Privacy Policy

Overview

Protection of personal data and responsible handling of information are important and special concerns for us. Efficient-Consumer-Response ECR-Solutions Servicegesellschaft mbH (ECR) processes personal data only in accordance with legal requirements, in particular the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG). This privacy policy contains information how we process personal data in the case you

  • visit our website (see section 2)
  • conclude and execute agreements with us (see section 3)
  • online surveys (see section 4)
  • apply for a job (see section 5).

Further, this privacy policy contains information on recipients of your personal data within the EEA (see section 6), deletion of your personal data and retention periods (see section 7), your rights as a data subject (see section 8) and automated decision making (see section 9).

1. Controller and Data Protection Officer

Controller:
Efficient-Consumer-Response ECR-Solutions Servicegesellschaft mbH Imprint
Data Protection Officer:
E-Mail: mail@planit.legal
Phone: +49 40 609 44 190

2. Website Visit

When you visit our website (www.ecr-solutions.de), we process personal data to enable your use (Usage Data) to the extent described in section 2.1. Please find below information on legal basis, purposes and, if applicable, legitimate interests and the necessity of processing your personal data.

2.1 Data Processing to Enable the Use of the Website

Usage Data includes your IP address and information on start, end, your use of the website and identification data (e.g. your login data when you log into a secure area). It also includes technical data transmitted by your browser such as browser type / browser version, previously visited website (referrer URL), monitor resolution, operating system, if applicable device information (e.g. device type) etc. We process these data for the provision and demand-oriented design of this website in our legitimate interest (Art. 6(1)(f) GDPR). If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.

2.2 Cookies und Web Tracking

When you visit our website, information in the form of cookies may be stored on your device. A cookie is a small text file that is sent from a web server to your browser and stored on your device. When you revisit our website, cookie data are transmitted to our web server again. We may then, for example, recognise you again and take your individual settings into account when displaying the website. Cookies can be categorised as first party cookies (deployed by ECR) and third-party cookies (deployed by third parties). We further categorise cookies as follows:

Type:Description:
Category 1: technically necessary cookiesThese cookies are technically necessary to provide the website functionality. We may not provide the website without deploying such cookies.
Category 2: functional cookiesThese cookies serve to create the most pleasant surfing experience possible on our website, with a maximum of individual usage conformity (e.g. enabling a login across sessions, a high surfing speed through search suggestions or the storage of individual page settings such as language or text size, etc.).
Category 3: performance cookiesThese cookies serve to continuously optimise our website and lead to a continuously improved surfing experience (e.g. by evaluating the use of website functions offered, reporting display errors, etc.).
Category 4: social network and advertising cookiesSome of these cookies allow you to connect to your social networks and share content. Others helps to better individualise advertising by adapting to your interests.

We do not use category 2-4 cookies. Legal basis for deploying category 1 cookies is our legitimate interest in providing our website under Art. 6(1)(f) GDPR. Please refer to the below table for detailed information in regard to the particular cookies deployed on our website.

CookieCategoryControllerPurposeRetention Period
PHPSESSID1ECRsession administrationend of session
fe_typo_user1ECRlogin administrationend of session

2.3 Google Fonts

Our website uses « Google Fonts » from Google to display fonts uniformly. When you call up a website, your browser loads the required fonts into your browser cache to display texts and fonts correctly. Among other things, your IP address is transferred to the Google servers. If your browser does not support Google Fonts, standard fonts are used.
For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy. Google is certified under the EU-U.S. Privacy Shield Framework, which ensures the level of protection of natural persons guaranteed by GDPR is not undermined through data transfers (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

2.4 Google Maps

On the page of the contact form there is a plugin which shows a map of Google Maps. Google Maps is a web service for displaying interactive (country) maps in order to display geographical information visually. Using this service will show you our location and make it easier for you to find us.
This is done by connecting your browser to Google’s servers as if you were visiting the Google search engine’s website. If you are logged into Google, your information will be directly linked to your account. If you do not wish to be linked to your profile on Google, you must log out before activating the button. Google is responsible for data processing by Google. There is no tracking by Google on our website.
If you do not agree to the future transfer of your data to Google in the context of the use of Google Maps, it is also possible to completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and therefore also the map display on this website can then not be used.
For more information about using Google Maps, please see the Google Maps Terms of Use. For further information on data protection at Google, please refer to Google’s privacy policy.
Google is certified under the EU-U.S. Privacy Shield Framework, which ensures the level of protection of natural persons guaranteed by GDPR is not undermined through data transfers (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

2.5 Contact Form

We process your personal data when you use our contact form. If you contact us via the contact form provided, your details will be stored in order to respond to your enquiry. Legal basis is either the performing of a contract obligation or our legitimate interest in providing a contact form (Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR). You are neither obliged to contact us via the contact form nor to provide personal data. If you do not provide your personal information, we may not be able to process your request. Otherwise there will be no consequences for you. If you are interested in detailed information on the balancing of your and our interests, please refer to the addresses in section 1.

3. Conclusion and Performance of Contracts

In order to conclude or to perform contracts with you (tyre proceedings, repair proceedings, warranty handling), we process your personal data. Please find below information on legal basis, purposes and the necessity of processing your personal data.
The legal basis for processing your personal Data is Art. 6(1)(b) GDPR. We process your personal data to establish and carry out the contractual relationship. This requires provision of your personal data. You are not obliged to provide your personal data, but if you do not provide it, it may not possible to establish and carry out the contractual relationship. Otherwise there will be no consequences for you.

4. Online Surveys

If you have a business relationship with us, we may use your e-mail address to send you online surveys by e-mail.

a. Legal Basis

Art. 6(1)(a) or (f ) GDPR.

b. Purpose and Necessity of Processing your personal Data

We send you online surveys by e-mail and ask you to participate in them in order to continuously improve the quality of our products and services.
Our legitimate interest lies in improving the quality of our products and services.
If you would like more detailed information about our interests, please contact one of the addresses listed in section 1.
Within the scope of the online survey, ECR does not collect any personal data of the participants. To conduct the online survey, we use « Google Forms », a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (« Google »). Google may collect personal data (e.g. IP addresses). ECR has no influence on this processing.
You can find more information about data protection at Google at https://policies.google.com/?hl=en&gl=en.

5. Job Application

Within the application process we process your personal data. Please find below information on legal basis, purposes and, if applicable, legitimate interests and the necessity of processing your personal data.
The legal basis for processing your personal Data are Sec. 26(1), (8)(2) BDSG or Sec. 26(2), (8)(2) BDSG. We process your personal data for the purpose of contacting you and assessing whether or not you are the right candidate for the position. It is not possible to apply for a job without providing personal data. You are neither obliged to apply to ECR nor to provide personal data. If you do not provide your personal data, you may not be able to apply and/or we may not be able to consider your application. Otherwise there will be no consequences for you.

6. Transfer to Recipients of Personal Data within the EEA

We will transfer personal data to third parties only where necessary for the provision of our service or otherwise allowed by the law. Within the scope of the purposes stated here, personal data are transferred to service providers involved in the provision of our services. In addition to their legal obligation to comply with all data protection regulations, these service providers are bound to additional contractual data protection requirements. This includes in particular contractual obligations as a processor in accordance with Art. 28 GDPR. In particular, we transferred personal data to the following categories of service providers:

  • accounting, financial institutions, tax and legal advice;
  • IT service and infrastructure, e.g. for the job application process;
  • IT support and maintenance;
  • data destruction and facility services;
  • repair shops
  • tyre retailer
  • vehicle manufacturers
  • spare parts suppliers

In addition to the categories already mentioned, further categories of service providers may exist or be added. In other cases, we transfer personal data to other recipients only if a there is a legal justification or you have expressed your consent. Any consent given can be revoked at any time with effect for the future. We will only disclose your data to government authorities within the framework of statutory obligations or as a result of an official order or court decision and only insofar as this is permitted under data protection law.

7. Deletion

We delete your personal data as soon as it is no longer necessary for the aforementioned purposes of processing. We also delete your personal data if you object to a certain processing of data that is based on legitimate interests, unless there are compelling reasons for ECR to continue processing. We also delete your data if you revoke your consent to the processing and if there is no other legal basis for processing. In certain cases, e.g. if there is a statutory retention period, your data will initially be blocked and deleted upon expiry of the retention period.
Job-related data is retained until a decision is made and then deleted after a maximum of six months or, in the event of a successful application, transferred to your personnel file.

8. Your Rights

As a data subject of the data processing, you have the right to confirmation as to whether personal data relating to you are processed by ECR and the right to access this personal data (Art. 15 GDPR), a right to rectification of your incorrect data (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restrict (block) your data (Art. 18 GDPR).
In addition, in the case of processing on the basis of Article 6(1)(e) or (f) GDPR, you may object to the processing (Art. 21 GDPR). If you have provided the data, you can request the transmission of the data (Art. 20 GDPR). Whether and to what extent these rights are effective in individual cases and under what conditions they apply is stipulated by law. If the processing is based on a consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you can revoke consent at any time with effect for the future (Art. 7(3)(1) GDPR). You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).
If you have any questions or complaints about data protection at ECR, we recommend that you first contact our data protection officer (see contact details under section 1).

9. No automated individual Decision-Making

We do not use your personal data for automated individual decisions in the meaning of Art. 22(1) GDPR.

10. Amendment of the Privacy Policy

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can always find the latest version on our website