that there are no legitimate storage reasons for erasure.
In addition, you have the option to consent to the inclusion of our applicant pool. This enables us to contact you in the future for further job offers, regardless of the specific application. In this case, we retain your personal data longer than we would in the case of an individual application, provided that no other legitimate interests or retention obligations prevent erasure.
Legal basis: The legal basis for the processing of data in the case of inquiries via the applicant portal is Section 26 (1) BDSG in conjunction with. Art. 6 (1) (b) GDPR (fulfillment of employment contract; pre-employment measures).
Storage purpose: The storage takes place for the processing of the application.
Storage duration: If the controller does not conclude an employment contract with the applicant, the application documents will be erased six months after notification of the rejection decision, provided that no other legitimate interests or retention obligations of the controller conflict with such erasure (e.g. proceedings under the General Equal Treatment Act (AGG).
Removal & objection possibility: Only general objection and removal options.
11. Appearances in social networks
11.1. Facebook
We, the evasys GmbH, operate our own Facebook fan page at https://www.facebook.com/evasys. As the operator of this Facebook page, we are jointly responsible with the provider of the social network Facebook (Meta Platforms Ireland Ltd.) within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting our Facebook page, personal data of the page visitors are processed by both controllers.
We have concluded an agreement with Meta on joint responsibility under data protection law (Page Controller Addendum). With this agreement, Meta recognizes the joint responsibility with regard to so-called insights data and assumes essential obligations under data protection law for informing data subjects, for data security or for reporting data protection breaches. In addition, the agreement stipulates that Meta is the primary contact for the exercise of data subjects’ rights (Art. 15 – 22 GDPR). This is because, as the provider of the social network, Meta alone has direct access to the necessary information and can also immediately take any necessary measures and provide information. However, should our support be required, we can be contacted at any time.
11.1.1. Use of Insights and Cookies
In connection with the operation of this Facebook fan page, we use the Insights function from Meta to obtain anonymized statistical data on the users of our Facebook fan page. Information about Insights and Facebook Fanpages is provided by Facebook, for example, via its privacy notices.
In connection with visiting our and other Facebook pages, Facebook also uses cookies and other similar storage technologies. For more information about Meta’s use of cookies, please see their Cookie Policy.
11.1.2. Data sharing
It cannot be ruled out that some of the information collected will also be processed outside the European Union by Meta Platforms Inc. based in the USA. Meta Platforms Inc. has submitted to the standard contractual clauses adopted by the EU Commission and thus undertakes to comply with European data protection requirements.
We ourselves do not share any personal data that we receive through our Facebook page.
11.1.3. Information on contact options and further rights as a data subject
For further information on our contact details, including those of our data protection officer, the rights of data subjects vis-à-vis us and how we process personal data in other respects, please refer to the relevant sections of this data protection declaration.
Legal basis: We operate this Facebook page in order to present, interact and communicate with the users of Facebook as well as other interested persons and our customers who visit our Facebook page. The processing of the users’ personal data is based on our legitimate interests in an optimized company and product presentation (Art. 6 (1) (f) GDPR
Storage purpose: The processing of the information generated by Insights is intended to enable us, as the operator of the Facebook fan page, to obtain statistics that Meta compiles based on visits to our Facebook fan page. The purpose of this is to control the marketing of our activity. For example, it allows us to gain knowledge of the profiles of visitors who like our Facebook page or use applications of the page in order to provide them with more relevant content and develop features that may be of greater interest to them.
In addition, to help us better understand how our Facebook Page can better achieve our business goals, demographic and geographic analyses are also created and provided to us based on the information we collect. We can use this information to target interest-based ads without directly knowing the identity of the visitor. If visitors use Facebook on multiple devices, the collection and analysis can also take place across devices if they are registered visitors who are logged into their own profiles.
The visitor statistics created are transmitted to us exclusively in anonymized form. We have no access to the underlying data. Furthermore, we use our Facebook page to communicate with our customers, interested parties and Facebook users and to inform them about us and our products. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. The processing takes place exclusively for the purpose of communication and interaction with you.
Storage duration: Your data will be erased when the purpose ceases to exist, unless there is a retention obligation.
Removal & objection possibility: Facebook users can influence the extent to which their user behavior may be recorded when visiting our Facebook page under the settings for advertising preferences. Further options are offered by the Facebook settings or the form for the right to object.
11.2. Xing
We operate a XING page. With this privacy policy, we would like to inform you about how we process your personal data via our XING social media profile https://www.xing.com/pages/electricpaperevaluationssystemegmbh and who has access to the data you have deposited.
As the operator of this social media profile, we are (jointly) the responsible party within the meaning of data protection law. This means that we are also responsible for ensuring that your data is processed lawfully via this profile and that you can also exercise your rights regarding your data against us (cf. Art. 26 GDPR).
Data about you may be collected through cookies via this social media profile, whether or not you have an account with XING. Cookies are regularly stored on the user’s terminal device when visiting a XING page, including this profile. The information stored in the cookies is received, recorded and processed by XING, in particular when the user visits XING services, services provided by other members of the group of companies and services provided by other companies that use XING services. In addition, other entities such as XING partners or even third parties may use cookies on the XING services to provide services to companies advertising on XING. For more information on the use of cookies by XING, please refer to their privacy policy.
Cookies are primarily set in order to be able to display personalized advertising to visitors to XING websites, for example. This is done by displaying ads on our XING profile to the user from XING’s advertising partners whose websites the user has previously visited. In addition, cookies enable statistics to be compiled on the use of a social media profile, so that XING and evasys GmbH can track the use of a social media profile.
The collection of your data through cookies in the context of the use of the social media profile is neither legally nor contractually required. Nor is this required for the conclusion of a contract. There is therefore no obligation to transmit your data to XING. However, failure to transmit your data (e.g. by blocking cookies) will mean that we will not be able to offer you our social media profile, or only to a limited extent.
You can request from evasys GmbH regarding the personal data concerning you
XING users can influence the extent to which their user behavior may be recorded when visiting our XING site under the settings for advertising preferences. Further options are offered by the XING settings or the form for the right to object.
The processing of information by means of the cookie used by XING can also be prevented by not allowing cookies from third-party providers or XING in your browser settings.
Further details on the use of cookies by XING can be found in the Data Policy (https://privacy.xing.com/de/datenschutzerklaerung).
11.2.1. Third country transfer
It cannot be ruled out that data from users may be processed on systems outside the European Union. XING has submitted to the standard contractual clauses and has thus undertaken to comply with EU data protection standards.
11.2.2. Information on contact options and further rights as a data subject
For further information on our contact details, including those of our data protection officer, the rights of data subjects and how we process personal data in other respects, please refer to the relevant sections of this data protection declaration.
Legal basis: We operate this XING site in order to present ourselves to, interact with, and communicate with XING users and other interested persons and our customers who visit our XING site. The processing of users’ personal data is based on our legitimate interests in optimizing the presentation of our company (Art. 6 (1) (f) GDPR) as well as when participating in competitions or answering product application questions on the basis of a (pre-)contractual relationship pursuant to Art. 6 (1) (b) GDPR.
Storage purpose: evasys GmbH operates this XING page in order to present itself to XING users and other interested persons who visit this XING page, to present information regarding recruiting under entry opportunities at evasys GmbH, and to communicate with users.
This is also our legitimate interest in an optimized presentation of the company.
Storage duration: Your data will be erased when the purpose ceases to exist, unless there is a retention obligation.
Removal & objection possibility: You can object to the processing of your personal data by XING using the above links. Furthermore, you can object to the processing of your personal data by us via our contact options.
11.3. LinkedIn
We use a page at https://www.linkedin.com/company/evasys-gmbh/ on the platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We use this page to:
When visiting our site, LinkedIn as the responsible party collects personal data of the user, for example, through the use of cookies. Such data collection by LinkedIn may also occur for visitors to this site who are not logged in or registered with LinkedIn. Information about the data collection and further processing by LinkedIn can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy?_l=de_DE.
evasys GmbH cannot track which user data LinkedIn collects. Nor does evasys GmbH have full access to the collected data or your profile data. evasys GmbH can only see the public information of your profile. You decide what this information is in your LinkedIn settings.
If our site offers a chat function, evasys GmbH uses your data when using the chat function to answer your inquiry. The service and customer care information collected in this way is used to contact you in order to provide you with the requested information and offers.
Due to legitimate interest, evasys GmbH receives anonymous statistics from LinkedIn regarding the use and utilization of the Page. The following information is provided:
These statistics, from which we cannot draw any conclusions about individual users, are used by evasys GmbH to constantly improve its online offering on LinkedIn and to better address the interests of our community. We cannot link the statistical data with the profile data of our followers. You can decide via your LinkedIn settings in which form targeted advertising is displayed to you.
evasys GmbH receives personal data via LinkedIn if you actively communicate this to us via a personal message on LinkedIn. We use your data (e.g. first name, last name, company and position) to respond to your request. Your data will be stored for this purpose.
11.3.1. Third country transfer
It cannot be ruled out that data from users will be processed on systems outside the European Union. LinkedIn has submitted to the standard contractual clauses and has thus undertaken to comply with EU data protection standards.
11.3.2. Information on contact options and further rights as a data subject
For further information on our contact details, including those of our data protection officer, the rights of data subjects and how we process personal data in other respects, please refer to the relevant sections of this data protection declaration.
Legal basis: We operate this LinkedIn page in order to present, interact and communicate with the users of LinkedIn as well as other interested persons and our customers who visit our LinkedIn page. The processing of the users’ personal data is based on our legitimate interests in an optimized company presentation (Art. 6 (1) (f) GDPR as well as when participating in competitions or answering product application questions on the basis of a (pre-)contractual relationship pursuant to Art. 6 (1) (b) GDPR.
Storage purpose: evasys GmbH operates this LinkedIn page in order to present itself to users of LinkedIn as well as other interested persons who visit this LinkedIn page, to present information regarding recruiting under entry opportunities at evasys GmbH and to communicate with users.
This is also our legitimate interest in an optimized presentation of the company.
Storage duration: Your data will be erased when the purpose ceases to exist, unless there is a retention obligation.
Removal & objection possibility: You can object to the processing of your personal data by LinkedIn using the links above. Furthermore, you can object to the processing of your personal data by us via our contact options.