elero GmbH Antriebstechnik

Maybachstr. 30
73278 Schlierbach
Germany


Phone: +49 7021 9539-0
Fax: 49 7021 9539-212
E-Mail: info@elero.de

Data privacy statement of elero GmbH

Thank you for visiting our website. In the following, we would like to inform you about which personal data we collect and what happens with these data when you visit our web site. Personal data are any data you can use to personally identify yourself. You will also receive information on your rights as a data subject arising from the EU General Data Protection Regulation (EU GDPR).


I. The responsible party according to the EU General Data Protection Regulation (EU GDPR) is

elero GmbH
Represented by the Managing Director Enzo Viola
Maybachstr. 30
73278 Schlierbach
Germany
info@elero.de


II. Data protection officer

Our data protection officer is:
Fa. Columbus Consulting
Dr. Inge Rötlich
Mahdentalstr. 82
71065 Sindelfingen
Germany
Phone.: +49 7031/418090
Fax: +49 7031/4180970
E-Mail: datenschutz@columbus-consulting.eu


III. General information on data processing

1. Scope of the personal data processing
As a matter of principle, we process personal data of our users only insofar as it is necessary to provide a functional web site as well as our contents and services.

2. Encryption
This web site uses SSL encryption to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can tell an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol on your browser line. If this encryption is activated, third parties will not be able to read the data you transmit to us.

3. Provision of the web site and creation of log files
Each time you visit our web site, our system automatically collects data and information from the computer used.

The following data are collected:
IP address of the user
Information about the browser type
Information on the browser type version used
Operating system of the user
Internet service provider of the user
Date and time of access
Web site from which the user visited our site
Web site referrers

These data are stored in the log files of our system. These data are not stored together with other personal data of the user. The legal basis for this data processing is, on the one hand, our legitimate interests, in accordance with art. 6, par. 1(f) of the EU GDPR, in the analysis of our web site and how it is used and on the other hand, if applicable, the legal permission to store data during the initiation of a contractual relationship in accordance with art. 6(b) of the EU GDPR. For example, server log files are stored for performance and security purposes.

The IP address is stored in log files. These elements are stored for four weeks and then automatically deleted.

4. Processing of special data pursuant to art. 9 of the GDPR
At our company, we process data in accordance with art. 9, par. 2 of the GDPR if the processing is necessary for us or the data subject to exercise the rights and comply with the obligations arising from labour law and social security and social protection law to the extent permitted by EU law or the law of the member states or by a collective agreement under the law of the member states, which provides appropriate safeguards for the fundamental rights and interests of the data subject.
No specific personal data are processed in connection with this web site.


IV. Cookies

Our web site uses cookies within the scope of our legitimate interest in providing a technically flawless online offer and in its optimisation pursuant to art. 6, par. 1(f) of the EU GDPR to allow our offer to be used in a better and more effective and secure manner.

Cookies are small text files that are stored on your computer. Some of them are referred to as session cookies, which are automatically deleted at the end of your visit to our web site. However, there are also cookies that are permanently stored on your computer unless you delete them yourself. This makes it possible for us to recognise your browser the next time you visit our web site, and to make you appropriate offers. You can prevent the storage of cookies in general or when visiting certain web sites in your browser settings. However, it may then not be possible to use all the functions of our web site.

We use cookies to make it easier for the user to use our website. The cookies are used, for example, to create a shopping basket, adopt language settings and save search terms. Furthermore, we use cookies in connection with Google Analytics and to query if another browser language has been detected.

We also use transient cookies, i.e. cookies that are automatically deleted when the browser is closed, and persistent cookies, i.e. cookies that are initially retained even after the browser is closed. Analytic cookies are also used in order to analyse the surfing behaviour of users. We obtain consent from the user for processing the personal data used in this context.

The following data are transmitted for the analysis:
Search terms entered
Frequency of page views
Use of web site functions

What are the different types of cookie?
The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly address the different types of HTTP cookies.

Four types of cookie can be distinguished:

Essential cookies
These cookies are required to ensure basic functions of the web site. For example, these cookies are needed when a user places a product in the shopping basket, then continues surfing on other pages and only goes to the checkout later on. These cookies do not delete the shopping cart even if the user closes their browser window.

Purposeful cookies
These cookies collect information on the user's behaviour and whether the user receives any error messages. These cookies are also used to measure the loading time and the behaviour of the web site in different browsers.

Targeting cookies
These cookies provide a better user experience. For example, entered locations, font sizes or form data are stored.

Advertising cookies
These cookies are also called targeting cookies. They are used to deliver customised advertising to the user. This may be very practical, but also very annoying. Usually, when you visit a website for the first time, you are asked which of these types of cookie you would like to allow. And, of course, this decision is also stored in a cookie.

How can I delete cookies?
You can decide yourself how and whether you want to use cookies. Regardless of which service or web site the cookies originate from, you always have the option to delete, disable or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies. You can find out which cookies have been stored in your browser in your browser settings, where you can also change or delete cookie settings:

Chrome: to delete, activate and manage cookies in Chrome, refer to: 
support.google.com/accounts/answer/32050

Safari: to manage cookies and web site data with Safari, refer to:
www.heise.de/tipps-tricks/Safari-Cookies-loeschen-so-geht-s-4398574.html

Firefox: to delete cookies in order to remove data that web sites have placed on your computer, refer to:
www.bitdefender.de/consumer/support/answer/12296/

Internet Explorer: to delete and manage cookies, refer to:
https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Microsoft Edge: to delete and manage cookies, refer to:
https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies

If you do not wish to have cookies as a matter of principle, you can set up your browser in such a way that it always informs you when a cookie is to be set. This allows you to decide whether to allow each individual cookie or not. The procedure varies depending on the browser. The best way is to search for the instructions in Google with the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser.
 

V. Newsletter

On our site, it is possible to subscribe to a free newsletter. The data you enter in the input mask are transmitted to us. To register for the newsletter, only the e-mail address is required. Further data are voluntary.

The following data are collected when you register for the newsletter:
E-mail address
Title 
First name
Surname
Company

Our system also automatically collects the following data:
IP address
Date and time of registration

During the newsletter registration procedure, you receive a confirmation e-mail containing a link, which you must click on to complete the registration for our newsletter (double opt-in). You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link in each newsletter. 
The data you provide for the newsletter are stored by us until you unsubscribe from the newsletter. We do not share these data with third parties. The data are deleted after unsubscribing from the newsletter. Data stored by us for other purposes (e.g. e-mail address for registration) remain unaffected by this.

When sending the newsletter, the user behaviour is evaluated.


lnxmail
This web site uses Inxmail to send newsletters.
The provider is Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany.

Inxmail is a service that can be used, among other things, to organise and analyse the sending of newsletters. The data you enter for the purpose of receiving the newsletter are stored on Inxmail's servers..

When we send newsletters using Inxmail, we can determine whether a newsletter message has been opened and which links, if any, have been clicked on. Inxmail also enables us to subdivide newsletter recipients according to various categories (referred to as tagging). The newsletter recipients can be subdivided, for example, by gender, personal preferences (e.g. vegetarian or non-vegetarian) or the customer relationship (e.g. customer or potential customer). This allows the newsletters to be customised more effectively to the respective target groups. You can obtain detailed information at:
www.inxmail.de/dsgvo

If you do not want any analysis by Inxmail, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter message.
The data processing is based on your consent (art. 6, par. 1(a) of GDPR). You can revoke this consent at any time. The lawfulness of the data processing already carried out remains unaffected by this revocation.
The data you provide us with for the purpose of receiving the newsletter are stored by us until you unsubscribe from the newsletter, and are deleted from our servers as well as from the servers of Inxmail after you unsubscribe from the newsletter. This does not apply to data stored by us for other purposes (e.g. e-mail addresses for the membership area).

For detailed information, please refer to Inxmail's privacy policy at:
www.inxmail.com/data-conditions.

We have concluded an order processing contract with Inxmail.


VI. Registration

On our web site, we also offer the possibility to register by providing personal data. These data are entered in an input mask and transmitted to us and stored. The data are not passed on to third parties. The following data are collected during the registration process::

IP address of the user
Date and time of registration
Customer number
Company
Title (optional)
First name
Surname
E-mail address
Telephone number (optional)
Notes

The user is registered to fulfil the contract or implement pre-contractual measures for orders on our web site. The user can register on the web site for the partner shop at partnershop.elero.de. After registration, a customer account is created in the shop and the user receives their access details by e-mail.

The data collected during the registration are stored by us for as long as you are registered with us, and are subsequently deleted. Any statutory retention periods remain unaffected. You have the option to delete your data by submitting a deletion request to Customer Service. The lawfulness of the data processing that has already taken place is not affected by the revocation.


VII. Contact form and e-mail contact

If you send us requests with the contact form, your details will be used only to process your request. These data will not be passed on to third parties.


The following data from the input mask are stored:
Title
First name
Surname
Company (optional)
E-mail address
Address: street / house number, postcode, city (optional)
Country 
Affiliation
Sector (optional)
Telephone number (optional)
Reason for request 
Message

Our system also stores the following data when you send the contact form:
IP address of the user
Date and time of contact

Alternatively, it is possible to contact us using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. 
The processing of the data entered on the contact form is based on your consent (art. 6, par. 1(a) of EU GDPR), which you give by completing the input mask. You can revoke this consent at any time. All you need to do is send us an informal message by e-mail. The lawfulness of the data processing carried out before the revocation remains unaffected by the revocation.
The data you enter on the contact form remain with us until you request that we delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have finished processing your request). Any mandatory statutory provisions – in particular retention periods – shall remain unaffected.


VIII. E-mail contact

If you send us requests by e-mail, your details will only be used to process your request. These data will not be passed on to third parties. In this case, the user's personal data transmitted with the e-mail will be stored.

The data are processed on the basis of your consent (art. 6, par. 1(a) of EU GDPR), which you give by completing the input mask. You can revoke this consent at any time. All you need to do is send us an informal message by e-mail. The lawfulness of the data processing carried out before the revocation shall remain unaffected by the revocation.

The data you transfer in the e-mail will remain with us until you request that we delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed completely). Any mandatory statutory provisions – in particular retention periods – shall remain unaffected.


IX. Analytic tools and advertising

1. Google Analytics
This web site uses functions of the Google Analytics web analysis service. It is provided by Google lnc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

If you are habitually resident in the European Economic Area or Switzerland, this service will be provided to you by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you are not habitually resident in the European Economic Area or Switzerland, this service will be provided to you by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can find Google's privacy policy at:
www.google.de/intl/de/policies/privacy

Google Analytics uses what are referred to as "cookies". These are text files that are stored on your computer and allow your use of the web site to be analysed. The information generated by the cookie about your use of this web site is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored on the basis of art. 6, par. 1(f) of the EU GDPR. The web site operator has a legitimate interest in analysing user behaviour in order to optimise both its web site and its advertising.

We have activated the IP anonymisation function on this web site. This means that your IP address will be shortened by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this web site, Google will use this information for the purpose of evaluating your use of the web site, compiling reports on web site activities and providing other services relating to the web site activity and internet usage to the web site operator. The IP address transmitted by your browser in connection with Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by making the appropriate settings in your browser; however please note that in this case you may not be able to use the full functionality of this web site. You can also prevent the collection of data generated by the cookie relating to your use of the web site (including your IP address) for Google and the processing of these data by Google by downloading and installing the browser plug-in available from Google: https://tools.google.com/dlpage/gaoptout?hl=de.

You can also prevent the collection of your data by Google Analytics by setting an opt-out cookie, which will prevent the collection of your data on future visits to this website.

You can find more information on how Google Analytics handle user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

How long and where are the data stored?
Google have spread their servers all over the world. Most servers are located in America and consequently your data are usually stored on American servers. You can find out exactly where Google's data processing centres are located here: 
www.google.com/about/datacenters/inside/locations/
Your data are distributed among different physical data carriers. This has the advantage that the data can be retrieved more quickly and are better protected against manipulation. There are appropriate emergency programmes for your data at every Google data processing centre. If, for example, Google's hardware fails or natural disasters cripple servers, the risk of service interruption at Google will nevertheless remain low.

By default, Google Analytics sets a retention period of 26 months for your user data. After this period your user data will be deleted. However, we have the option to choose the retention period for user data ourselves. Five variants are available to us for this purpose:

• Deletion after 14 months
• Deletion after 26 months
• Deletion after 38 months
• Deletion after 50 months
• No automatic deletion

When the set period has expired, the data are deleted once a month. This retention period applies to your data that are linked to cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and are stored independently of user data. Aggregated data are created by merging individual data into a larger unit.

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

This web site uses the "demographic characteristics" function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of the site visitors. These data come from interest-based advertising from Google and visitor data from third-party providers. These data cannot be assigned to a specific person. You can disable this function at any time in the ad settings of your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".

You can restrict the use of the activities and information of your Google Account under "Advertising settings" at  
https://adssettings.google.com/authenticated with the checkbox.

2. Google reCAPTCHA
We use "Google reCAPTCHA" on our web site.

If you are habitually resident in the European Economic Area or Switzerland, this service will be provided to you by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you are not habitually resident in the European Economic Area or Switzerland, this service will be provided to you by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can find Google's privacy policy at: 
www.google.de/intl/de/policies/privacy

The purpose of reCAPTCHA is to check whether a data entry on our web site has been made by a human or an automated program. For this purpose, reCAPTCHA analyses the behaviour of the web site visitor on the basis of various characteristics. This analysis begins automatically as soon as the web site visitor opens the web site. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time spent by the web site visitor on the web site or mouse movements made by the user). The data collected during the analysis are forwarded to Google.
The reCAPTCHA analyses run completely in the background. Web site visitors are not informed that an analysis is taking place.

Data are processed on the basis of art. 6, par. 1(f) of the EU GDPR. The web site operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.

For more information on Google reCAPTCHA, refer to the following link: https://www.google.com/recaptcha/intro/android.html.

3. Double Click
We also use DoubleClick, a service provided by Google Inc.

If you are habitually resident in the European Economic Area or Switzerland, this service will be provided to you by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you are not habitually resident in the European Economic Area or Switzerland, this service will be provided to you by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can find Google's privacy policy at:
www.google.de/intl/de/policies/privacy

DoubleClick uses cookies to place user-based ads. The cookies recognise which ad has already been placed in your browser and whether you have accessed a web site via a placed ad. The cookies do not collect any personal information and cannot be linked to any personal information. 

If you do not want this, you can prevent the storage of the cookie required for these technologies, for example, in the settings of your browser. In this case, your visit will not be included in the user statistics. You also have the option of selecting the types of Google ads or disabling interest-based ads on Google in the ad settings. Alternatively, you can disable the use of cookies by third parties by accessing the  Network Advertising Initiative's disablement guide. However, we and Google will still receive statistical information about how many users have visited this page and when. If you do not want to be included in these statistics either, you can prevent this with the help of additional programs for your browser (e.g. with the Ghostery add-on).

4. Usage analysis with the help of Hotjar
We use the web analytic service Hotjar to analyse the usage.

Hotjar Ltd. (St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) complies with the provisions of the Data Protection Act, Chapter 440 of the Laws of Malta ("Applicable Law"), which implements all relevant European Union Directives on data protection. Hotjar is a service that analyses user behaviour and feedback on web sites by combining analytic and feedback tools. Hotjar gives us an "overall picture" of how to improve the end user experience and web site performance.

For this purpose, the following information is collected: IP address of the terminal device (collected and stored in anonymised format), screen/display resolution, type of terminal device, operating system, browser type, geographical location (country only), preferred language and mouse events (movements, position and clicks). The data collected are transferred and stored via an encrypted connection to servers located in Ireland (EU). The sole purpose of this data collection is to improve the user experience on Hotjar-based web sites. Personal data are neither collected nor stored.

You can obtain detailed information on Hotjar's compliance with data protection here: www.hotjar.com/privacy. You can deny Hotjar from collecting your data when visiting our web site at any time by visiting Hotjar's opt-out page and clicking on "Disable Hotjar" at www.hotjar.com/legal/compliance/opt-out. The legal basis is art. 6, par. 1, cl. 1(f) of the GDPR.

5. Google Search Console
For the purpose of continuously optimising the Google ranking of our website, we use Google Search Console, a search analysis service from Google.

When using Google Search Console, no personal data are collected on our site and no conclusions can be drawn on the site visitors. The data analysis ends by clicking on a search result within Google Search.
We therefore do not process any personal user or tracking data or transmit them to Google in connection with the usage of Google Search Console..


X. Further plug-ins and tools

1. YouTube
We use plug-ins from the Google-operated site YouTube of YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

If you are habitually resident in the European Economic Area or Switzerland, this service will be provided to you by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you are not habitually resident in the European Economic Area or Switzerland, this service will be provided to you by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can find Google's privacy policy at:
www.google.de/intl/de/policies/privacy

The reason for using YouTube is to present our online offers in an appealing manner. This constitutes a legitimate interest in accordance with art. 6, par. 1(f) of the EU GDPR. You can find further information on the handling of user data in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy

A connection to YouTube's servers is established whenever you visit one of our pages provided with a YouTube plug-in. This informs the YouTube server about which of our pages you have visited.
Whenever you are logged into your YouTube account, you allow YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
The reason for using YouTube is to present our online offers in an appealing manner. This constitutes a legitimate interest in accordance with art. 6, par. 1(f) of the EU GDPR.

2. Google Maps
We use the map service Google Maps via an API.

If you are habitually resident in the European Economic Area or Switzerland, this service will be provided to you by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you are not habitually resident in the European Economic Area or Switzerland, this service will be provided to you by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can find Google's privacy policy at:
www.google.de/intl/de/policies/privacy

To use the functions of Google Maps, it is necessary to store your IP address. The information is usually transmitted to a Google server in the USA and stored there. We have no influence over this data transmission.
The reason for using Google Maps is to present our online offers in an appealing manner and help find the locations indicated by us on the web site. This constitutes a legitimate interest in accordance with art. 6, par. 1(f) of the EU GDPR.
 

XI. Apps

1. Centero App (AndroidTM, iOS, Windows)
All data are exclusively stored locally on the customer's HomeServer and can be viewed only with the corresponding access authorisation (login). If the RemoteHome module has been booked, the HomeServer logs on to the remote service via a secure connection, which forwards requests from the smartphone to the HomeServer. In this mode too, the user data are stored exclusively on the HomeServer. For the purchase of RemoteHome, the data relevant to billing are stored with the commissioned service provider (SmartHome Partner GmbH, Dalbker Straße 138, D-33813 Oerlinghausen, Germany, see also smarthomepartner.eu) in a certified German data processing centre:

Title
First name, surname
Street, house number
Postcode, place of residence, country
E-mail address
Billing data ID of the HomeServer

The extension shop is accessed with a login/password.

Accessing the app on your smartphone

Access to phone/contacts
Access to the device-specific IP of the mobile terminal device (smartphone, tablet) is required for the "push notifications" service in order to assign the notifications clearly to a terminal device.

Access to device/memory
The authorisation allows the local storage of data on the smartphone/tablet. For example to transfer pictures from a camera integrated in the smartHome system to the photo album of the smartphone.

Camera access
An (optional) function allows the bar code of devices to be taught into the system in a simplified manner. Access is protected by authorisation.

Location access
With the "Astro" function, scenarios can be generated with dynamic adaptation to the actual daily routine. Astronomical events depend on the location of the user. The calculations for the additional "Weather" module also depend on the location. The transfer of the location can be waived, in which case a central location in Germany is assumed.

PayPal
We do not offer payment via PayPal on our web site. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. With remote access in the Centero app, however, an additional service can be booked and paid for via PayPal. In this case, PayPal will nevertheless be provided by the commissioned service provider (SmartHome Partner GmbH). Therefore, please observe the privacy policy of SmartHome Partner GmbH.

2. Drive calculation programme app (Android, iOS, Windows)
All data are exclusively stored locally on the customer's device.
The app does not require access rights to the camera, location or similar.

3. Manuals App (Android, iOS)
Data in the elero instructions app
Data from the instructions app are exclusively stored locally on the mobile terminal device and are therefore the responsibility of the end customer. The data protection declaration only concerns services and functions that go beyond the standard scope of functions of elero's instructions app. This includes additional services such as updates and news articles. The same applies to the usage of support requests.
Details of data generated and how they are used are specified below:

Retrieving the instructions themselves and retrieving updates to the instructions
The following is stored:
- IP address of the user

Support or feedback requests
The following data are collected in the event of support requests:
Surname, first name (optional)
E-mail
Error description / text of the request
Request date

Providing content
The instructions app uses the services of Google Firebase (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, "Google") to provide news content. Firebase is part of the Google Cloud platform and offers numerous services for developers. You can find a list of them here: firebase.google.com/terms/.

User data are transmitted anonymously to Firebase in the process. Furthermore, other functions of Firebase are also used, which enable better user guidance or an evaluation of error causes in the apps as well as push notifications. Firebase is a real-time database that allows you to embed real-time information into your own web site. Firebase is a subsidiary of Google and is based in San Francisco (CA), USA. Detailed information on Google Firebase and data protection can be found at www.google.com/policies/privacy/ and at firebase.google.com. You can find more information on Firebase's privacy and security here: firebase.google.com/support/privacy/

Some Firebase services process personal data. In most cases, personal data are limited to what are referred to as "instance IDs", which are provided with a time stamp. These "Instance IDs" assigned by Firebase are unique and thus allow different events or processes to be linked. These data neither constitute personally identifiable information for us, nor do we make any effort to subsequently personalise them. We process these aggregated data in order to analyse and optimise user behaviour, such as by evaluating crash reports. This tool is an integral technical part of our offer and cannot be disabled. As an aside, anonymous data are also transmitted to Firebase.

The legal basis for processing your data is art. 6, par. 1, cl. 1(f) of the GDPR.

Storage location
We use servers located within the EU wherever possible. However, it cannot be ruled out that data are also transferred to the USA. Google has joined the EU-US Privacy Shield, a data protection agreement between the EU and the US.

Disclosure of data to third parties
The data are not passed on to third parties.

Storage of the data
The stored data are retained for the duration of the joint business relationship. Insofar as the data were or are required to process business transactions in accordance with the German Commercial Code (HGB), the duration of storage is the legally required period of at least 10 years from the conclusion of the transaction.

Other notes on the use of the app / requested authorisations
„Access to device/memory"This authorisation allows the local storage of data on the smartphone/tablet. This is necessary, for example, if users want to save the instructions on their device for the purpose of the functionality of the instructions app.
Notes on restricting these authorisations
All of the authorisations listed in point 8.1 can be restricted or revoked individually. Due to the restriction or revocation, the program functions for which the respective authorisations are required will not be available or will only be available with substitute values. The main system, the elero app "Instructions", with its standard functions, cannot be used without the listed authorisations.

XII. Application procedure

The protection of personal data is an important concern for us. The data you provide us with are handled in accordance with the legal regulations, in particular those of the EU Basic Data Protection Regulation and the Federal Data Protection Act (BDSG).

1. Application information
We collect different types of information. In particular, this includes your personal data with contact information as well as a description of your education, work experience and skills. You can also provide us with electronically stored documents, such as certificates or letters.
With your application, you assure that the information you provide is true. Please note that any false statement or deliberate omission may be grounds for rejection or subsequent termination.

We do not require any information from you that is not usable under the General Equal Treatment Act (race, ethnic origin, gender, religion or world view, disability, age or sexual identity). Nor will we ask you to provide details of illness, pregnancy, ethnic origin, political opinions, philosophical or religious beliefs, trade union membership, physical or mental health or sex life. The same applies to content that is likely to infringe on the rights of third parties (e.g. copyrights, press law or general rights of third parties).

2. Collection, processing, use and disclosure of your data
Personal data are collected, stored, processed and used only for purposes related to your interest in current or future employment with us and the processing of your application. The data are not passed on to third parties. In order to use the online application procedure, data such as your name, address, telephone number, e-mail address etc. are collected. These data are basically used to contact you about your application.

Interns use the internship form for applications.

The following data are collected in the process:
Title 
First name and surname 
Date of birth
Address: street / house number, postcode, city
E-mail address
Telephone number
School details (type of school, name of school, place, class)
Grade details 
Details of the internship (field, career aspiration, time of internship, type of internship, internship experience, motivation, upload of letter of confirmation)
Angaben zu Noten 
Angaben zum Praktikum (Bereich, Berufswunsch, Zeitpunkt des Praktikums, Praktikumsart, Praktikumserfahrung, Motivation, Upload Bestätigungsschreiben)

For minors under 16 years of age, the data of the legal guardian(s) must be provided (first name and surname, address, e-mail address, telephone number).
If your application is successful, the data provided may be used for administrative matters relating to your employment.
Your application will be processed and observed only by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. Under no circumstances will third parties gain knowledge of your details. The data are processed exclusively in Germany.

3. Retention
If we are unable to offer you employment, we will retain the data you submit for up to six months for the purpose of responding to queries relating to your application and rejection.

However, if your application documents are of interest in principle, but no suitable employment is currently available, we will ask you for your consent to retain and store your data accordingly. This will allow us to contact you for future vacancies.

4. Data security
We attach great importance to the greatest possible security of our system and use modern data storage and security technologies to protect your data in an optimal manner. This includes measures such as anti-virus software or a firewall. Of course, our security measures are continuously improved in line with technological developments. Your data are transmitted in encrypted form and then stored in a database. All systems in which your personal data are stored are protected against access and are only accessible to a specific group of persons responsible for personnel.

5. Amendment of the privacy policy
If we change the content of this privacy policy, we will announce these changes on our web site.  

6. Deletion of data, revocation of consent
You have the right at any time to request more detailed information about the data stored about you, inspect these data and request that inaccurate data about you be corrected or that the stored data be deleted in full or in part.

You can revoke your consent at any time with effect for the future. The data concerned will then be deleted immediately. In this case, please send your revocation to datenschutz@columbus-consulting.eu, stating your full name and e-mail address. Instead of being deleted, the data may be blocked in the cases provided for by law.

XIII. Your data subject rights

If we process your personal data, you are the data subject in accordance with EU GDPR. This entitles you to have the following rights with us:

1. Right to information (art. 15 of EU GDPR)
You can request information from us  about the personal data we have stored about you at any time free of charge. In order to prevent misuse, the identification of your person is required. 

2. Right of rectification (art. 16 of EU GDPR)
You have the right at any time to have your personal data that have been processed by us corrected and/or completed if they are inaccurate or incomplete. 

3. Right to erasure – right to be forgotten (art. 17 of EU GDPR)
You have the right to have personal data of yours that have been processed by us deleted. This applies in particular if the purpose of processing has expired, the required consent has been revoked and no other legal basis exists or our data processing is unlawful. We will then delete your personal data immediately within the legal framework.

4. Right to restriction of processing (art. 18 of EU GDPR)
You can request the restriction of the processing of your data.
If the processing of personal data relating to you has been restricted, these data may only be processed, with the exception of their storage, with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a member state.
If the processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

5. Right to information (art. 19 of EU GDPR)
If you have asserted the right to rectification, erasure or restriction of processing against the person responsible, they will be obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the person responsible.

6. Right to data portability (art. 20 of EU GDPR)
You can request that we transfer the data stored about you in machine-readable form.

7. Right to object (art. 21 of EU GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you, which is carried out on the basis of art. 6, par. 1(e) or (f) of the GDPR. This also applies to any profiling based on these provisions. 
The responsible person shall no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or serve the establishment, exercise or defence of legal claims.
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

8. Right to complain to a supervisory authority (art. 77 of EU GDPR)
Without prejudice to any other administrative or legal remedy, you have the right to lodge a complaint to a supervisory authority if you are of the opinion that the processing of personal data concerning you infringes the EU GDPR. You can exercise this right before a supervisory authority in the member state of your residence, place of work or place of the alleged infringement. The responsible supervisory authority in Baden-Württemberg is:

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
germany
Phone: +49 711/61 55 41 – 0
E-Mail: poststelle@lfdi.bwl.de

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a legal remedy under art. 78 of the EU GDPR


XIV. Amendment of the privacy policy

If the privacy policy needs to be amended for legal or factual reasons, we will update this page accordingly. In this case, no changes will be made to any consent given by the user.