We take the protection of your personal data very seriously. Your personal data is handled in the strictest confidence in accordance with the legal requirements for data protection and this privacy statement.
1. Data processing controller (hereinafter referred to as “we”)
ES 2000 Errichter Software GmbH
Telephone: +49 541 4042 0
Fax: +49 541 4042 222
Telephone: +49 541 4042 0
Fax: +49 541 4042 222
2. Data security administrator and supervisory authority:
Creditreform Compliance Services GmbH
Tel.: +49 2131 109 1072
Representative for data protection for the State of Lower Saxony
+49 511 120 4500
+49 511 120 4599
3. Personal data, purpose of processing and legal basis
The use of our website is generally possible without the need to provide any personal data. The provision of any personal data is voluntary.
Personal data is all information that refers to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data is processed for the purpose of operating a website containing information about the services that we offer along with enabling contacts and the conclusion of contracts.
Personal data is collected on our website when it is necessary for
- a) the use of the website (Legal basis: Article 6 Para. 1 point (a) and / or Article 6 Para. 1 point (b) GDPR)
- b) the protection of our interests in the improvement of the user experience and to maintain security in use (Legal basis: Article 6 Para. 1 point (f) GDPR)
- c) the use of the services offered on the website as well as pre-contractual procedures, in particular for the completion of forms (Legal basis: Article 6 Para. 1 point (a) and / or Article 6 Para. 1 point (b) GDPR) or
- d) the conclusion of a contract and for its execution (Legal basis: Article 6 Para. 1 point (a) and point (b) GDPR).
4. Storage period
The period of storage of personal data is calculated according to the relevant legal requirements for the retention of information (e.g. as specified in commercial law or fiscal law). The data are routinely deleted on the expiry of the relevant period. Insofar as data are required in order to fulfil a contract or to secure a contract or there is a rightful interest on our part to continue storing the data, the data will be deleted when they are no longer required for these purposes or you have invoked your right of erasure or right of objection.
5. Transfer of data
Your personal data will not be transferred to third parties except when
- a) we have explicitly stated that this will be done in the description of the processing of the particular data,
- b) you have given your explicit consent to this in accordance with Art. 6 Para. 1 point (a) GDPR,
- c) such transfer in accordance with Art. 6 Para. 1 point (f) GDPR is necessary for the enforcement, exercise or defense of rights and no grounds exist for the assumption that you have an overriding protective interest in not transferring your data,
- d) a legal obligation exists for such transfer in accordance with Art. 6 Para. 1 point (c) GDPR, and
- e) where this is necessary in accordance with Art. 6 Para. 1 point (b) GDPR in order to process contractual relationships with you.
We may pass on personal data where necessary to:
- a) External service providers (IT service providers, payroll service providers)
- b) Business partners where such data transfer is necessary for them to fulfil their tasks and / or providing our services (such as payment service providers, banks, postal and delivery services, event partners)
- c) Debt collection agencies in order to recover outstanding debts
- d) Authorities and companies in order to update information or to fulfil any legal duty of notification (e.g. social insurance carriers, financial authorities, police and public prosecutors, supervisory authorities, road traffic licensing authorities)
- e) Any other third party to which the data subject has given consent to transfer data or where a legal warrant to transfer data exists (e.g. attorney, liquidator)
And additionally, for the area of employee data, to e.g.:
- a) trade associations
- b) relevant bodies (chamber of commerce)
- c) cooperative partners in vocational training
- d) occupational health service
- e) further education establishments.
In addition to the above, we use external service providers to perform our services. These have been carefully selected and instructed in writing. These instructions are binding, and we audit the service providers regularly having concluded order processing contracts with them in accordance with Art. 28 GDPR where necessary. These are service providers for web hosting, email transmission, and the maintenance and care of our IT systems, etc. The service providers will not pass these data on to third parties.
Transfer of data to countries outside the European Union and the European Economic Area (“third countries”) does not usually occur and will only take place when the following conditions for it are met:
- a) The fulfilment of a statutory authorization
- b) In particular, we ensure an appropriate level of data protection as stipulated by the EU standard Contract clauses for the transfer of personal data to data processors in third countries by means of corresponding contracts. You can find a copy of the standard contract clauses specified by the EU commission on the Internet at:
Transfer of data to a foreign country or to supranational or cross-national centers will only take place when this is legally permitted or required.
Under certain circumstances there are currently no suitable guarantees covering the transfer of data to the USA. The protection of personal data is limited. This is because security agencies access data transferred from the EU to the USA on the basis of the laws of the USA and can use the data without being limited to what is absolutely necessary. You may also be unable as the data subject to institute legal proceedings against such use inasmuch as you are not a citizen of the USA.
You have the following rights subject to the legal requirements:
- a) According to Art. 7 Para. 3 GDPR, you can at any time withdraw your consent once given. This also applies to declarations of consent made to us made before the GDPR came into effect, i.e. prior to 25 May 2018. Withdrawal of consent has the effect that we may in future not further process any data that was dependent on this consent.
- b) According to Art. 15 GDPR, you have the right of access to the personal data that we process. In particular, you may ask for information about to the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint, the source of the personal data where these have not been collected by ourselves, and of the existence of automated decision-making, including profiling, and meaningful information about the details of such.
- c) According to Art. 16 GDPR, you have the right to obtain without undue delay the rectification or completion of any inaccurate personal data that we hold about you.
- d) According to Art. 17 GDPR, you have the right to erasure of the personal data that we store about you insofar as processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims
- e) According to Art. 18 GDPR, you have the right to restriction of processing of your personal data, if you contest the accuracy of the personal data, or the processing is unlawful but you object to their erasure, or we no longer need your personal data but you require them for the establishment, exercise or defense of legal claims, or you have objected to their processing pursuant to Art. 21 GDPR.
- f) According to Art. 20 GDPR, you have the right to receive your personal data that you provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
- g) According to Art. 77 GDPR, you have the right to complain to a supervisory authority. Generally, you can contact the supervisory authority responsible for our company for this purpose.
If you have further questions regarding the protection of your personal data, this privacy notice, or declarations of consent given, please feel free to contact us or our data protection officer(s) at any time. You can also address any complaints about the handling of your personal data to us or our data protection officer(s).
Right to object
If your personal data are processed on the basis of legitimate interests according to Art. 6 Para. 1 point (f) GDPR, you have the right according to Art. 21 GDPR to object at any time to the processing of your personal data where grounds for such objection exist due to your particular situation.
You have the right to object at any time and without stating a reason to the processing specified under item 3 (e), direct marketing.
If you wish to exercise your right to object, a simple declaration of your objection to us in writing, including by email to firstname.lastname@example.org, is sufficient.
7. Collection of personal data when you visit our website
When you use the website purely for information, i.e. you do not register or otherwise provide us with information, we will only collect the personal data that your web browser transmits to our server. When you want to view our website, we will collect the following data that we require technically in order to display the website to you and ensure stability and security (the legal basis for this is Art. 6 Para. 1 point (f) GDPR):
- a) IP address
- b) Date and time of request
- c) Time zone difference to Greenwich Mean Time (GMT)
- d) Content of request (actual page)
- e) Access status / HTTP status code
- f) Quantity of data transferred at any one time
- g) Website originating the request
- h) Browser
- i) Operating system and user interface
- j) Browser software version and language.
8. Contact form
Data transmitted by means of the contact form including your contact details will be stored for us to process your enquiry or in readiness for subsequent queries. These data will not be passed on without your consent.
The data entered on the contact form is processed solely on the basis of your consent (Art. 6 Para. 1 point (a) GDPR). You can at any time withdraw your previous consent. A simple message indicating your withdrawal of consent by email to email@example.com. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
We retain the data transmitted in the contact form until you ask us to erase them, withdraw your consent for their storage, or there is no longer any need to continue to store the data. Compelling legal provisions – particularly compulsory record keeping periods – are not affected by this.
9. Social media portals
9.1 Shariff method for sharing blog entries
We enable sharing of our blog entries on Facebook, Twitter and Google+, YouTube and Instagram using share buttons by utilizing the Shariff method. By means of this, direct contact between the user and the social media portal is only established when the user actively clicks on the share button. Clicking the share button represents a declaration of consent to data transfer to the particular social media portal by the user according to Art. 6 Para. 1 point (a) GDPR.
9.2 Link to social media portals
Social networks – Facebook, Twitter, Xing, LinkedIn, Instagram und Pinterest – are otherwise embedded on our website mainly in the form of a link to the corresponding service. When you click on the embedded text or image links, you will be redirected to the page of the corresponding provider. User information is only transferred to the corresponding provider after this redirection. We have no influence over and only limited knowledge of how and to what extent your data are processed by the individual providers when you open their web pages. You can find information about how your personal data is handled when you use these websites in the privacy statements of the providers that you use.
9.3 Company presence on social networks
We are present on the following social networks:
- a) Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, D02 X525, Ireland
- b) Twitter International Company, One Cumberland Place Fenian Street, Dublin 2, D02 AX07, Ireland
- c) Instagram Inc., Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, D02 X525, Ireland
- d) LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
- e) Pinterest Europe Ltd. Palmerston House 2nd Floor Fenian Street Dublin 2, Ireland.
The data controller for the social networks: If you visit our company profile on one of the above providers, your personal data will be processed by the particular provider and they are responsible for data processing in the sense of the GDPR. Please note that the most effective way to exercise your rights as the data subject is to do so with the particular provider. Only the provider has access to the data that they collect from you. Nevertheless, please contact us if you require assistance with this.
Data protection officer: You can find information on how to contact the data protection officers for the various social media providers as follows:
- b) Twitter: https://help.twitter.com/de/forms/privacy
- c) Instagram Inc. https://help.instagram.com/contact/1845713985721890
- d) LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
- e) Pinterest: firstname.lastname@example.org
Processing of personal data from data transmitted to us via social networks: As soon as you contact us using the various communications paths provided by social networks, we become independently responsible for the lawfulness of processing the data. Therefore, if you contact us using the various communication methods of the social networks (chat function, comments, etc.) we will process your data for the purpose of answering your question so that we can deal with your enquiry in the best way possible. The legal basis for this processing is our legitimate interest in responding to your communication according to Art. 6 Para. 1 point (f) GDPR.
Additionally, the providers supply us with anonymous statistical data. These statistics are compiled on the basis of usage data among other things, but we do not ourselves have any access to this usage data. Processing of this data is on the legal basis of our legitimate interests according to Art. 6 Para. 1 point (f) GDPR.
Our website uses YouTube plug-ins to integrate and display video content. The video portal provider is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit a page with an embedded YouTube video, the page will not load unless you have previously agreed in our cookie banner. Nevertheless, data is transferred to YouTube when the link is set up; this data contains information about the page from which the link is made, for example.
YouTube can directly correlate your surfing behavior with your personal profile if you are logged in to your YouTube account. You can prevent this by logging out from your account first.
We have no influence over and only limited knowledge of how and to what extent your data are processed.
The legal basis for embedding YouTube and the associated data transfer to Google is your consent (Art. 6 Para. 1 point (a) GDPR).
Details of how user data is handled can be found in the YouTube privacy statement at: https://www.google.de/intl/de/policies/privacy.
10. General contacts
As soon as you contact us by email or telephone and you make your contact data available to us, we process this data (name, email address, telephone number) by way of correspondence.
The legal basis for this is Article 6 Para. 1 point b as well as Article 6 Para. 1 point (f) GDPR. The claim to make contact for sales-related purposes in business to business (B2B) in consideration of an assessment of interest may be seen as a legitimate interest in the sense of the latter regulation.
These data will not be passed on to third parties without your consent and will be erased immediately after contact has been made if no further purpose for their use arises. In the case of Article 6 Para. 1 point (f) GDPR, you can object to processing if the applicable laws do not demand data processing or there is no legal requirement to keep the data in order to fulfil a contract etc. according to Article 6 Para. 1 point (b) GDPR.
By storing settings, the cookies serve in part to simplify website processes (e.g. to maintain previously selected options). If personal data is also processed by individual cookies that we have implemented, such processing will either be for performance of a contract according to Art. 6 Para. 1 point (b) GDPR or to protect our legitimate interests in the best possible operation of the website and to provide a user friendly and effective concept for visiting the web page according to Art. 6 Para. 1 point (f) GDPR. You can activate browser settings that notify you when cookies are set, allow cookies in individual cases, accept cookies only in certain cases or not at all, and delete cookies automatically when you close the browser. You can manage the cookie settings for your particular browser using the links below:
- a) Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- b) Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow–
- c) Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
- d) Opera: https://help.opera.com/en/latest/web-preferences/#cookies
You can also individually manage the cookies for many companies and functions that are used for advertising. To do this, use the corresponding tools that you can open under https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers have a “do not track” function. When this is activated, the browser will indicate to advertising networks, websites and applications that you do not wish to be tracked for the purposes of behavior based advertising and the like. Information and instructions on how to use this function can be obtained from the provider of your browser under the following links:
- a) Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
- b) Mozilla Firefox: https://www.mozilla.org/de/firefox/dnt/
- c) Internet Explorer: https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track
- d) Opera: http://help.opera.com/Windows/12.10/de/notrack.html
You can also prevent loading of scripts. “NoScript” only allows execution of Java scripts, Java and other plug-ins from trusted domains that you have selected. Information and instructions on how to use this function can be obtained from the provider of your browser (e.g.: https://addons.mozilla.org/de/firefox/addon/noscript/ for Mozilla Firefox).
Please note that the functionality of our website may be restricted if you deactivate cookies.
This website sets a cookie called borlabs cookie that is technically necessary to save your cookie preferences (consents).
The borlabs cookie does not process any personal data.
The borlabs cookie stores the consents that you gave when you entered the website. If you wish to withdraw these consents, simply delete the cookie from your browser. You will then be asked for your consent to cookies again when you next visit or reload the website.
You can view and change your cookie preferences here!
12. Google Analytics
We use Google Analytics on this website, which is a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
On our behalf, Google analyzes your use of this website. To do this, we use the cookies that are described in detail in the cookie table above among other things. The data about your use of this website that is collected by Google in this way (e.g. the referring URL, the pages that were visited on our site, your web browser, language settings, operating system, or screen resolution) are transmitted to one of Google’s servers in the USA, where they are stored, and analyzed, and the anonymized results are made available to us. Your usage data is not associated with your full IP address. On this website, we have activated the IP anonymizing function provided by Google so that the final byte (type IPv4) or the last 80 bits (type IPv6) of your IP address are deleted. We have special agreements with Google to ensure that an acceptable level of data protection is maintained for data with Google in the USA
The legal basis for the use of Google Analytics is Art. 6 Para. 1 point (a) GDPR, namely your consent. You can withdraw your given consent at any time, either by downloading and installing the browser plug-in available from Google (https://tools.google.com/dlpage/gaoptout?hl=de) or by clicking on the button below, which will set an opt out cookie.