We take the protection of your privacy when using our website very seriously. We are therefore pleased to inform you about the collection of anonymous and personal data.
1. Provider / Entity responsible for data protection
This website is a service of:
Tel: +49 (0)40 80 80 700
represented by Mathias Hüske, Michael Kujas and Christian Woodgett (Geschäftsführer)(Managing Directors)
Registration Court: District Court Hamburg
Registration number: HRB 79328)
VAT ID: DE 214256591
2. Data protection officer
ecolaw.de Gesellschaft für Datensicherheit & Datenschutz mbH
represented by Florian König (Managing Director)
Roseggerstraße 1, D-38440 Wolfsburg
Tel. +49 (0)5361 27 29 293
Fax +49 (0)5361 27 29 296
registered in the commercial register of the District Court Braunschweig under the number HRB 203444
3. Competent supervisory authority
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, (HmbBfDI), Klosterwall
6, 20095 Hamburg, Germany, phone: +49 (0)40/142854-4040, Fax: +49 (0)40/42854-4000, Email:
4. General provisions
We (hereinafter referred to as the “controller”) store and process your (hereinafter referred to as the “data subject”) personal data (e.g. title, name, address, email address, phone number, bank data, credit card number) in accordance with the relevant statutory provisions, particularly the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), Federal Data Protection Act (BDSG) and other data-related regulations [e.g. the German Telemedia Act (TMG)].
In accordance with the GDPR and other regulations, data processing and use is only permitted if explicitly allowed by the GDPR or another statutory provision or if approved by the data subject (prohibited unless authorized). In accordance with these statutory requirements, the processing and use of data shall only be permissible, if
- a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- c) processing is necessary for compliance with a legal obligation to which the controller is subject;
- d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
We therefore use and process your personal data only to the extent permitted within contract management or if you have given your informed consent.
We will never forward your personal data including your address and your email address to any third party. Excepted from this are our service partners who require data transmission for the execution of the contractual relationship or if we have explicitly pointed out the forwarding of data. In these cases, the scope of the transmitted data is limited to the necessary minimum.
5. Data collected during visits to our website
(5. 1) Storage of IP addresses
We will store the IP address transmitted by your web browser for a period of seven days strictly for the purpose of being able to recognize, limit and rectify any attacks on our websites and servers. After expiry of this period, we will erase or anonymize the IP address. The legal basis for this is Article 6(1) f of the GDPR.
(5. 2) Usage data
When you visit our websites, usage data is temporarily stored on our web server for statistical purposes in what is referred to as a log file. This allows us to improve the quality of our websites. This data set consists of
- the site from which the file was requested,
- the file name,
- the date and time of the request,
- the data volume transmitted,
- the access status (file transmitted, file not found),
- the description of the type of web browser used.
The above-mentioned log data will only be stored in an anonymized form.
6.) Collection of personal data when using our services
We will only collect your personal data if you voluntarily decide to share such information with us. For example, in case of an order or for carrying out a contract, a survey or when registering for services that require a registration with personal data (e.g. for orders, newsletter mailings, etc.). In such cases, we will only collect data where we are legally allowed to do so and which is absolutely necessary to carry out the services requested by you (during ordering processes, such data are usually your name, address, phone number and email address or, when subscribing to a newsletter, only your email address and name). Where we collect any of your personal data (for example through a contact or order form), you only have to provide the data requested. Fields marked with an asterisk are mandatory to complete. All other information is provided voluntarily and must not be disclosed by you. If you provide it nonetheless, you give us your consent through this disclosure to also store and use this personal data of yours for the stated purpose; in some instances, we request your explicit consent for data protection purposes that require explicit consent; such consent can be given by you voluntarily at any time, is not bound to any further requirements and can be revoked for the future at any time.
For maximum security of your data, the data is transmitted via a secure server using SSL encryption technology in order to prevent the abuse of the data by third parties. We store and process your data only on servers within the European Union. There will be no transmission to third-party countries unless we are entitled and/or obliged to such transmission in accordance with any statutory regulations or if you have given us your explicit prior consent. These cases are, however, all clearly identified and marked respectively.
7.) Consent in accordance with data protection laws
By subscribing to our newsletter, you agree that we collect and process your title, first name, surname and email address
for the following purposes:
- receipt of eos.uptrade’s newsletter along with the relevant information on the company, its products and events
This website does not use social plugins (“plugins”) of the social network Facebook but includes a link to the Facebook website run by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). No data will be transmitted by Facebook directly to your browser and integrated into the website through this link.
Although our website does not use social plugins of LinkedIn, it includes a link to the LinkedIn website run by LinkedIn Ireland Unlimited Company,
13.) Integration of third-party services and content
It is possible that contents of third parties, for example YouTube videos, map material of Google Maps, RSS feeds or graphics of other websites are integrated within our online offer. This always presupposes that the providers of this content (hereinafter referred to as “third-party providers”) perceive the IP address of the respective user. Because without the IP address, they would not be able to send their content to the browser of the respective user. The IP address is therefore required to display the content. We aim to only use content from providers that only use the IP address to provide content We have, however, no control over any further use the third party may make of the IP address, such as in statistical analysis. If we are aware of this, we will inform our users accordingly.
14.) Revocation of your consent
If you have given your consent in accordance with data protection laws to certain use of data and/or services, you may revoke such consent at any time with effect for the future. This only requires a notification to the following address:
Tel: +49 (0)40 80 80 700
15.) Your rights as a data subject
As a data subject under data protection laws, you have a number of rights in relation to your personal data. As the controller, we have taken appropriate measures to provide you as a data subject with all information in accordance with Article 13 and 14 of the GDPR and all notifications in accordance with Articles 15 to 22 and Article 34 of the GDPR relating to the data processing in precise, transparent, understandable and easily accessible form in clear and simple language; this applies in particular to information specifically targeted at children. All information will be transmitted in written or other form, if necessary also in electronic form. If requested by you, the information can also be communicated verbally if you were identified as the data subject.
Among other things, you have the right to demand information in written or electronic form at any time about your stored personal data and their origin, the recipient(s) to whom the data is forwarded and why your data is stored. You also have the right to demand the correction of inaccurate data and, if the respective legal requirements are met, deletion or blocking of your data. This only requires a notification to the following address:
Tel: +49 (0)40 80 80 700
You have the following rights regarding your personal data:
(15.1) Right to obtain confirmation and communication of personal data
You have the right to ask us to confirm whether we process your personal data
and, if so, to obtain access to your personal data and the following information:
a.) the purposes of the processing of personal data;
b.) the categories of personal data concerned;
c.) the recipients or categories of recipients to whom your personal data have been or will be disclosed;
d.) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
e.) the existence of the right to rectification or erasure of your personal data or restriction of processing by us or to object to processing;
f.) the right to lodge a complaint with a supervisory authority;
g.) all available information about the source of the data, if the personal data was not directly collected from the data subject;
h.) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You also have the right to ask us to inform you whether your personal data is transferred to a third country or an international organization. In this context, the data subject shall have the right to be informed of the appropriate safeguards in accordance with Article 46 of the GDPR relating to the transfer.
(15.2) Right to rectification
The data subject shall have the right to obtain from the controller the rectification/completion of inaccurate or incomplete personal data concerning him or her. The controller shall then immediately rectify the personal data in question.
(15.3) Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
a.) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b.) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c.) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
d.) the data subject has objected to processing in accordance with Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed by the controller or authorized third parties with the data subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing in accordance with the above requirements shall be informed by the controller before the restriction of processing is lifted.
(15.4) Right to erasure
a.) Obligation to erase personal data
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
aa.) The data subject’s personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
bb.) The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
cc.) The data subject objects to the processing in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Article 21(2) of the GDPR.
dd.) The data subject’s personal data have been unlawfully processed.
ee.) The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
ff.) The data subject’s personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
b.) Disclosure of information to third parties
If we have made your personal data public and if we are obliged to erase them in accordance with Article 17(1) of the GDPR, we will take appropriate measures, also of technical nature, taking into account the available technology and implementation costs, in order to inform the parties responsible for the data processing and who process the personal data of the fact that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.
1. c) Exceptions
The right to erasure does not apply if processing is necessary
aa.) to exercise the right of freedom of expression and information;
bb.) to comply with a legal obligation that requires processing in accordance with Union or Member State law we are subject to; or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
cc.) for the processing for public health purposes in accordance with Article 9(2) h and i as well as Article 9(3) of the GDPR;
dd.) for archiving purposes in the public interest, scientific or historical research or statistical purposes in accordance with Article 89(1) of the GDPR where the right mentioned under a) is likely to render impossible or seriously impair the achievement of that processing; or
ee.) for the establishment, exercise or defense of legal claims.
15.5) Right to be informed
If you have exercised the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom your personal data was disclosed about this rectification or erasure of data or restriction of processing, unless it proves to be impossible or involves disproportionate effort.
You have the right to be informed about these recipients.
15.6) Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit those data to another controller without hindrance if
a.) the processing is based on consent in accordance with point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract in accordance with point (b) of Article 6(1) of the GDPR; and
b.) the processing is carried out by automated means.
In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The right to data portability shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
15.7) Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
15.8) Right to withdraw the data protection declaration of consent
The data subject shall have the right to withdraw his or her data protection declaration of consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
15.9) Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This shall not apply if the decision
a.) is necessary for entering into, or performance of, a contract between the data subject and a data controller,
b.) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or
c.) is based on the data subject's explicit consent.
These decisions shall, however, not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place.
Regarding the cases referred to under a.) and c.), the data controller shall take appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests.
15.10) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy in accordance with Article 78 of the GDPR.
16.) Email marketing
If you have subscribed to our newsletter, we will use your email address for marketing purposes until you end your subscription to the newsletter. You can unsubscribe at any time without incurring any costs other than the transmission costs according to the base rates of your access provider. You can unsubscribe at any time by sending us an email to firstname.lastname@example.org.
If you apply for a job with us, we will treat your application and all personal data included with the utmost confidentiality. We will only forward your application internally and only to persons who need to be informed about the recruitment process (e.g. human resources and the respective heads of department).
We shall only store and process your application documents and the included personal data on our servers and our systems for the purpose of processing your application and the recruitment process. After the end of the recruitment process, your application documents and your personal data will be stored for six months for internal reasons and will be deleted afterwards. The data are stored, among other things, for the professional and thorough handling of your application. The legal basis for this is our legitimate interests under Article 6(1) f of the GDPR. We shall not inform you separately after deleting your personal data. In individual cases and if we have your explicit consent, we shall store your application along with your personal data for up to 24 months after the end of the recruitment process. The legal basis for this is your consent under Article 6(1) a of the GDPR.