Privacy Policy

We appreciate your visit to our website. This data protection declaration also applies to our other services and online presences, such as our social media presence. In the following, we will inform you in detail about the type, scope and purpose of the personal data we collect, use and process and explain your rights as the person concerned. We reserve the right to change the data protection declaration at any time with effect for the future. If you visit our website again, the updated and published data protection declaration applies. The current version of the data protection declaration can be called up, saved and printed out on our website at any time. With regard to the terms used (e.g. personal data, person responsible), we refer to the definitions of the General Data Protection Regulation (GDPR).

I. Name and address of the person responsible

The person responsible within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

elbwalker GmbH 
Managing Directors: Alexander Kirtzel, Ayla Jürgensen
Bernstorffstraße 118
22767, Hamburg 
E-Mail: hello@elbwalker.com

II. General information on data processing

1. Scope of processing

We only collect and use personal data insofar as this is necessary for the provision of a functional website and our content and services, you have given your consent or the processing of the data is permitted by a legal regulation.

2. Legal basis for processing personal data

Insofar as we obtain your consent for the processing of personal data, Article 6 (1) (a) GDPR serves as the legal basis for the processing of personal data. When processing personal data that is necessary to fulfill a contract to which you are a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis. If it is necessary to safeguard a legitimate interest of our company or a third party and if your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, Article 6 (1) (f) GDPR serves as the legal basis for processing.

3. Legitimate interests in processing

If the processing of your personal data is based on Article 6 (1) (f) GDPR, our legitimate interest, unless otherwise stated, is the conduct of our business activities. In addition, we have indicated our purposes and interests in the context of the above list of processing.

4. Data deletion and storage duration

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies or you revoke your consent. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. If the storage purpose no longer applies, if you revoke your consent or if a storage period prescribed by the European directives and ordinances or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions, unless there is a need for further storage the data exists for the conclusion or fulfillment of a contract.

5. Recipient of the data collected / data transmission

We as the responsible company are primarily the recipients of the data collected via our website. In addition, processors (web hosts, IT service providers, etc.) may have access to the data collected via our website. However, compliance with the legal regulations is guaranteed by order processing contracts that we conclude with our order processors based in the EU. Data is only transferred to so-called third countries outside the EU if and to the extent that this is indicated below.

6. Need to provide personal data

You can visit our website without personal data being collected. However, if you would like to use our services, you must provide personal data in order to carry out the contract.

7. Existence of automated decision-making

We do not carry out any automatic decision-making or profiling within the meaning of Art. 22 GDPR.

8. Data security

We use comprehensive technical and organizational measures to secure our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons. These measures are subject to constant review and improvement in order to ensure that the technology is up to date.

III. Data processing when using our website

1. Data collection and use when registering and using our services

You have the option to register on our website. When you create a user account or register, you must provide certain mandatory information in order to gain access to your user account and manage it (“mandatory information”). Mandatory information as part of the registration is marked with an asterisk and is required for the conclusion of the user contract. Which data is collected can be seen from the respective input forms. As part of the registration, these are: Your name and your e-mail address. You also need to create a password. If you do not provide this information, you will not be able to create a user account. In addition, you can voluntarily provide information about your job title / department and company name during registration. The legal basis for the processing of your data is the fulfillment of our contract with you in accordance with Art. 6 Para. 1 lit. b GDPR. We use the data you have provided to authenticate you when you log in and to follow up requests to reset your password, to verify your authorization to manage the user account, to enforce the terms of use of the website and all associated rights and obligations and to be in contact with you in order to be able to send you technical or legal notices, updates, security notifications or other messages relating to the administration of the user account. We therefore only use the data you have provided to process the contract and to provide our services to be provided within the framework of the contract. We can also pass on your data to one or more processors who also use your data exclusively for internal use on our behalf. When using our services, we also use the data you provided when registering.
The legal basis for the processing of your data is the fulfillment of our contract with you in accordance with Art. 6 Para. 1 lit. b GDPR.

A transfer of this data to third parties does not take place unless there is a legal obligation to transfer or the transfer is used for criminal prosecution.

After the contract has been fully processed or your account has been deleted, your data will initially be blocked for further use and deleted after the statutory retention periods have expired, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is legally permitted and about which we will inform you below.

You can object to processing at any time and delete your account. In such a case, the contractual relationship with you cannot be continued.

2. Social Media

In addition to this website, we also maintain a presence in various social networks. If you visit such a site, personal data may be transmitted to the provider of the social network. It is possible that, in addition to the storage of the data you have specifically entered in this social network, further information will also be processed by the provider of the social network. As a rule, your data is processed for market research and advertising purposes, including in order to create appropriate usage profiles and to show you personalized advertising. For this purpose, the provider of the social network usually saves cookies on your device, in which your usage behavior and your interests are saved. In addition, the provider of the social network may process the most important data of the computer system from which you are visiting it - for example your IP address, the type of processor and browser version used, including plugins.

If you are logged in with your personal user account of the respective network while visiting such a network, this network can assign the visit to your account. If you do not want such an assignment, you must log out of your account before visiting our social media presence and delete the cookies.

The legal basis for the processing of personal data is Art. 6 Para. 1 lit. f GDPR. If you have given your consent to the processing of the respective social network provider, the legal basis for the processing of your data is Article 6 (1) (a) GDPR.

We maintain the presence in the respective social networks in order to be able to communicate with you there and to inform you about our services. Our legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 lit. f GDPR lies in these purposes.

For more information on the purpose and scope of data collection as well as on the further processing and use of your data and the option to opt out, please refer to the data protection provisions of the respective network:

Facebook

Facebook is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. We have concluded an agreement with Facebook on the sharing of data in accordance with Art. 26 GDPR. Further information on joint data processing can be found in the Facebook terms and conditions.

Privacy policy: https://www.facebook.com/about/privacy/

Opt-Out: https://www.facebook.com/settings?tab=ads 

Instagram

Instagram is operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

Privacy policy and opt-out: http://instagram.com/about/legal/privacy/

Google/ YouTube 

Google and Youtube are operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The USA is an unsafe third country. However, Google LLC has voluntarily certified itself under the US-EU data protection agreement “Privacy Shield” and is thus committed to complying with EU data protection regulations. The responsible body for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Privacy policy:  https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated 

LinkedIn

LinkedIn is operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing

Xing is operated by XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.

Privacy policy and opt-out: https://privacy.xing.com/de/datenschutzerklaerung


3. Integration of Google Maps

We integrate the Google Maps API on our website, a map service for displaying maps and creating route maps to make it easier for you to find our location. Google Maps is operated by Google LLC (www.google.de), 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The responsible body for Germany is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google reserves the right to transfer data to Google LLC in the USA. However, Google LLC has voluntarily certified itself under the US-EU data protection agreement “Privacy Shield” and is thus committed to complying with EU data protection regulations.

When you visit our website, Google receives the information about the access to our website and, if necessary, other log files. Google stores and uses the data for advertising, market research and / or needs-based design of its own services. As a rule, this cookie is not deleted when the browser is closed, but expires after a certain period of time (up to 24 months), unless you delete it beforehand. The legal basis for the use of Google Maps is Art. 6 Para. 1 lit.f GDPR. The purpose of data processing is to make our location easier to find.

You have the option of simply deactivating the Google Maps service and thus preventing data transfer to Google:

To do this, deactivate JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display. By using this website and not deactivating the JavaScript function, you expressly declare that you are aware of the data protection problems and that you consent to the processing of the data collected about you by Google in the manner described above and for the purpose stated above.

You can object to the use of your data by Google at any time by clicking on the following link:
https://adssettings.google.com/authenticated

For more information on data protection, please refer to Google's data protection provisions:
https://policies.google.com/privacy

4. Integration of Google Web Fonts

This site uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) for the uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to the Google servers. This can also result in the transmission of personal data to the servers of Google LLC. come in the US. In this way, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts takes place in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If your browser does not support web fonts, a standard font will be used by your computer.

In the event that personal data is transmitted to Google LLC. based in the USA, Google LLC. Certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in their privacy policy: https://www.google.com/policies/privacy/

Source: https://www.it-recht-kanzlei.de/datenschutz.php

5. Integration of Google reCAPTCHA

On this website we also use the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to distinguish whether an input is made by a natural person or is improperly made by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 Para. 1 lit. avoiding abuse and spam. When using Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. come in the US.

In the event that personal data is transmitted to Google LLC. based in the USA, Google LLC. Certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list

Further information on Google reCAPTCHA and Google's data protection declaration can be found at: https://www.google.com/intl/de/policies/privacy/

Source: https://www.it-recht-kanzlei.de/datenschutz.php

6. Newsletter via MailChimp

You can register to receive our newsletter. We use the MailChimp newsletter dispatch service operated by the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA (“Mailchimp”) to send our newsletter. We transmit data to MailChimp in the USA as described below. The USA is an unsafe third country. However, MailChimp has voluntarily certified itself under the US-EU data protection agreement "Privacy Shield" and has thus undertaken to comply with EU data protection requirements.

Our newsletter appears regularly and contains information about new offers on our website and news about us.

To register, you must provide us with your email address. You can voluntarily provide us with additional information, such as your name. Registration takes place in a so-called double opt-in procedure. After registering on our website, you will receive a confirmation email from us in which you have to confirm your registration again. This entire process is documented and saved. This includes storing the time of registration and confirmation as well as your IP address. The collection of this data is necessary so that we can understand the processes in the event of misuse of the e-mail address and therefore serves our legal protection. By subscribing to our newsletter, you agree to receive it.

If you have given your consent, the legal basis for processing your data after registering for the newsletter is Article 6 (1) (a) GDPR. Your data will be stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the newsletter. The evaluation takes place on our behalf, but MailChimp can also use the data for quality assurance and to improve the quality of its own services.

You can revoke your consent to the storage and use of your personal data to receive the newsletter at any time with effect for the future. For the purpose of revoking your consent, you can use the link provided in the newsletter or send us your revocation by e-mail to the following address: marketing@elbwalker.com.

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your email address will therefore be stored as long as the subscription to the newsletter is active. For more information on data protection, please refer to the data protection provisions https://mailchimp.com/legal/privacy/ by MailChimp.

7. Email and contact form

We have an email address and a contact form available on our website. If you contact us by email or using our contact form, the personal data you have transmitted will be saved automatically. The other personal data processed during contact is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of the data that is transmitted in the course of sending an email or a contact request is Art. 6 Para. 1 lit. f GDPR. If the purpose of making contact is to conclude a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.

We use the personal data you provide only to process your specific request. The data provided will always be treated confidentially.

Your details can be stored in a customer relationship management system (so-called CRM system) or another organizational tool for customer data.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

8. Statistics by elbwalker

In order to be able to understand which contents of our website are interesting for users, we integrate the "Walker" from elbwalker GmbH, Bernstorffstraße 118, 22767 Hamburg. The Walker is a tool with which we can, for example, understand which buttons are clicked on our website and which offers on our website are being used. In order to be able to track corresponding usage activities on our website, elbwalker collects the IP address of the user without setting cookies or having them set, and initially without having activated tracking, and sends this to Cloudflare Inc. for shortening and thus anonymization. 101 Townsend St, San Francisco, CA 94107, USA. The transfer of the IP address to Cloudflare takes place only in individual cases and on the basis of an data processing contract concluded with Cloudflare and in accordance with standard contractual clauses agreed with Cloudflare and other security measures approved by the GDPR that ensure the security of the processing of personal data with a level of protection identical to that in the EU. After receiving the shortened IP address from Cloudflare, the walker is activated and the activities of this shortened IP address are tracked without personal reference. These usage activities are shown to us in the context of anonymous statistics in which a personal reference to a single user is not possible. You can find more information about elbwalker on this website www.elbwalker.com.

A personal reference can, for example, only take place under special technical conditions, namely when the date, time and activity of an abbreviated IP address are simultaneously considered in combination with, for example, an order for goods or services by a user on our website at the specified time and time. However, even this combination usually has to be made by combining data from different systems for which only different people may be authorized to access.

The processing of personal data in the aforementioned manner and for the aforementioned purpose follows our legitimate interest, as we track usage activities and usage statistics to improve the offers and content on our website with the greatest possible protection of personal data and without the use of cookies and third-party tracking which is why the processing of personal data is lawful in accordance with Article 6 (1) (f) GDPR.

IV. Rights of affected persons

If your personal data is processed, you as the person concerned within the meaning of the GDPR the following rights:

1. Right to information (Art. 15 GDPR)

You also have the right to receive free information from us about the personal data stored about you and a copy of this information from us at any time. You also have a right of access to the following information:

- the processing purposes, the categories of personal data that are processed,

- the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular in the case of recipients in third countries or international organizations,

- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,

- the existence of a right to correction or deletion of the personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing,

- the right to lodge a complaint with a supervisory authority,

- if the personal data are not collected from the data subject: all available information about the origin of the data and,

- The existence of automated decision-making including profiling in accordance with Art. 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You also have a right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, you also have the right to receive information about the appropriate guarantees in connection with the transmission.

2. Right to correction (Art. 16 GDPR)

You have the right to request the immediate correction and / or completion of incorrect or incomplete personal data concerning you. We have to make the correction immediately.

3. Right to restriction of processing (Art. 18 GDPR)

You have the right to demand that we restrict processing if one of the following conditions is met:

- The correctness of the personal data is disputed by the person concerned, for a period that enables the person responsible to verify the correctness of the to check personal data

- the processing is unlawful, the person concerned refuses to delete the personal data and instead requests the restriction of the use of the personal data

- the person responsible no longer needs the personal data for the purposes of the processing, the person concerned However, it is required to assert, exercise or defend legal claims. The person concerned has lodged an objection to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the person concerned . Has been processing of the personal data relating to you, these data may only be - apart from their storage

- with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or If the processing restriction has been restricted according to the above conditions, you will be informed by us before the restriction is lifted.

4. Right to deletion (Art. 17 GDPR)

You have the right to request that we delete your personal data immediately if one of the following reasons applies and if processing is not necessary:

- The personal data were collected or otherwise processed for purposes for which they are no longer necessary.

- The data subject revokes their consent, on which the processing was based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.

- The data subject objects to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing or the data subject objects to the processing in accordance with Art. 21 Paragraph 2 GDPR.

- The personal data was processed unlawfully.

- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.

- The personal data was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

If the personal data has been made public by us and we, as the person responsible, are obliged to delete the personal data in accordance with Art. 17 Para. 1 GDPR, we take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, in order to prevent others for the To inform those responsible for data processing who process the published personal data that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other data processors, insofar as the processing has not been carried out is required.

The right to deletion does not exist if the processing is necessary:

- to exercise the right to freedom of expression and information;

- to fulfill a legal obligation that requires processing under the law of the Union or the Member States to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the person responsible;

- for reasons of public interest in the area of ​​public health in accordance with Art. 9 Paragraph 2 lit. h and i and Art. 9 Paragraph 3 GDPR;

- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it,

- or for the establishment, exercise or defense of legal claims.

5. Right to be informed

If you have asserted the right to correction, deletion or restriction of processing against us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this is the case proves to be impossible or involves a disproportionate effort.

You have the right vis-à-vis us to be informed about these recipients.

6. Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from us, provided that the processing is based on consent in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract in accordance with Art. 6 Para. 1 lit.b GDPR and the processing takes place with the aid of automated procedures, provided that the processing is not necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been assigned to us.

Furthermore, when exercising your right to data portability in accordance with Art. 20 Para. 1 GDPR, you have the right to have the personal data transmitted directly from us to another person responsible, insofar as this is technically feasible and insofar as this does not give rise to the rights and Other people's freedoms are impaired.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.

7. Right to object (Art. 21 GDPR)

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data relating to you, which is based on Art. 6 Para. 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can contact us at any time to exercise your right to object. Right to withdraw consent under data protection law.

You have the right to withdraw your consent to the processing of personal data at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal.

8. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data is against violates the GDPR. The supervisory authority to which the complaint was submitted informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

STATUS: January 2021