1. Subject Matter and Scope
We take the protection of your personal data very seriously. Within this Privacy Notice, we inform you about which personal data we collect through our websites and how and for what purposes they are processed. We will always handle your personal data in accordance with the data protection laws and regulations and this Privacy Notice.
This Privacy Notice is applicable to our websites, which can be accessed at www.epino.de, www.epi-no.de, www.epino.com, www.epi-no.com, www.tecsana.de, www.tecsana.com (hereinafter referred to as "websites").
2. Verantwortliche Stelle
Telefon +49 (0) 89 / 74 11 43 – 0
Fax +49 (0) 89 / 74 11 43 – 15
Geschäftsführer: Ingo Giani
3. Data Protection Officer
Rechtsanwalt, Fachanwalt IT-Recht
Datenschutzbeauftragter (TÜV), CIPP/E, CIPM, FIP
4. Visiting Our Websites
Our system automatically collects data and information from any device used to access our websites. In order for the website pages to be displayed in your browser, the IP address of the device you are using must be processed. Information about your operating system and browser are also collected.
We are legally obligated to ensure the confidentiality and integrity of the personal data processed with our IT systems. The data will also be used to correct errors on the websites.
For these purposes, the following data is logged:
· IP address of the accessing device
· Operating system of the accessing device
· Browser version of the accessing device
· Name of the retrieved file
· Date and time of retrieval
· Amount of data transferred
· Referring URL
This data is automatically deleted after 30 days.
Our websites are hosted by a service provider in the European Economic Area, based on a data processing agreement according to Art. 28 GDPR.
The legal basis for processing this information is Art. 6 Sect. 1 lit. f GDPR. Our legitimate interest is the operation of our websites and the implementation of protection measures to ensure the confidentiality, integrity, and availability of such data.
5. Contact and Requesting Information and Offers
If you contact us to request information or an offer, the information you provide will be stored for the purpose of processing the request. The information collected in the website’s contact form is needed for geographic allocation of your request, to process your request, to address you correctly, and to send you an answer.
Requests and orders are typically stored in our CRM system. The CRM system is routinely monitored to determine whether data can be deleted. Should data no longer be required in the context of a customer or prospective customer relationship or should the customer's interests to the contrary prevail, we will delete the relevant data, provided that this does not conflict with any statutory retention obligations.
The legal basis for storage and processing of this data is Art. 6 Sect. 1 lit. f GDPR. Our legitimate interest is communication with customers and interested parties.
If the aim of establishing contact is to conclude a contract, the legal basis is Art. 6 Sect. 1 lit. b GDPR.
6. Processing Orders
When you place an order via telephone, E-Mail, fax or over our online shop, we process inventory data (e.g. names, contact addresses, delivery addresses) and contract data (e.g. used services, payment information) for the fulfillment of our contractual obligations and to process your order.
We only transfer personal data to third parties if this is necessary in the context of contract execution. This is the case with the service provider entrusted with the handling of logistics and the logistics companies deployed (for example DHL). Our shop system is maintained by a service provider in Germany.
The legal basis for the processing of the data required to fulfill the contract is Art. 6 Sect. 1 lit. b GDPR.
We use session cookies, which are stored only for the duration of your visit to the website (e.g., to enable the storage of your shopping basket items). A randomly generated and unique identification number, called a session ID, is stored in a session cookie. Session cookies are automatically deleted after you leave the website.
The legal basis for processing personal data using cookies is Art. 6 Sect. 1 lit. f GDPR. Our legitimate interest is the operation, analysis, and optimization of our websites and our customer interactions.
In order to display the content of our websites in a correct and graphically appealing manner across all browsers, we use the Google Fonts library from Google LLC in the USA (https://www.google.com/webfonts/).
Google Fonts are transferred to your browser's cache to avoid repeated downloads. If your browser does not support Google Fonts or does not allow access, content will be displayed in a default font.
When a font library is accessed, a connection to the provider is automatically established. It is also possible that Google may collect your personal data, in particular, your IP address.
Google’s Privacy Shield certification is available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate safeguards for data transfers are in place pursuant to Art. 46 GDPR.
The legal basis for such data processing is Art. 6 Sect. 1 lit. f GDPR. Our legitimate interest is the optimization and economic operation of our websites and our customer interactions.
YouTube videos are embedded on our websites. These are made available by YouTube LLC in the USA ("YouTube") via a plugin.
We use the advanced privacy settings for embedded YouTube videos. YouTube does not set cookies. However, when you visit a website using the YouTube plugin, your IP address is transmitted to YouTube. When you are logged in to YouTube, the information you submit can be linked to your account.
For more information, please visit YouTube's Privacy and Safety Center at https://support.google.com/youtube/topic/2803240?hl=en&ref_topic=6151248.
YouTube is a subsidiary of Google and is certified under the EU- US Privacy Shield in compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The appropriate safeguards for data transfers are in place pursuant to Art. 46 GDPR.
The legal basis for processing data in relation to YouTube is Art. 6 Sect. 1 lit. f GDPR. Our legitimate interest is the optimization and economic operation of our websites.
10. Age Restriction
This website is not intended or designed for use by children under 16 years of age. We do not knowingly collect personal information from or about anyone under the age of 16.
11. Recipients of Data
Within our company, your data is only received by those internal organizational units and employees, that need to know your data to fulfill their tasks, if applicable to fulfill contracts with you, to process your data with your consent and/or for the purposes of our legitimate interests.
Data will only be shared with third parties compliant with all applicable legal requirements. We only share your data with third parties when necessary, e.g., on the basis of Art. 6 Sect. 1 lit. b GDPR for the purpose of fulfilling a contract with you or to safeguard our legitimate interests pursuant to Art. 6 Sect. 1 lit. GDPR.
If we use service providers or third parties in order to offer our websites and/or our services, we take the appropriate legal safeguards and technical and administrative measures to ensure the appropriate protection of your personal data.
If we use/embed content or tools from service providers or third parties and if such third parties are based in a third country, data is transferred to a third country. Third countries are countries in which the GDPR is not directly applicable (i.e., countries outside the EU or the European Economic Area).
Data will only be transferred to third countries based on either an adequacy decision (Art. 45 GDPR), appropriate safeguards (Art. 46 GDPR), your consent (Art. 49 Sect. 1 lit a GDPR) or other legal permission.
12. Your Rights
You have the right to free access to information about your stored personal data, its origin, recipients, and the purpose of processing your data and a right to correct, block, or delete this data. You also have the right to limit and/or opt out of the processing of your data.
Additionally, you have the right to have your data, which we process automatically, transferred to you or to a third party in a standard, machine-readable format.
To assert your rights, please contact us using the details provided above for the Controller.
You also have a right of appeal through the data protection supervisory authority. The competent supervisory authority is the Bavarian Data Protection Authority (https://www.lda.bayern.de).
13. Withdrawal of Consent
Many data processing transactions are only possible with your express consent. You can withdraw your consent at any time simply by sending us an email. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
14. RIGHT TO OBJECT
IF WE PROCESS YOUR DATA IN ORDER TO PURSUE OUR LEGITIMATE INTERESTS (AS EXPLAINED IN THIS PRIVACY NOTICE), YOU CAN OBJECT TO SUCH PROCESSING. FOR ANY SUCH OBJECTIONS PLEASE CONTACT US USING THE CONTACT DETAILS PROVIDED FOR THE CONTROLLER.
YOU ARE ONLY ENTITLED TO THIS RIGHT TO OBJECT IF THERE ARE GROUNDS RELATING TO YOUR PARTICULAR SITUATION (ART. 21 SECT. 1 GDPR). AFTER EXERCISING YOUR RIGHT TO OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR SUCH PURPOSES, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ESTABLISH, EXERCISE, OR DEFEND LEGAL CLAIMS.
WHERE YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU CAN EXERCISE YOUR RIGHT TO OBJECT AT ANY TIME (ART. 21 SECT. 2 GDPR). WE THEN WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, IRRESPECTIVE OF THE GROUNDS FOR THE OBJECTION.
15. Obligation to Provide Data
Providing personal data is neither required by law nor by contract, nor are you obligated to provide personal data. However, personal information is required for the conclusion and fulfillment of a contract insofar as certain details are absolutely necessary in order to be able to conclude and fulfill a contract.
16. Automated Decision-Making
We do not carry out automated decision making, including profiling.
17. Storage and Deletion
We adhere to the principles of data avoidance and data minimization. Therefore, we only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for in the storage periods as stipulated by law.
If the purpose of storage ceases to apply or if a storage period as stipulated by law expires, the personal data will be blocked or deleted in accordance with the statutory provision.
18. Technical and Administrative Measures of Data Security
We meet administrative, legal, and operational security measures in accordance with the latest technology in order to ensure that privacy and data protection laws are observed, thereby protecting the data we process against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
Our websites use SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries, or payment data that you send to us.
19. Changes to this Privacy Notice
We reserve the right to occasionally revise this Privacy Notice in order to comply with current legal requirements or to implement changes to our services, e.g., when introducing new services. The new Privacy Notice then applies to your subsequent visits to our websites.