Privacy policy under the GDPR

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection provisions is:

II. Name and address of the data protection officer

The data protection officer of the controller is:

III. General information on data processing

1. Scope of processing personal data

We generally process our users' personal data only to the extent necessary to provide a functioning website as well as our content and services. Processing regularly takes place only with the user's consent. An exception applies when prior consent cannot be obtained for factual reasons and processing is permitted by law.

2. Legal basis for processing personal data

Where we obtain consent for processing personal data, Art. 6(1)(a) GDPR serves as the legal basis. If processing is necessary for the performance of a contract or for pre-contractual measures, Art. 6(1)(b) GDPR serves as the legal basis.

Where processing is necessary to comply with a legal obligation, Art. 6(1)(c) GDPR serves as the legal basis. If vital interests of the data subject or another natural person are affected, Art. 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override that interest, Art. 6(1)(f) GDPR serves as the legal basis.

3. Data erasure and storage duration

Personal data is deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if required by European or national regulations. Data is also blocked or deleted when a prescribed storage period expires, unless further storage is necessary for entering into or performing a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:

• Information about the browser type and version used
• The user's operating system
• The user's internet service provider
• The user's IP address
• Date and time of access
• Websites from which the user's system reaches our website
• Websites accessed by the user's system through our website

The log files may contain IP addresses or other data that allow assignment to a user. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.

3. Purpose of data processing

Temporary storage of the IP address is necessary to deliver the website to the user's computer. Storage in log files takes place to ensure the functionality of the website, optimize the website and ensure the security of our information technology systems. No analysis for marketing purposes takes place.

4. Storage duration

Data required to provide the website is deleted as soon as the respective session ends. Log file data is deleted after seven days at the latest. Storage beyond this period is possible if IP addresses are deleted or anonymized so that assignment to the accessing client is no longer possible.

5. Right to object and removal option

Collection of data for providing the website and storage in log files is absolutely necessary for operating the website. Therefore, there is no option to object.

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user's computer system. They contain a characteristic string that enables the browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. The following data is stored and transmitted in the cookies:

• Login information
• Browser type

b) Legal basis for data processing

The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites. Some functions cannot be offered without cookies. We require cookies for the following applications:

• Adjusting the screen size
• Applying language settings

User data collected by technically necessary cookies is not used to create user profiles.

e) Storage duration, objection and removal option

Cookies are stored on the user's computer and transmitted from it to our website. You can disable or restrict the use of cookies in your internet browser settings. Cookies that have already been stored can be deleted at any time. If cookies are disabled, not all website functions may be fully usable.

VI. Contact form and email contact

1. Description and scope of data processing

A contact form for electronic contact may be available on our website. If a user uses this option, the data entered in the input form is transmitted to us and stored. This data may include:

• Last name
• First name
• Salutation
• Title
• Address
• Email address
• Phone number
• User's individual message

At the time the message is sent, the following data is also stored:

• The user's IP address
• Date and time of registration

Alternatively, contact can be made via the email address provided. In this case, the personal data transmitted with the email is stored. No data is passed on to third parties in this context; the data is used exclusively to process the conversation.

2. Legal basis for data processing

If consent has been given, the legal basis is Art. 6(1)(a) GDPR. For data transmitted by email, Art. 6(1)(f) GDPR is the legal basis. If the email contact aims to conclude a contract, Art. 6(1)(b) GDPR is an additional legal basis.

3. Purpose of data processing

Processing personal data from the input form serves solely to handle the contact request. Additional personal data processed during submission serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Storage duration

Data from the input form and data transmitted by email is deleted as soon as the respective conversation has ended. The conversation has ended when circumstances indicate that the matter concerned has been conclusively clarified. Additional personal data collected during submission is deleted after seven days at the latest.

5. Right to object and removal option

The user may revoke consent to the processing of personal data at any time and object to storage. In this case, the conversation cannot be continued. The revocation can be sent by informal email to date@ellcie.com or by letter to ELLCIE, Grüner Weg 6, 23936 Grevesmühlen. All personal data stored in the course of contact will then be deleted.

VII. Rights of the data subject

If personal data concerning you is processed, you are a data subject within the meaning of the GDPR. You have the following rights against the controller:

1. Right of access: You may request confirmation from the controller as to whether personal data concerning you is being processed. This includes in particular:
   • the purposes for which the personal data is processed
   • the categories of personal data being processed
   • the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed
   • the planned storage duration of the personal data concerning you or criteria for determining the storage duration
   • the existence of a right to rectification or erasure, a right to restriction of processing or a right to object to this processing
   • the existence of a right to lodge a complaint with a supervisory authority
   • all available information about the origin of the data if the personal data was not collected from the data subject
   • the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR
   You also have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization.
2. Right to rectification: You have the right to rectification and/or completion if the personal data processed is inaccurate or incomplete.
3. Right to restriction of processing: Under certain conditions, you may request restriction of processing of the personal data concerning you.
4. Right to erasure: You may request that personal data concerning you be deleted immediately if one of the legal grounds applies.
5. Right to notification: If rectification, erasure or restriction of processing has been asserted, the controller is obliged to inform recipients accordingly.
6. Right to data portability: You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.
7. Right to object: You have the right, on grounds relating to your particular situation, to object to processing based on Art. 6(1)(e) or (f) GDPR.
8. Right to revoke consent: You have the right to revoke a data protection declaration of consent at any time.
9. Automated individual decision-making, including profiling: You have the right not to be subject to a decision based solely on automated processing.
10. Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.