Search
Close this search box.

Privacy policy

This data protection declaration clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the associated websites, functions and content as well as external online presences, such as our social media profile. (hereinafter collectively referred to as the “Online Offer”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

1. Responsible Authority

European Society of Thin Films e.V. (EFDS e.V.)
Gostritzer Strasse 63
01217 Dresden, Germany
Phone: +49 (0) 3 51 / 8 71 83 70
E-Mail: info@efds.org
URL: www.efds.org

2. Contact Details

Mail: info@efds.org
Homepage: http://www.efds.org/de/impressum

The website operator takes your data protection very seriously and treats your personal data confidentially and in accordance with the statutory provisions.

3. Purposes and legal bases of processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU-GDPR) and the Federal Data Protection Act (BDSG), insofar as these are necessary for the establishment, execution, fulfilment and implementation of pre-contractual measures. Insofar as the provision of personal data is necessary for the initiation or execution of a contractual relationship or in the context of the implementation of pre-contractual measures, processing in accordance with Art. 6 para. 1 lit.b GDPR is lawful.

If you give us your express consent to the processing of personal data for certain purposes (such as disclosure to third parties, evaluation for marketing purposes or advertising), the lawfulness of this processing is given on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. A given consent can be revoked at any time, with effect for the future (see section 9 of this data protection information).

If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfil legal obligations in accordance with Art. 6 para. 1 lit.c GDPR. In addition, processing may take place to safeguard the legitimate interests of us or third parties in accordance with Art. 6 para. 1 lit. f GDPR. If necessary, we will inform you separately, stating your legitimate interest, insofar as this is prescribed by law.

Purpose of processing:

  • Provision of the online offer, its functions and contents,
  • Responding to contact requests and communicating with users,
  • security measures and
  • Range measurement / Marketing.

4. Provisions of Personal Data

We only process data that is related to the establishment of the contract or the pre-contractual measures. This can be general data about you or persons of your company (name, address, contact details, etc.) as well as, if applicable, other data that you transmit to us as part of the justification of the contract.

Types of data processed:

  • Inventory data (such as names, addresses),
  • Contact details (such as e-mail, telephone numbers),
  • Content data (such as text inputs, photographs, videos),
  • Usage data (such as websites visited, interest in content, access times) and
  • Meta/communication data (such as device information, IP addresses).


Categories of data subjects
:

Visitors and users of the online offer (In the following, we also refer to the data subjects collectively as “users”).

Business-related processing:

In addition, we process

  • Contract data (such as subject matter of the contract, term, customer category) and
  • Payment data (such as bank details, payment history)

from our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

5. Data Sources

We process personal data that we receive from you in the context of establishing contact or establishing a contractual relationship or in the context of pre-contractual measures or that you provide via our [sources].

6. Data Recipient

We pass on your personal data within our company exclusively to the areas and persons who need this data to fulfil contractual and legal obligations or to implement our legitimate interest. We may transfer your personal data to companies affiliated with us to the extent permitted within the scope of the purposes and legal bases set out in Section 3 of this Data Protection Information Sheet. Your personal data will be processed on our behalf on the basis of order processing contracts in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. The categories of recipients in this case are providers of Internet service providers as well as providers of customer management systems and software. Otherwise, data will only be passed on to recipients outside the company if this is permitted or required by law, the transfer is necessary for processing and thus for the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example:

  • Public bodies and institutions (such as public prosecutor’s office, police, supervisory authorities, tax office) in the presence of a legal or official obligation,
  • recipients to whom the transfer is directly necessary for the establishment or fulfilment of the contract
  • Other data recipients for whom you have given us your consent to the transfer of data.

7. Cooperation with Order processors and third parties

Insofar as we disclose data to other persons and companies (Order processors or third parties), transmit them to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (such as if a transmission of the data to third parties, such as to payment service providers, is necessary for the fulfilment of the contract in accordance with Art. 6 para. 1 lit. B GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (such e.g. using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

8. Transfer to a third country

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country only if the special requirements of Art. 44 f.f. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees such as the officially recognized determination of a level of data protection corresponding to the EU (such as for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

9. Duration of data storage

If necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes. This includes, among other things, the initiation and processing of a contract.

In addition, we are subject to various storage and documentation obligations arising from, among other things, the German Commercial Code (HGB) and the German Fiscal  Code (AO). The storage and documentation periods prescribed there are two to ten years.

Finally, the storage period is also based on the statutory limitation periods, which according to §§ 195 f.f. of the German Civil Code (BGB), are usually three years, but in certain cases up to thirty years.

10. Your rights

Every data subject has the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to notification pursuant to Article 19 GDPR and the right to data portability pursuant to Article 20 GDPR.

In addition, there is a right of appeal to a data protection supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data is not lawful. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

If the processing of data is based on your consent, you are entitled under Art. 7 GDPR to revoke your consent to the use of your personal data at any time. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected. Please also note that we may have to store certain data for a certain period of time in order to comply with legal requirements (see Section 8 of this data protection information).

Right to object

Insofar as the processing of your personal data is carried out in accordance with Article 6 (1) (f) GDPR to safeguard legitimate interests, you have the right to object to the processing of this data at any time for reasons arising from your particular situation in accordance with Article 21 GDPR. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve to assert, exercise or defend legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing for the purpose of such advertising. This also applies to profiling insofar as it is related to this direct advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

To protect your rights, you are welcome to contact us.

11. Necessity of providing Personal Data

As a rule, the provision of personal data for the establishment, execution, fulfilment or implementation of pre-contractual measures is neither required by law nor by contract. You are therefore not obliged to provide information on personal data. Please note, however, that these are usually necessary for the decision on the conclusion of a contract, the fulfilment of the contract or for pre-contractual measures. If you do not provide us with personal data, we may not be able to make a decision within the framework of contractual measures. We recommend that you only provide personal data that is necessary for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

12. Automatized-decision-making

For the establishment, fulfillment or implementation of the business relationship as well as for pre-contracted measures, we generally do not use fully automated decision-making pursuant to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you separately or obtain your consent where required by law.

13. Cookies and distance measurement

We use cookies on our website. Cookies are small files that are stored on users’ computers. Cookies support the presentation of our website and help you to navigate our website. The use of cookies increases the user-friendliness and security of this website. Cookies collect information about your IP address, browser, operating system and Internet connection. We do not link this information to personal data and do not pass it on to third parties. A cookie is primarily used to store the information about a user (device on which the cookie is stored) during or after his visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example the contents of a shopping cart in an online shop or a login jam can be stored. “Permanent” or “persistent” refers to cookies that remain stored even after closing the browser. For example the login status can be saved if the users visit it after several days. Likewise, the interests of the users can be stored in such a cookie, which are used for pseudonymized reach measurement or marketing purposes.

We may use temporary and permanent cookies and clarify this in the context of our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Please use its help function to be able to make the corresponding changes. You can also use our website without the use of cookies, which may mean that some representations and functions of our online offer may only work to a limited extent.

14. Hosting

The hosting services used by us serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offer.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contract).

15. Collection of access data and log files

We, or our hosting provider, collect data on each access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. The access data includes the name of the accessed website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (such as to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

16. Provision of contractual services

We process inventory data (such as names and addresses as well as contact data of users), contract data (such as services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

As part of the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the protection of the user against misuse and other unauthorized use. As a matter of principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1) (.c) GDPR.

The deletion of the data takes place after expiry of legal warranty and comparable obligations, the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry. Information in any customer account remains until it is deleted.

17. Function for Registration

Users can optionally provided a user account. Within the scope of the registration, the required mandatory information will be to the users. The data entered during registration will be used for the purposes of using the offer. Users can be informed by e-mail about information relevant to the offer or registration, such as cancelled offer or technical circumstances. If users have their user account, their data will be deleted with regard to the user account, subject to their retention for commercial or tax reasons. Art. 6 para. 1 lit.c GDPR is necessary. It is the responsibility of the users to back up their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.

As part of the use of our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the protection of the user against misuse and other unauthorized use. As a matter of principle, this data will not be passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit.c GDPR. The IP addresses will be deleted at the latest 7 days after the end of the event.

18. Contact

When contacting us (via contact form, e-mail, telephone or via social media), the user’s details are processed to process the contact request and its processing in accordance with Art. 6 para. 1 lit. b) GDPR. The information provided by users can be stored in a customer relationship management system (“CRM system”) or comparable request organization. We delete the requests if they are no longer necessary. We review the necessity every two years. Furthermore, the statutory archiving obligations apply.

19. Newsletter

With the following information we inform you about the contents of our newsletter, the registration, dispatch and statistical evaluation procedure as well as your rights of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter referred to as “newsletter”) only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described in the context of a registration for the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our services and us.

Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Likewise, the changes to your data stored with the shipping service provider are logged.

Registration data: To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide a name in the newsletter for the purpose of personal address.

Germany: The dispatch of the newsletter and the associated performance measurement takes place on the basis of the consent of the recipients in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG or on the basis of the legal permission according to § 7 para. 3 UWG.

The logging of the registration procedure takes place on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our interest is in the use of a
user-friendly and secure newsletter system that serves our business interests as well as the expectations of the users and also allows us to prove consent.

Termination/revocation – You can cancel the receipt of our newsletter at any time, i.e. Withdraw your consent. A link to cancel the newsletter can be found at the end of each newsletter. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them for the purpose of sending the newsletter in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of a consent is confirmed at the same time.

20. Newsletter - Measuring success

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are first collected.

This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. Although this information can be assigned to the individual newsletter recipients for technical reasons, it is not our intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

21. Facebook-Pixel, Custom Audiences und Facebook-Conversion

Within our online offer, due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour,  Dublin 2, Ireland (“Facebook”).

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law
(https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

With the help of the Facebook pixel, Facebook is able to determine the visitors of our online offer as a target group for the presentation of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (such as interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called “conversion”). The processing of the data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general information on the presentation of Facebook ads, in the data use policy of Facebook:
https://www.facebook.com/policy.php For specific information and details about the Facebook pixel and how it works, visit Facebook’s Help Center: https://www.facebook.com/business/help/651294705016616

You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions for the settings of usage-based advertising: https://www.facebook.com/settings?tab=ads.  The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

You can also object to the use of cookies used for range measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

22. Online presence in social media

We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services there. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of the users if they communicate with us within the social networks and platforms, such as write contributions on our online presences or send us messages.

23. Integration of third-party services and content

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers from third-party providers within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always requires that the third-party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the presentation of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information on the use of our online offer, as well as be combined with such information from other sources.

Google Maps:

We integrate the maps of the service “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

24. Provision of contractual services

We process inventory data (such as names and addresses as well as contact data of users), contract data (such as services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

As part of the use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the protection of the user against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Article 6 (1), lit. c GDPR.

25. Deletion of data

The data processed by us will be deleted or restricted in their processing in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example to data that must be stored for commercial or tax law.

According to legal requirements in Germany, the storage takes place in particular for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).