In the following, we are providing information about how personal data is collected when this website is used. Personal data means all data which can be related to you personally, i.e. for example name, address, email addresses, user behaviour.
1. Controller of data processing and contact
1. Controller of data processing and contact
(1) The controller under Art. 4 para. 7 of the EU General Data Protection Regulation (EUDATAP) is Erhardt+Leimer GmbH, Albert-Leimer-Platz 1 in 86391 Stadtbergen, represented by managing directors Hannelore Leimer and Dr. Michael Proeller, cf. our publication details.
(2) If you have any questions about data protection, you can contact our Data Protection Officer Stefan Haugg at:
email: [email protected]
post: Erhardt+Leimer GmbH, Data Protection Officer, Albert-Leimer-Platz 1, 86391 Stadtbergen
2. Your rights when using the website
- the right under Art. 15 EUDATAP to be provided with information about your data collected and stored with us when you access the website.
- the right under Art. 16 EUDATAP to require your personal data stored with us to be corrected if incorrect or to be completed.
- the right under Art. 17 EUDATAP to require the deletion of your personal data stored with us, unless processing is necessary to meet a legal requirement or to assert, exercise or defend legal claims.
- the right under Art. 7 para. 3 EUDATAP to withdraw at any time your consent already given for data processing. This means that we are no longer allowed in future to continue the data processing based on this consent. The lawfulness of the processing undertaken on the basis of this consent until it was withdrawn by the data subject is not prejudiced thereby.
- the right under Art. 77 EUDATAP to complain to the appropriate data protection supervisory authority if you assume that your right to informational self-determination has been breached by the processing of the personal data collected when you visited our website. The Bavarian State Office for Data Protection Supervision (bayerische Landesamt für Datenschutzaufsicht) has responsibility for Erhardt+Leimer GmbH.
- if your personal data is processed on the basis of justified interests under Art. 6 para. 1 sentence 1 lit. f EUDATAP, you have the right under Art. 21 EUDATAP to file an objection to the processing of your personal data, insofar as there are reasons for the same resulting from your particular situation or insofar as your objection relates to direct advertising. In the latter case, you have a general right to file an objection which will be implemented by us without any evidence of a particular situation.
You can assert your rights against us by sending a notification to the contact details given under Number 1.
3. Data security
We operate up-to-the-minute technical measures to ensure data security, in particular to protect your personal data from risks during data transmissions and from disclosure to third parties. These measures are adapted accordingly to comply with the current state of the art.
4. Processing of personal data
(1) Collection of personal data when the website is used to obtain information
1. During use of the website purely to obtain information, i.e. if you do not log in or register for use of the website or provide us with information in any other way, we do not collect any personal data, with the exception of the data which your browser supplies to enable you to visit the website. This data is as follows:
- IP address
- date and time of enquiry
- time zone difference to Greenwich Mean Time (GMT)
- content of request (specific page)
- access status/HTTP status code
- data volume transmitted in each case
- website from which the request comes
- operating system and its interface
- language and version of browser software.
2. During use of the website, cookies are also stored on your computer. Cookies are small text files which are stored on your hard disc and assigned to the browser you have used. Through them, the agent setting the cookie (i.e. us in this case) is provided with certain information. Cookies cannot implement any programmes or transmit viruses to your computer. They serve to make the internet offering generally more user-friendly and effective.
You can configure your browser setting as you wish. However, please note that you may then possibly not be able to use all the functions of this website.
(2) Collection and use of personal data when using the functions of our website
Together with use of our website purely to obtain information, we offer various services which you can use if interested. To do this, you are usually required to provide further personal data which we will employ to provide the appropriate service.
When you contact Erhardt+Leimer GmbH by email or using the contact form, we store your email address and name and any other personal data which you supply, so that we can answer your questions.
We delete the data acquired in this connection when storage is no longer necessary or restrict processing if legal retention obligations apply.
Data processing for the purpose of establishing contact with us is undertaken under Art. 6 para. 1 sentence 1 lit. a EUDATAP on the basis of your voluntary consent
Subscription to newsletter
(1) You can consent to subscription to our newsletter, with which we inform you about our current attractive offers. The legal basis is Art. 6 para. 1 sentence 1 lit. a EUDATAP. For registration for our newsletter, we use the so-called double opt-in process. This means that, after you have supplied your email address, we send a confirmation email to the email address provided, in which we ask you to confirm that you wish to subscribe to the newsletter. If you do not confirm this, your registration will automatically be deleted. If you confirm that you wish to receive the newsletter, we will store your email address until you unsubscribe from the newsletter. This storage serves solely for the purpose of being able to send you the newsletter. In addition, upon registration and confirmation, we store your IP addresses and the times to prevent any misuse of your personal data.
(2) The only compulsory information for subscription to the newsletter is your email address. All other information is voluntary and is used solely for personalisation of the newsletter. This data too is deleted in full when consent is withdrawn.
(3) You can withdraw your consent to subscription to the newsletter at any time. You can undertake withdrawal by clicking on the link provided in every newsletter email, by sending an email to [email protected] or by sending a notification to the contact details provided under No. 1. The data you provide will not be disclosed to third parties.
(4) We are evaluating your user behaviour when sending the newsletter. For this evaluation, the e-mails sent include so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. For the evaluations, we link the data and the web beacons mentioned in section 4 with your e-mail address and an individual ID. Links received in the newsletter also contain this ID.
The data is collected exclusively pseudonymously, so the IDs are not linked to your other personal data, a direct personal data is excluded.
With the data thus obtained, we create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletter, which links you click on in it and infer your personal interests from it. We link this data to actions you take on our website.
You can disagree to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact route. The information will be stored as long as you subscribe to the newsletter. After unsubscribing, we store the data purely statistically and anonymous. In addition, such tracking is not possible if you have disabled the display of images by default in your e-mail program. In this case, the newsletter will not be displayed to you and you may not be able to use all the features. If you display the images manually, the tracking is working.
The legal basis for this processing is both through your voluntary registration to our newsletter Article 6 sec. 1 lit a) GDPR as well as Article 6 sec. 1 lit. f) to be able to assess our legitimate interest in measuring the range and success of our newsletter for the purpose of determining whether the effort required to maintain the format can be presented economically.
Use of the job application form
We process personal data which we receive from you as part of your job application, in accordance with Section 32 of the German Federal Data Protection Act [BDSG] old version, Section 26 BDSG new version. This is master data, such as information on name and address; data on knowledge and skills, such as qualification certificates, CV and assessments; communication data.
Your data will be used in connection with the filling of the vacant positions, i.e. for the purpose of storage, evaluation, allocation and internal forwarding of your application. In the course of the application process, your application data will be accessible to the appropriate personnel officer at Erhardt+Leimer GmbH and to the managing directors and will be made available to the managers of the department with a vacant position. The data you provide will not otherwise be disclosed to third parties.
Documents submitted by rejected applicants will be deleted from our system 6 months after completion of the job application process.
Job applications for which consent has been given to storage for jobs possibly available at a later date will be stored for a maximum of 12 months and then deleted in full.
Virtual trade fair stand
In order to visit our virtual trade fair stand, you will need to register with us. Please enter a valid e-mail address, the name of the company you work for and specify a secret password. We use this data exclusively for providing access to our virtual trade fair stand. Processing of the data is in accordance with Article 6 Para. 1 S. 1 Point b General Data Protection Regulation for fulfillment of a contract.
Participation in the prize draw
From time to time we hold prize draws. Conditions for participation are provided to regulate how these prize draws are held. Provided that no legal data storage period prevents the deletion of the participant data collected, all information collected for participation purposes shall be deleted after the prize draw has been completed. The legal basis for processing the data is Article 6 Para. 1 S. 1 Point b General Data Protection Regulation for fulfillment of a contract.
5. Use of analysis tools
(1) This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files which are stored on your computer and enable an analysis of your use of the website. The information provided by a cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event of activation of IP anonymization on this website, your IP address will, however, first be reduced by Google within member countries of the European Union or in other countries which are members of the European Economic Area treaty. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and reduced there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services to the website operator relating to website use and internet use.
(2) The IP address transmitted from your browser as part of Google Analytics will not be linked with other Google data.
(3) You can prevent the storage of cookies with the relevant setting in your browser software; however, please note that you will then possibly not be able to use all the functions of this website in full.
(4) In addition, you can download and install the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en to prevent both the transmission to Google of the data obtained by the cookie and relating to your use of the website (incl. your IP address) and the processing of this data by Google.
(5) As an alternative to the browser plug-in or if you use a mobile end device, you can prevent the collection of data by clicking on the following link.
In this way, an opt-out cookie is placed on your device. If you delete the cookies in the browser used, you must then click on the link again to prevent the collection of data by Google Analytics.
(6) This website uses Google Analytics with the add-on “_anonymizeIp()”. As a result, IP addresses are subject to further processing in a reduced form and no direct relation to a person is possible.
(7) Google Analytics is used in compliance with the requirements agreed with Google by the German data protection authorities. Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
Use of LinkedIn components
On the website, the controller uses components from LinkedIn Corporation to show relevant advertising and effectivity measurement for an advertisement posted. LinkedIn is a social network for professional and executive personnel. This service is used by such persons to discover business opportunities, to be discovered themselves for business opportunities and to link up with other people and information.
LinkedIn receives information about the visitors to a website if their cookies are placed on the websites of third parties. Information transmitted includes the URL of the websites accessed before and after visiting the website, IP address, operating system, web browser and add-ons.
If a user is logged in to LinkedIn at the same time as accessing our website, the data collected and transmitted by cookie use by LinkedIn can be allocated to the appropriate LinkedIn account. If internet users do not want such allocation of the information transmitted, they must log out of their LinkedIn account when accessing our website.
Members of LinkedIn can manage data protection settings at www.linkedin.com/psettings/. If users are not members of LinkedIn, they can reject interest-based advertising at www.linkedin.com/psettings/guest-controls.
The placing on your device of cookies which collect the data identified above can be prevented by settings in your browser.
Use of Google AdWords
Google AdWords Conversion is used on the website. This is a tool to measure the interaction of internet users with the advertisements we post.
When a user clicks on our text advertisement in the Google Search or on the selected website in the Google display network or watches our video advertisement, a temporary cookie is stored on his or her computer. The cookie becomes invalid after 30 days and does not enable personal identification.
If a user completes a conversion on our website within this period, the cookie is read out via the tracking tag and sent back to AdWords with the conversion data.
The information obtained with the help of cookies is used to draw up conversion statistics for us. For example, we learn the total number of users who have clicked on our advertisement. We are not able to identify users personally.
If you do not wish to participate in tracking, you can prevent the placing of cookies with a browser setting.
Use of Google Dynamic Remarketing
Google Dynamic Remarketing is used on the website. As a result, users can, on the basis of their surfing behaviour, be shown – on any arbitrary website – advertisements for products which they have accessed in the past.
When a controller uses Google Remarketing, Google tools are included in the website source code which permit the placing of cookies on the respective end device of the visitor to the website. With the help of these cookies, Google is also able to recognise the visitor on other websites.
Through implementation of the cross-device function by Google, advertising is possible on several end devices. The requirement for the cross-device function is that the relevant user has agreed to the linking of his or her app- or programme-based browser actions to his or her Google account.
If a user logs in with his Google account at different times on several end devices, even if only for a logical second, Google is able to link the remarketing cookies placed on the end devices and then send advertising to the user on a cross-device basis.
According to Google, Google-authenticated user IDs are temporarily collected for this purpose, which serve for cross-device target group formation.
In the settings for advertising, you can deactivate personalised advertising by Google. More detailed information is available at support.google.com/ads/answer/2662922. Alternatively, you can use a browser plug-in, on which information is available at support.google.com/ads/answer/7395996.
Please note that only personalised advertising is deactivated by use of the above functions. Thus advertisements are no longer oriented to your interests.
You can use a browser setting to prevent the placing of cookies.
Microsoft Advertising (Bing Ads)
The Website uses Bing Ads (bingads.microsoft.com) technologies provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). The service provider Microsoft will set a cookie on your device if you have accessed our website via a Microsoft Bing ad. This allows Microsoft and us to recognize that someone has clicked on an ad that has been redirected to our website and has reached a defined landing page. We only learn the total number of users who have responded to an ad and have thus been redirected to our website. Microsoft collects, processes and uses information using the cookie from which user profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are used to display advertisements. No personal information about the identity of the user will be processed.
If you do not want information about your behavior to be used by Microsoft as described, you can prevent this by browser setting, which generally disables the automatic setting of cookies on your device. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by opt-out at the following link choice.microsoft.com/en-US/opt-out.
For more information about microsoft and Bing Ads' privacy and cookies, visit the Microsoft privacy.microsoft.com/en-us/privacystatement web site.
6. Integration of YouTube videos
We have integrated YouTube videos into our website. They are stored at www.YouTube.com and can be viewed directly from our website. They are all integrated in the “extended data protection mode”, which means that no data relating to you as a user will be transmitted to YouTube if you do not view the videos. Only when you view the videos will the data identified under No. 4 (1) 1 be transmitted. We have no influence on this data transmission.
When you visit the website, YouTube receives the information that you have called up the relevant sub-page on our website. In addition, the data identified under No. 4 (1) 1 of this Policy is transmitted. This takes place irrespective of whether YouTube provides a user account through which you have logged in or there is no user account. If you are logged into Google, your data will be allocated directly to your account. If you do not want allocation to your profile at YouTube, you must log out before clicking the button. YouTube will save your data as user profiles and use it for advertising, market research and/or needs-based design of its website. Such analysis is carried out in particular (even for users who are not logged in) for provision of needs-based advertising and to inform other social network users of your activities on our website. You have a right to object to the creation of these user profiles; to exercise this right, you must contact YouTube.
7. Use of Google web fonts
To present our content correctly and with an attractive graphic design on all browsers, we use fonts of the service provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google web fonts) on this website. Google web fonts are transmitted to your browser cache to prevent repeated loading. A connection to Google is automatically established. When this is done, it is theoretically possible that Google gathers personal data – but currently not clear whether this is the case and, if so, for what purposes.
8. Use of Google Tag Manager
Google Tag Manager is used on the website, a service of Google Inc. (“Google”). This service enables website tags to be managed via an interface.
The Tool Tag Manager itself (which implements the tags) is a cookie-free domain and does not gather any personal data. The tool enables the triggering of other tags which may, for their part, collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains effective for all tracking tags which are implemented with Google Tag Manager.
9. Storage of data
We apply the principles of data avoidance and data minimisation. Thus we only store your personal data for as long as necessary to achieve the aims identified here or for as long as specified in the various storage periods prescribed by law.
10. Obligation to provide data
No legal obligation to provide data applies. However, you cannot use some functions on our website without supplying personal data.
11. Automated decision in individual cases
No automated decision-making is used in processing your data.
12. Data protection information on Facebook page
Erhardt+Leimer GmbH uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Please note that you use our Facebook page and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. comments, sharing, rating).
When you access our Facebook page, Facebook collects, among other items, your IP address and other information which exists on your PC in the form of cookies. This data is used to provide us, as the operator of the Facebook page, with statistical information about the uptake of the Facebook page. Facebook provides more detailed information on this subject at the following link: de-de.facebook.com/help/pages/insights.
The data collected about you in this connection is processed by Facebook Ltd. and may possibly be transmitted to countries outside the European Union. In its data use policy, Facebook describes in a general way the data it receives and how it is used. In this policy, you will also find information about ways of contacting Facebook and placing advertising. The data use policy is available at the following link: http://de-de.facebook.com/about/privacy. You will find Facebook’s full data policy here:
Facebook does not clearly and finally state – so we do not know either – how it uses the data from visits to Facebook pages for its own purposes, to what extent activities on a Facebook page are allocated to individual users, how long Facebook stores this data and whether data resulting from a visit to a Facebook page is disclosed to third parties.
When you access a Facebook page, the IP address assigned to your end device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. In addition, Facebook saves information about the end devices of its users (e.g. by means of the function “login notification”); in this way Facebook may possibly be able to allocate IP addresses to individual users.
If you are currently logged in to Facebook as a user, there will be a cookie with your Facebook identifier on your end device. As a result, Facebook is able to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Via Facebook buttons integrated into websites, Facebook is able to register your visits to these website pages and allocate them to your Facebook profile. With the help of this data, you can be offered content or advertising oriented to you.
If you want to avoid the above, you should log out of Facebook or deactivate the function “stay logged in”, delete the cookies on your device and close and restart your browser. In this way, Facebook data through which you can be directly identified will be deleted. So you can then use our Facebook page without your Facebook identifier being revealed. If you access interactive functions on the page (likes, comments, sharing, messages, etc.), a Facebook log-in mask will appear. If you then log in, you will again be recognisable for Facebook as a certain user.
Information on how you can manage or delete existing information about yourself can be found on the following Facebook support pages:
Erhardt+Leimer GmbH does not additionally collect and process any data resulting from your use of the company’s Facebook page.
13. Operation of our external fan pages (social networks)
In the section below, we will inform you about the handling of your personal data, with particular reference to the use of our presences in social networks and offers.
Please check carefully which personal data you share with us via social networks. For example, for as long as you remain logged into your account and visit our profile operated by the providers, then the provider can directly assign it to your profile. You are therefore clearly recognizable to the provider.
The course of your visit can therefore be used to create a profile of you by the provider. We would specifically like to point out that the providers save the data of their users (e.g. personal information, IP address, etc.) and may use it for business purposes.
We always operate the pages and profiles in order to contact our customers, interested parties and employees, as well as potential employees, in a better and easier manner. The past has shown us that our activities beyond the online presence in the form of a website lead to considerably greater market penetration and thus contact options. For this reason, for us, the activities in the social networks are a key factor for our business success. With regard to use the of the services, we thus refer to an express, legitimate interest on our part (Art. 6 Para. 1 lit. f). Through the use of our profile pages in the corresponding social networks, in addition to the personal data you yourself have passed on to the provider through the creation of your access, use data is also collected. Normally, the corresponding provider uses it to create a personalized use profile. However, this is not within our sphere of influence. Our activity only allows the provider to record that you are interested in our company and that you may like our posts. Besides the tracking carried out by the provider, which is not carried out within our sphere of influence, there are no known factors which limit your basic rights and freedoms and which act against our legitimate interest in the use of the named services. In the case of tracking (recording and evaluation of your user behavior by the provider), we, of course, hope for timely clarification and procurement of legal certainty.
The following link allows you to configure your browser efficiently and to act against the unwanted recording of your user behavior, although most likely not entirely:
You can obtain more detailed information on data processing and on the provider's responsible office under the following links.
Responsible office at Facebook: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Facebook pages based on a Agreement on joint processing of personal data
Data protection declaration: https://www.facebook.com/about/privacy/,
Responsible office at: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Data protection declaration: https://policies.google.com/privacy,
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Responsible office at Instagram: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA Data protection declaration/ Opt-Out: http://instagram.com/about/legal/privacy/.
Responsible office: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
Data protection declaration: https://twitter.com/de/privacy
Responsible office at Pinterest: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA
Data protection declaration/ Opt-Out: https://about.pinterest.com/de/privacy-policy
Responsible office at Linkedin: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Data protection declaration https://www.linkedin.com/legal/privacy-policy ,
Responsible office at XING: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Data protection declaration/ Opt-Out: https://privacy.xing.com/en/privacy-policy.
14. Use of our webshop
(1) If you wish to place an order in our webshop, for the conclusion of the contract you will need to provide the personal data we require in order to process your order. Any details that are mandatory for processing of the contracts are specially marked; further information is provided on a voluntary basis. The data provided by you will be processed by us in order to deal with your order. For this purpose, we may pass on your payment details to our house bank. The legal basis for this is article 6(1), sentence 1(b) of EU-GDPR.
We may also process the data provided by you for the purpose of informing you about further interesting products from our portfolio or to send you emails with technical information.
(2) We are required by commercial and tax laws to store your address, payment and order details for a duration of ten years. However, after two years we will restrict the way in which we process your data, i.e. your data will only be used in order to comply with our legal obligations.
(3) To prevent unauthorized access by third parties to your personal data, in particularly financial data, the ordering process will be encrypted using TLS encryption technology.