(Last updated: February 2021)
Information on the Collection of Personal Data
(1) In the following passages, we have provided information on the collection of personal data when you use our website www.evonos.de. Personal data is all data that can be related to you personally, for example your name, address, email addresses, and user behavior.
(2) The controller as defined by the General Data Protection Regulation (GDPR) is:
evonos GmbH & Co. KG
Commercial register: Stuttgart District Court, company reg. no. HRA 727672
Legally represented by its general partner
evonos Verwaltungs GmbH
Commercial register: Stuttgart District Court, company reg. no. HRB 739473
Managing directors: Ingolf Diez, Jörg Mans, Oliver Rheinberger
Stockacher Str. 134
78532 Tuttlingen, Germany
Phone: +49 (0)7461 965774 0
Fax: +49 (0)7461 965774 89
(3) Contact details of the data protection officer:
c/o evonos GmbH & Co. KG
Stockacher Str. 134
78532 Tuttlingen, Germany
(4) If you contact us by email or via a contact form, the data that you have disclosed (your email address and possibly your name and telephone number) will be stored by us so that we can respond to your queries. We will erase the data generated in this context after storage is no longer required or restrict processing if it is subject to statutory retention requirements.
(5) The processing of personal data may be based on the following legal grounds:
- Article 6 (1) (a) GDPR for processing operations, for which we obtain your consent in advance for a specific processing purpose;
- Article 6 (1) (b) GDPR to the extent that the processing of personal data is necessary for the performance of a contract. The same applies in respect of processing operations that are necessary for carrying out pre-contractual measures, for example when inquiries are made about our products;
- Article 6 (1) (c) GDPR to the extent that we are subject to a legal obligation requiring the processing of personal data, for example to comply with tax or accounting obligations;
- Article 6 (1) (f) GDPR on the basis of our legitimate interests unless your interests, fundamental rights and freedoms override our interests.
(1) Your personal data will only be processed and stored for the period necessary to fulfill the purpose of storage and/or as provided by law. After this purpose has ceased to exist or has been fulfilled, your personal data will be erased or blocked.
(2) If your data is blocked, it will be erased as soon as there are no other storage periods to the contrary, there is no reason to assume that erasure would impair your legitimate interests, and erasure would not involve a disproportionate amount of effort due to the special nature of the storage.
Collaboration with Processors
(1) For the provision of our website and services, we sometimes use external service providers (e.g. for sending newsletters or for analysis). These processors will only act on our instructions and have been contractually obligated, in accordance with Article 28 GDPR, to comply with the provisions of data protection law.
(2) If personal data about you is disclosed by us to our subsidiaries or is disclosed to us by our subsidiaries (e.g. for advertising purposes), this is carried out on the basis of existing order processing relationships.
Collection of Personal Data When You Visit our Website
(1) If you use our website purely for information purposes, that is, if you do not register with us or provide us with information in any other way, then we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we will collect the following data:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Quantity of data transmitted
- Website from which the request originates
- Operating system and its interface
- Language and version of the browser software.
(2) The collection of this data is technically necessary for us in order to display our website to you and to ensure stability and security. The legal basis is Article 6 (1) (f) GDPR.
(2) Cookies may contain data allowing us to recognize the device you are using. In some cases, cookies only contain information about certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user.
(3) A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, we again differentiate between the following types of cookies:
- Technical cookies: These are absolutely necessary to enable you to navigate the website and use basic functions, and to ensure the security of the website. They do not collect information about you for marketing purposes, nor do they store information about any other websites you have visited;
- Performance cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur during your use of the website. They do not collect information that could identify you – all information collected is anonymous and is used only to improve our website and to find out what interests our users;
- Advertising cookies, targeting cookies: These are used to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers;
- Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks).
(5) You can configure your browser settings according to your preferences and refuse to accept third-party cookies, for example, or all cookies. However, please note that you may not then be able to use all of this website's features.
(1) When you contact us by phone or email, the data you provide will be stored by us on the basis of Article 6 (1) (a) GDPR in order to answer your inquiry. We will erase the data generated in this context when the respective conversation with you has ended and the matter in question has been conclusively resolved.
(2) For concluding and processing contracts or for implementing pre-contractual measures on the basis of Article 6 (1) (b) GDPR and depending on the individual case, we will require contact details such as your name, delivery and billing address, and email address, as well as information on the type of payment method you have chosen.
(3) Based on Article 6 (1) (c) and (f) GDPR, we use and store your personal data to the extent that we are legally obliged to do so, for example due to regulatory or judicial orders. We also use and store your personal data in order to exercise our rights and claims as well as for legal defense purposes.
Newsletter/Use of CleverReach
(1) With your consent, you can subscribe to our newsletter where we provide information on any interesting offers that are currently available. The goods and services advertised are specified in the declaration of consent.
(2) We use the ‘double opt-in procedure’ for signing people up to our newsletter. This means that after your registration, we will email you at the address you have provided, requesting confirmation that you would like to receive the newsletter. If you do not confirm your registration within 7 days, your information will be blocked and automatically erased after one month. We also save the IP addresses used by you and the times of registration and confirmation. The purpose of this procedure is to be able to substantiate your registration and resolve any misuse of your personal data, if necessary.
(3) We use the services of CleverReach GmbH & Co. KG (www.cleverreach.com) for the organization of newsletter mailings and their analysis. The data provided by you for mailing out the newsletter (i.e. your email address and any other data voluntarily provided) will be stored on CleverReach's servers in Germany and Ireland. With the aid of CleverReach, we can analyze how many recipients have opened the newsletter, which links in the newsletter attracted clicks and how often, which recipients have unsubscribed from the newsletter, and which email addresses the newsletter could not be delivered to.
(4) The only information that you have to provide so that we can send you the newsletter is your email address. The provision of any additional, separately marked data is voluntary and is used to address you personally. After receiving your confirmation, we will save your email address for the purpose of mailing out the newsletter. The legal basis for this is Article 6 (1) (a) GDPR.
(5) You can withdraw your consent to the sending of the newsletter and hence to the analysis by CleverReach at any time and unsubscribe from the newsletter. You can notify us of your withdrawal of consent by clicking on the link provided in each newsletter email, emailing us at email@example.com, or by sending a message to the contact details provided in the imprint. The lawfulness of the data processing that has already been carried out remains unaffected by this withdrawal of consent.
(6) Your data stored with us or CleverReach will be deleted from the distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this. After you have unsubscribed from the mailing list, we may store your email address in a blacklist to prevent future mailings. The data from this blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending out newsletters (legitimate interest within the meaning of Article 6 (1) (f) GDPR). Your email will be stored in the blacklist for an indefinite period. You can object to the storage if your interests outweigh our legitimate interest.
(7) Third-party vendor information: CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany; www.cleverreach.com/de/datenschutz/.
Use of etracker
(1) This website uses technologies from etracker GmbH (www.etracker.com) to collect and store data for marketing and optimization purposes. No cookies are used for web analysis by default. Where analysis and optimization cookies are used, we obtain your express consent separately and in advance. If this is the case and you give your consent, cookies are used to enable statistical reach analysis of this website, to measure the success of our online marketing measures, and to enable test procedures, e.g. to test and optimize different versions of our online offering and its components. Cookies are small text files that are stored by the Internet browser on the user's end device. etracker cookies do not contain any information that allows users to be identified.
(2) The data generated with etracker is processed and stored by etracker on our behalf exclusively in Germany and is therefore subject to strict German and European data protection laws and standards. etracker has been independently audited, certified, and awarded the ePrivacyseal in this regard.
(3) The data processing is carried out on the basis of the legal provisions of Article 6 (1) (f) GDPR. Our legitimate interest as defined by the GDPR is the optimization of online offering and our website. Since the privacy of our visitors is important to us, data that might allow a reference to an individual person, such as the IP address, login or device identifiers, is anonymized or pseudonymized as soon as possible. No other use, combination with other data, or disclosure to third parties takes place.
(4) You may object to the above-mentioned data processing at any time.
Your objection will not have any adverse consequences for you.
(5) Third-party vendor information: etracker GmbH, Erste Brunnenstrasse 1, 20459 Hamburg, Germany; www.etracker.com/de/datenschutz.html.
Social Media Plug-ins
We do not use any social media plug-ins on our website. If our websites contain symbols of social media providers (e.g. Facebook, YouTube, Xing, or LinkedIn), we only use these for passive linking to the pages of the respective providers.
(1) We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss or destruction, and against unauthorized access by third parties, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
(2) We will be happy to provide you with more information on request. Please contact us at firstname.lastname@example.org.
(1) If your personal data is processed, you are the ‘data subject’ for the purposes of the GDPR. You have the following rights with regard to the personal data concerning you:
- Under Article 15 GDPR, you have the right to request information about the personal data stored about you.
- Under Article 16 GDPR, you have the right to request that personal data concerning you be corrected and/or completed without undue delay.
- Under Article 17 GDPR, you have the right to request the erasure of your personal data stored by us unless it is necessary to exercise the right of freedom of expression and information, the processing is required for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
- Under Article 18 GDPR, you have the right to request the restriction of the processing of your personal data if the accuracy of the data is contested by you, if the processing is unlawful and you oppose its erasure, if we no longer need the data but you need it for the establishment, exercise or defense of legal claims, or if you have objected to the processing.
- Under Article 20 GDPR, you have the right to have personal data that you have provided to us handed over to you or to a third party in a structured, commonly used, and machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
- Under Article 21 GDPR, you have the right to object to processing at any time, provided that your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) (f) GDPR.
(2) You have the right to withdraw your consent regarding the collection of data at any time with effect for the future. The data collected until your withdrawal of consent becomes legally effective remains unaffected by this.
(3) If you wish to exercise any of the above rights, a simple message to us will suffice. To do so, you can use the contact details provided or email us at email@example.com.
(4) Regardless of any other legal remedy under administrative law or by means of the courts, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence, your place of work, or the location of the supposed infringement if you take the view that the processing of the personal data involving you is in breach of the GDPR. As the complainant, you will be informed of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR, by the supervisory authority to which the complaint was submitted.