Privacy Policy

General Information on Data Processing

In this privacy policy, we inform you which personal data we process during your visit to our website and what rights you have. For the terminology used, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Personal data means any information relating to an identified or identifiable natural person. This includes, for example, your name, address and communication data, or your email address.

Processing means any operation or set of operations performed on personal data, with or without the aid of automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

The controller or “controller responsible for processing” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Users include all categories of persons affected by data processing. They include our business partners and other visitors to our website.

1. Name and Address of the Controller

Elektror airsystems GmbH
Hellmuth-Hirth-Str. 2
73760 Ostfildern
Phone: +49 711 31973-0
Fax: +49 711 31973-5000
Email: info@elektror.de

2. Data Protection Officer

You can contact our Data Protection Officer by email at or via our postal address with the addition “Der Datenschutzbeauftragte” (the Data Protection Officer).

3. Storage Period

Unless a specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose of processing the data no longer applies. If you make a legitimate request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible grounds for storing your personal data (e.g. tax or commercial law retention periods); in the latter case, erasure will take place after these grounds no longer apply.

4. General Notes on the Legal Bases of Data Processing on this Website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR and, where special categories of data under Art. 9(1) GDPR are processed, on the basis of Art. 9(2)(a) GDPR. In the case of your explicit consent to the transfer of personal data to third countries, processing is also carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or to access to information on your end device (e.g. via device fingerprinting), processing additionally takes place on the basis of Section 25(1) TDDDG (Telecommunications-Digital Services Data Protection Act). Consent can be withdrawn at any time. If your data is required for the performance of a contract or for pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if this is necessary for compliance with a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be based on our legitimate interests under Art. 6(1)(f) GDPR. The specific legal basis applicable in each individual case is explained in the following sections of this privacy policy.

5. Recipients of Personal Data

In the course of our business activities, we work with various external parties. This may also require the transmission of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g. disclosure to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the disclosure. When using processors, we disclose personal data of our customers only on the basis of a valid data processing agreement. In the case of joint processing, a joint controller agreement is concluded.

6. Processing of Personal Data

6.1. Visiting Our Website

Each time you access our website, your browser automatically transmits data to our web server for technical reasons. The following information is recorded in so-called server log files:

IP address
Date and time of the server request
Browser including language and version
Operating system used
Hostname of the accessing computer
Referrer URL (the website from which the request originates)

These data are not stored together with other personal data of the users.

The temporary storage of the IP address is technically necessary to deliver the website; for this purpose, your IP address must be stored for the duration of the session.

Storage of the aforementioned data in log files is carried out to ensure the functionality of the website. They also serve to optimise our services and to ensure the security of our information technology systems (e.g. for attack detection). No evaluation for marketing purposes takes place.

The legal basis for temporary storage and log files is Art. 6(1)(f) GDPR. Our legitimate interest lies in the technically error-free presentation, stable operation, and optimisation of the website; processing of server log files is necessary for this.

The log files are processed exclusively on our own servers. Access is limited to internally responsible persons on a need-to-know basis.

The above data are stored only as long as is necessary for the respective purposes. The data required to provide the website (in particular your IP address) are retained for the duration of the session and then deleted. Data recorded in server log files are retained for a maximum of 90 days for the purpose of ensuring operation, security, and optimisation of the website, and are then automatically deleted. Longer storage may occur for security reasons (e.g. to clarify incidents of misuse or fraud or to defend against attacks); data whose further storage is required for evidentiary purposes are excluded from deletion until the respective incident has been conclusively clarified.

6.2. Contact Form

If you send us enquiries via the contact form, we collect salutation, name data, company, address data, email address, telephone number and details of your enquiry. Mandatory fields are marked accordingly. You may optionally request a callback.

We process your personal data in order to answer your enquiry and handle your request. We store your data in case of follow-up questions.

If your enquiry is related to the performance of a contract or is required for pre-contractual measures (e.g. a quotation), processing takes place on the basis of Art. 6(1)(b) GDPR. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6(1)(f) GDPR).

Your personal data are processed by the internal departments responsible for the matter. We do not pass on these data without your consent. The data are used exclusively to process the conversation and handle your request.

The data you enter in the contact form remain with us until you ask us to delete them or the purpose for data storage no longer applies (e.g. after your enquiry has been fully processed). Mandatory statutory provisions—especially retention periods—remain unaffected.

6.3. Enquiries by Email or Telephone

If you contact us via the email addresses provided or by telephone, we store and process your enquiry, including all personal data arising therefrom (name data, address data, contact details, enquiry), for the purpose of handling your request.

If your request is related to the performance of a contract or is required for pre-contractual measures (e.g. a quotation), processing takes place on the basis of Art. 6(1)(b) GDPR. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6(1)(f) GDPR).

Your personal data are processed by the internal departments responsible for the matter. We do not pass on these data without your consent. They are used exclusively to process the conversation and handle your request.

The data you transmit in contact enquiries remain with us until you ask us to delete them or the purpose for data storage no longer applies (e.g. after your enquiry has been fully processed). Mandatory statutory provisions—especially retention periods—remain unaffected.

7. Cookies

Our website uses so-called “cookies”. Cookies are small text files that are stored in your browser when you visit a website. They contain no malware and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your end device.

Session cookies are set only for the duration of your visit and are then automatically deleted. Persistent cookies remain on your end device until you delete them yourself or your browser automatically deletes them.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable, for example, the integration of certain services of third-party providers within websites (e.g. cookies for statistical analysis of website visits). Other cookies can be used to analyse user behaviour or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process or to optimise the website (e.g. by using a cookie banner) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is indicated. We have a legitimate interest in storing necessary cookies to provide our services in a technically error-free and optimised manner.

Where consent has been obtained for the storage of cookies or comparable recognition technologies, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG). Consent can be withdrawn at any time.

When accessing our website, you can decide for yourself whether to accept cookies that are not required for technical operation. You can also configure your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate automatic deletion of cookies when closing the browser. Please note that disabling cookies may limit the functionality of this website.

Cookiebot

8. Analytics Tools and Advertising

8.1. Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or analytics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or carry out its own analyses. It merely serves to manage and deploy the tools integrated via it. However, Google Tag Manager records your IP address, which can also be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the fast and uncomplicated integration and administration of various tools on our website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

The company is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for processing in the USA. Each company certified under the DPF undertakes to comply with these standards. Further information is available from the provider: https://www.dataprivacyframework.gov/participant/5780.

8.2. Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyse the behaviour of website visitors. In doing so, we receive various usage data, such as page views, time spent, operating systems used, and the origin of the users. These data are assigned to the respective user’s end device. There is no assignment to a user ID.

Furthermore, with Google Analytics we can, among other things, record your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the collected data sets and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of users for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of Google Analytics is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://business.safety.google/adscontrollerterms/sccs/.

The company is certified under the EU–US Data Privacy Framework (DPF). Further information: https://www.dataprivacyframework.gov/participant/5780.

IP anonymisation in Google Analytics is enabled. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide us, as the website operator, with other services relating to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

We have concluded a data processing agreement (DPA) with Google for the use of the above service. This is a contract required by data protection law which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

8.3. Hotjar

This website uses Hotjar. Provider: Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta, Europe (Website: https://www.hotjar.com).

Hotjar is a tool for analysing your user behaviour on this website. With Hotjar we can, among other things, record your mouse and scroll movements and clicks. Hotjar can also determine how long you remain with the mouse pointer in a particular position. From this information, Hotjar creates so-called heatmaps that show which areas of the website are preferred by visitors.

We can also determine how long you stayed on a page and when you left it. We can also determine at which point you aborted your entries in a contact form (so-called conversion funnels).

Hotjar can also be used to collect direct feedback from website visitors. This function serves to improve our web offers.

Hotjar uses technologies that enable the recognition of users for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting).

Where consent has been obtained, the use of the aforementioned service is based exclusively on Art. 6(1)(a) GDPR and Section 25 TDDDG. Consent can be withdrawn at any time. If consent has not been obtained, this service is used on the basis of Art. 6(1)(f) GDPR; we have a legitimate interest in analysing user behaviour in order to optimise both our web offering and our advertising.

Deactivating Hotjar
If you wish to deactivate data collection by Hotjar, click the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/. Please note that deactivation of Hotjar must be carried out separately for each browser and each end device.

Further information about Hotjar and the data collected can be found in Hotjar’s privacy policy: https://www.hotjar.com/privacy

We have concluded a data processing agreement (DPA) for the use of the above service. This ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

8.4. Google Ads

We use Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Targeted advertisements can also be displayed based on the user data stored at Google (e.g. location data and interests) (audience targeting). As the website operator, we can evaluate these data quantitatively by analysing which search terms led to the display of our advertisements and how many ads led to corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified under the EU–US Data Privacy Framework (DPF). Further information: https://www.dataprivacyframework.gov/participant/5780

8.5. Google Ads Remarketing

This website uses Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them within the Google advertising network (remarketing or retargeting).

The advertising target groups created with Google Ads Remarketing can also be linked with Google’s cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on one of your other end devices (e.g. tablet or PC).

If you have a Google account, you can object to personalised advertising at the following link: https://adssettings.google.com/anonymous?hl=de.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time.

Further information and Google’s privacy policy can be found here: https://policies.google.com/technologies/ads?hl=de.

The company is certified under the EU–US Data Privacy Framework (DPF). Further information: https://www.dataprivacyframework.gov/participant/5780.

8.6. Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can recognise whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that personally identifies users. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time.

More information on Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the EU–US Data Privacy Framework (DPF). Further information: https://www.dataprivacyframework.gov/participant/5780.

8.7. LinkedIn Insight Tag

This website uses the Insight Tag from LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Using the LinkedIn Insight Tag, we receive information about visitors to our website. If they are registered with LinkedIn, we can evaluate, among other things, their professional characteristics (e.g. career level, company size, country, location, industry, and job title). This enables us to tailor our website more precisely to the respective target groups.

The LinkedIn Insight Tag also enables us to measure whether visitors to our website perform an action (conversion measurement). This measurement can also take place across devices (e.g. from PC to tablet). In addition, the Insight Tag offers a retargeting function that allows us to display targeted advertising to website visitors outside our website. According to LinkedIn, the data subjects are not identified in this process.

LinkedIn itself collects so-called log files (e.g. URL, referrer URL, IP address, device and browser characteristics, and time of access). IP addresses are either shortened or—if used for cross-device recognition—hashed (pseudonymised). Direct identifiers of LinkedIn members are deleted after seven days. The remaining pseudonymised data are deleted within 180 days.

The data collected by LinkedIn cannot be assigned by us as website operator to any specific person. LinkedIn stores the personal data collected from website visitors on servers in the USA and uses them for its own advertising purposes. Further information can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy#choices-oblig

Where consent has been obtained, the use of the service mentioned is based exclusively on Art. 6(1)(a) GDPR and Section 25 TDDDG. Consent can be withdrawn at any time.

If no consent is given, processing is based on Art. 6(1)(f) GDPR; our legitimate interest lies in effectively promoting our offers using social media.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs

LinkedIn is also certified under the EU–US Data Privacy Framework (DPF). This agreement ensures that European data protection standards are upheld for processing in the USA. Further information: https://www.dataprivacyframework.gov/participant/5448

You can object to the analysis of your usage behaviour and to receiving targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

LinkedIn members can also specify in their account settings the extent to which their personal data may be used for advertising purposes. To avoid linking data collected via our website to your LinkedIn account, please log out of your LinkedIn account before visiting our website.

We have concluded a data processing agreement (DPA) with LinkedIn pursuant to Art. 28 GDPR. This ensures that LinkedIn processes personal data of our website visitors only in accordance with our instructions and in compliance with the applicable data protection regulations.

8.8. Meta Pixel

This website uses the visitor action pixel from Meta for conversion measurement. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the collected data are also transferred to the USA and other third countries.

The behaviour of website visitors can thus be tracked after they have been redirected to the provider’s website by clicking on a Meta ad. This allows the effectiveness of Meta advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected are anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data are stored and processed by Meta so that a connection to the respective user profile on Facebook or Instagram is possible and Meta can use the data for its own advertising purposes in accordance with Meta’s Data Policy (https://de-de.facebook.com/about/privacy/). This enables Meta to place advertisements on Facebook, Instagram, and other channels. We as page operators have no influence on this use of data.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time.

We use the “Advanced Matching” function within the Meta Pixel.

Advanced Matching allows us to transmit various types of data (e.g. place of residence, federal state, postcode, hashed email addresses, names, gender, date of birth or telephone number) of our customers and prospects collected via our website to Meta. This enables us to tailor our advertising campaigns on Facebook and Instagram even more precisely to people who are interested in our offers. Advanced Matching also improves the attribution of website conversions and expands Custom Audiences.

Where personal data are collected on our website with the help of the tool described here and transmitted to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR).

Joint responsibility is limited exclusively to the collection of data and its transmission to Meta. Processing by Meta after transmission is not part of the joint responsibility. Our joint obligations are set out in a joint controller agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta tool and for the data protection-compliant implementation of the tool on our website. Meta is responsible for the security of Meta products. You can exercise your data subject rights (e.g. requests for information) with regard to data processed by Facebook or Instagram directly with Meta. If you exercise your data subject rights with us, we are obliged to forward them to Meta.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Further information on protecting your privacy can be found in Meta’s privacy notices: https://de-de.facebook.com/about/privacy/.

You can also deactivate the “Custom Audiences” remarketing function in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook for this.

If you do not have a Facebook or Instagram account, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the EU–US Data Privacy Framework (DPF). Further information: https://www.dataprivacyframework.gov/participant/4452

9. Newsletter

You can subscribe to a newsletter on our website that provides regular information about products, services, and news from our company. For this, we require your email address. For a personal salutation, you can voluntarily provide your first and last name.

After registering, you will receive an email in which you must confirm your registration. This procedure ensures that no registration is made using someone else’s email address. We log the registration process (date, time, IP address and confirmation) in order to demonstrate compliance with legal requirements.

For administration, dispatch, and evaluation we use Inxmail (Inxmail GmbH, Wentzingerstraße 17, 79106 Freiburg). The data you provide for the purpose of receiving the newsletter are processed on Inxmail’s servers. Further information can be found in Inxmail’s privacy policy at https://www.inxmail.de/datenschutz.

We use anonymised tracking from Inxmail to improve our newsletters (e.g. open and click rates, most frequently clicked links). Personal profiles are not created. If you do not wish to be analysed, you can unsubscribe from the newsletter at any time; a corresponding link can be found at the end of every newsletter email.

The dispatch of the newsletter and the associated performance measurement (e.g. opens, clicks) are based on your consent pursuant to Art. 6(1)(a) GDPR. Insofar as information is stored or accessed on your end device for this purpose (e.g. by tracking pixels), this is additionally done pursuant to Section 25(1) TDDDG (consent). Logging of registrations (time, IP, confirmation) is based on our legitimate interest in proving consents pursuant to Art. 6(1)(f) GDPR.

You can withdraw your consent at any time with effect for the future by using the unsubscribe link at the end of each newsletter email or by contacting us. The lawfulness of processing carried out until revocation remains unaffected.

The data provided for the purpose of receiving the newsletter are stored by us and/or Inxmail until you unsubscribe and are deleted or blocked from the distribution list after unsubscribing. Data that we have stored for other purposes remain unaffected.

We have concluded a data processing agreement (Art. 28 GDPR) with Inxmail. This ensures that Inxmail processes the personal data of our subscribers only in accordance with our instructions and in compliance with the GDPR.

10. Plugins and Tools

10.1. Google reCAPTCHA

We use the “Google reCAPTCHA” service (“reCAPTCHA”) on this website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to check whether data entry on this website (e.g. in a contact form) is made by a human or by an automated program. The purpose is to protect our website from abusive automated use (e.g. SPAM).

For analysis, reCAPTCHA evaluates various information, such as the IP address, the time spent by the website visitor on the page, or mouse movements performed by the user. This evaluation starts automatically as soon as the website visitor accesses the page. The data collected are transmitted to Google. The reCAPTCHA analyses run completely in the background; website visitors are not specifically notified that an analysis is taking place.

Storage and analysis of these data are based on Art. 6(1)(f) GDPR. Our legitimate interest lies in protecting our web offerings from abusive automated spying and from SPAM.

Where corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting). Consent can be withdrawn at any time.

Further information on Google reCAPTCHA can be found in Google’s privacy policy and terms of use: https://policies.google.com/privacy?hl=de

Google is certified under the EU–US Data Privacy Framework (DPF). This agreement between the European Union and the United States is intended to ensure that European data protection standards are observed when data are transferred to the USA. Each company certified under the DPF undertakes to comply with these standards. Further information: https://www.dataprivacyframework.gov/

10.2. Google Fonts (local hosting)

For uniform display of fonts, we use so-called Google Fonts provided by Google. Google Fonts are installed locally. No connection to Google servers takes place. Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

11. Applications

If you wish to apply to us on your own initiative or for a specific vacancy via our website, you will be redirected to our applicant management system “SAP SuccessFactors”. This system is operated by SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf, as a processor pursuant to Art. 28 GDPR.

The processing of your personal data in the context of the application process does not take place directly via our website but exclusively via the SAP SuccessFactors applicant portal. There you will receive separate information about data processing and be asked to consent to the privacy policy applicable there. We receive your application documents only after they have been transmitted via the SuccessFactors portal. The processing of your personal data is based on Art. 6(1)(b) GDPR in conjunction with Section 26(1) BDSG.

Further information on data processing in the application procedure can be found directly in the applicant management system under the privacy policy for applications available there.

You can view the SAP SuccessFactors privacy policy here: https://www.successfactors.com/de_de/about-successfactors/privacy.html.

12. Social Media

Our website contains buttons with hyperlinks to the social networks Instagram, Facebook, X (formerly Twitter), LinkedIn, YouTube and Xing, where we maintain publicly accessible presences. You can recognise the respective providers by their logos. We use these presences to communicate with users and inform them about our offers and career opportunities.

When you visit our site, no personal data are initially transmitted to these social media platforms. Data are transmitted only when you click the respective button. In this case, the respective provider receives the information that you have accessed the corresponding page of our online offering (e.g. date, time, IP address, page visited).

If you are logged in with the social media provider, the data collected by us may possibly be directly assigned to your existing account with the provider. We recommend that you log out regularly after using a social network, and especially before activating the button, as this will help you avoid a direct association with your profile with the plugin provider.

Please note that you use these platforms and their functions at your own responsibility. This applies in particular to the use of interactive functions provided by these platforms such as sharing, rating or commenting.

It is possible that the provider of the respective services or content processes your data for further, own purposes. As we have no influence on the data collected by third parties and their processing, we cannot provide binding information on the purpose and scope of the processing of your data. Please refer to the privacy notices of the respective controllers for more information on the purpose and scope of the collection and processing of your data. There you will also find further information on data processing and options for objection. For a detailed description of the respective processing operations and the options to object (opt-out), we refer to the provider information linked below.

Instagram / Facebook: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Privacy Policy
X (formerly Twitter): X Internet Unlimited Company (EU), One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland; Privacy Policy
YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – Privacy Policy
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland – Privacy Policy
XING: New Work SE (XING), Dammtorstraße 30, 20354 Hamburg, Germany; Privacy Policy

13. Data Security and Hosting

We take appropriate technical, organisational and contractual measures to ensure the security of data processing in accordance with the state of the art. This ensures compliance with data protection laws—especially the General Data Protection Regulation (GDPR)—and that the personal data we process are protected against loss, destruction, alteration, unauthorised access or other misuse.

Security measures include, in particular, the encrypted transmission of data between your browser and our servers. Please note that SSL/TLS encryption during data transmission over the internet is active only when the lock symbol is displayed in your browser’s address bar and the internet address begins with “https://”.

SSL (Secure Socket Layer) encryption protects the data you transmit from unauthorised access by third parties. If encrypted transmission is exceptionally not available, you can alternatively decide not to transmit certain data over the internet.

14. Your Rights

If we process personal data concerning you, you have the following rights:

Right of access (Art. 15 GDPR). You have the right to request information about the personal data processed concerning you. This right also includes a copy of the relevant data.

Right to rectification (Art. 16 GDPR). You have the right to request the immediate rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data concerning you.

Right to erasure (Art. 17 GDPR). You have the right to request the immediate erasure of personal data concerning you where one of the reasons stated there applies.

Right to restriction of processing (Art. 18 GDPR). You have the right to request the restriction of processing of your personal data where one of the reasons stated there applies.

Right to data portability (Art. 20 GDPR). You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format, and you have the right, under certain circumstances, to transmit those data to another controller without hindrance.

Right to object (Art. 21 GDPR). You have the right to object at any time, on grounds relating to your particular situation, to the processing of your data, insofar as processing is based on a balancing of interests pursuant to Art. 6(1)(f) GDPR. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Withdrawal of consent (Art. 7(3) GDPR). Under Art. 7(3) GDPR, you have the right to withdraw your consent to the processing of personal data at any time.

For the right of access and the right to erasure, the restrictions pursuant to Sections 34 and 35 of the Federal Data Protection Act (BDSG) apply. Please address requests to exercise your rights to datenschutz@elektror.de or to the postal address specified in Section 1.

Right to lodge a complaint (Art. 77 GDPR). You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for our location is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Postfach 10 29 32, 70025 Stuttgart, Phone: 0711/61 55 41-0, Email: poststelle@lfdi.bwl.de. You can also contact the supervisory authority of your habitual residence.

15. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this applies only with regard to statements on data processing. Insofar as user consent is required or parts of the privacy policy contain provisions of the contractual relationship with users, changes are made only with the users’ consent.

Please inform yourself regularly about the content of the privacy policy.

Status of the privacy policy: 30/10/2025

16. Our Social Media Presences

This privacy policy applies to the following social media presences:

Data Processing by Social Networks

We maintain publicly accessible profiles in social networks. The social networks we use are listed below.

Social networks such as Facebook, X, etc., can generally analyse your user behaviour extensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous processing operations relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can associate this visit with your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, data collection takes place, for example, via cookies stored on your end device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in. Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal Basis

Our social media presences are intended to ensure the broadest possible presence on the internet. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be indicated by the operators of the social networks (e.g. consent within the meaning of Art. 6(1)(a) GDPR).

Controller and Exercising Your Rights

If you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can generally exercise your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that, despite joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policies of the respective provider.

Storage period

Data that we collect directly via the social media presence are deleted from our systems as soon as you ask us to delete them, you withdraw your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions—especially retention periods—remain unaffected. We have no influence on the storage period of your data that are stored by the operators of the social networks for their own purposes. For details, please inform yourself directly from the operators of the social networks (e.g. in their privacy policy, see below).

Your Rights

You have the right at any time to obtain, free of charge, information about the origin, recipient and purpose of your stored personal data. You also have a right to object, a right to data portability and a right to lodge a complaint with the competent supervisory authority. Furthermore, you can request the rectification, blocking, erasure and, under certain circumstances, the restriction of processing of your personal data.

Social Networks in Detail

Facebook

We have a profile on Facebook. Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter “Meta”). According to Meta, the collected data are also transferred to the USA and other third countries.

We have concluded a joint controller agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at: https://www.facebook.com/legal/terms/page_controller_addendum.

You can independently adjust your advertising settings in your user account. Click the following link and log in: https://www.facebook.com/settings?tab=ads.

Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

The company is certified under the EU–US Data Privacy Framework (DPF). Further information: https://www.dataprivacyframework.gov/participant/4452

X (formerly Twitter)

We use the short message service X (formerly Twitter). Provider: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The entity responsible for data processing for persons living outside the USA is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can independently adjust your X privacy settings in your user account. Click the following link and log in: https://x.com/settings/account/personalization.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://gdpr.x.com/en/controller-to-controller-transfers.html.

Details can be found in X’s privacy policy: https://x.com/de/privacy.

Instagram

We have a profile on Instagram. Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Details on how your personal data are handled can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

The company is certified under the EU–US Data Privacy Framework (DPF). Further information: https://www.dataprivacyframework.gov/participant/4452

XING

We have a profile on XING. Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Details on how your personal data are handled can be found in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

We have a profile on LinkedIn. Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Details on how your personal data are handled can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

The company is certified under the EU–US Data Privacy Framework (DPF). Further information: https://www.dataprivacyframework.gov/participant/5448

YouTube

We have a profile on YouTube. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how your personal data are handled can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the EU–US Data Privacy Framework (DPF). Further information: https://www.dataprivacyframework.gov/participant/5780