We are pleased that you are interested in our company. Data protection is particularly important to the senior management of EISA-Sachsen GmbH. It is generally possible to use the website of EISA-Sachsen GmbH without disclosing any personal data. If a data subject wants to use special services from our company via our website, however, the processing of personal data could be required. If processing personal data is required and is there is no legal basis for such processing, we generally obtain the consent of the data subject.
EISA-Sachsen GmbH has implemented numerous technical and organisational measures for the data controller in order to ensure as complete protection as possible of the personal data processed via this website. Nevertheless, internet-based data transmission can generally have gaps in security so that absolute protection cannot be guaranteed. For this reason, data subjects are free also to transmit personal data to us using alternative paths, for example by telephone.
1. Definition of terms
a) Personal data
Personal data is all information that relates to an identified or identifiable natural person (subsequently “data subject”). A natural person is seen to be identifiable if they can be identified, directly or indirectly, in particular by allocation to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, financial cultural or social identity of this natural person.
b) Data subject
A data subject is every identified or identifiable person whose personal data can be processed by the data controller.
Processing is every process or series of processes executed with or without the help of automated procedures in connection with personal data, such as collecting, recording, organising, arranging, storing, adjusting or amending, reading, retrieving, using, disclosing through transmission, distributing or any other form of provision, comparison or linking, restricting, erasing or destroying.
d) Restricting processing
Restricting processing is marking stored data with the aim of restricting its future processing.
Profiling is every type of automated processing of personal data that consists of this personal data being used in order to evaluate certain personal aspects that relate to a natural person, in particular in order to analyse or forecast aspects regarding work performance, their financial situation, health, personal preferences, interests, reliability, conduct, place of stay or change of location of this natural person
Pseudonymisation is the processing of personal data in a manner in which the personal data cannot be allocated to a specific data subject without drawing on additional information, if this additional information is separately stored and subject to technical and organisational measures that guarantee that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or data controller
A controller or data controller is the natural person or legal entity, public authority, institution or other centre that decides on the purpose and means of processing personal data alone or together with others. If the purpose and means of this processing are stipulated by Union law or the law of the member states, the controller can be provided with the certain criteria of this appointment in accordance with Union law or the law of the member states.
h) Order processor
The order processor is a natural person or legal entity, public authority, institution or other centre that processes personal data on behalf of the controller.
A recipient is a natural person or legal entity, public authority, institution or other centre to whom personal data is disclosed, regardless of whether a third party is concerned or not. However, public authorities that within the scope of a certain investigation mandate in accordance with Union law or the law of the members states that possibly receive personal data are not deemed to be recipients.
j) Third party
A third party is a natural person or legal entity, public authority, institution or other centre apart from the data subject, the controller, the order processor and the persons authorised under the direct responsibility of the controller or the order processor, to process the personal data.
2. Name and address of the data controller
The controller in accordance with the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions with a data protection character is:
Tel.: 037322 / 52340
3. Name and address of the Data Protection Officer
The Data Protection Officer of the data controller is:
LSR IT-Beratung GmbH
Brockdorfer Esch 1
Every data subject can contact our Data Protection Officer directly for all questions and suggestions about data protection at any time.
The data subject can prevent cookies being set at any time by correspondingly setting the internet browser used and thus permanently preventing the setting of cookies. Furthermore, cookies that have already been set can be deleted via an internet browser or another software program at any time. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, under some circumstances it will not be possible to use all the functions of our website.
Cookie Consent with Borlabs Cookie
Our website uses the Borlabs cookie consent technology to obtain your consent to the storage of certain cookies in your browser and for their data privacy protection compliant documentation. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter referred to as Borlabs).
Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.
The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
Manage cookie settings
5. Recording general data and information
The website of EISA-Sachsen GmbH records a range of general data and information on every retrieval of the website by a data subject or an automated system. This general data and information will be stored in the server log files. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which the accessing system came to our website (so-called referrer), (4) the sub-websites that are steered to our website via an accessing system, (5) the date and time of an access to the website, (6) an Internet Protocol address (IP address), (7) the Internet Service Provider of the accessing system and (8) other similar data and information that serve to avert dangers in the event of attacks on our information technology systems.
When using this general data and information, EISA-Sachsen GmbH will not draw any conclusions about the data subject. Instead, this information is required to (1) deliver the contents of our website, (2) guarantee the permanent functionality of our information technology systems and the technology of our website and (3) to provide the information necessary to investigate crimes to the criminal investigation authorities in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by EISA-Sachsen GmbH on the one hand, statistically and furthermore, with the aim of improving data protection and data security in our company in order ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all the personal data given by the data subject.
6. Registration on our website
The data subject has the possibility to register on the website of the data controller with the disclosure of personal data. Which personal data is transmitted here to the data controller results from the relevant input screen used for the registration. The personal data inputted by the data subject is used exclusively for internal use at the data controller and is collected and stored for in-house purposes. The data controller can forward data to one or more order processors, for example a package service provider, which must also use the personal data exclusively for internal use, which has to be attributed to the data controller.
Furthermore, by registering on the website of the data controller, the IP address issued to the data subject by the Internet Service Provider (ISP), and the date and time of the registration will be stored. Data is stored against the background that this is the only way misuse of our services can be prevented and that this data enables any crimes that have been committed to be solved. In this respect the storage of this data is required to protect the data controller. This data will generally not be transmitted to third parties, if there are no legal obligations for transmission or the transmission serves the purposes of criminal investigation.
The registration of the data subject with voluntary disclosure of personal data serves the data controller to offer the data subject contents or services that due to the nature of the matter can only be offered to registered users. Registered persons are free to amend the personal data given for registration or to have it completely deleted from the database of the data controller at any time.
The data controller will issue to every data subject on request information about which personal data is stored about the data subject. Furthermore, the data controller will correct or delete personal data on request or inform the data subject insofar as no legal retention obligations contradict this. The entirety of the employees of the data controller are available as contacts to the data subject in this connection.
7. Contact possibilities via the website
Due to legal regulations the website of EISA-Sachsen GmbH includes disclosures that enable making quick electronic contact with our company and direct communication with us, which also includes a general address for so-called electronic post (email address). If a data subject makes contact with the data controller by email or via a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted by a data subject on a voluntary basis to the data controller will be stored for the purposes of processing or making contact with the data subject. This personal data will not be transmitted to third parties.
8. Routine erasure and blocking of personal data
The data controller processes and stores personal data of data subjects only for the period of time required to achieve the purpose of storage, or if this is provided for by European directives and regulation setters, or by another legislator in acts or regulations to which the data controller is subject. If the storage purpose lapses or if a storage period set by European directive and regulation setters or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with legal regulations.
9. Rights of the data subject
a) Right to confirmation
Every data subject has been granted the right by European directive and regulation setters to demand confirmation from the data controller whether relevant personal data is processed. If a data subject would like to claim this confirmation right, they can contact an employee of the data controller at any time.
b) Right to information
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation setters to receive information free of charge from data controllers about the personal data stored about them and a copy of this information. Furthermore, European directive and regulation setters entitle data subjects to receive the following information:
The processing purposes of the categories of personal data that are processed, the recipient or categories of recipients to whom personal data has been disclosed or will be disclosed, in particular for recipients in third countries or at international organisations, if possible the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for setting this duration, the existence of a right to rectification or erasure of your personal data or to the restriction of processing by the controller, or a right to object to this processing, the existence of a right to complain to a supervisory authority if personal data was not collected from the data subject. All information available about the origin of the data, the existence of automated decision-making, including profiling, as per Article 22 (1) and (4) GDPR and — in these cases at least — meaningful information about the logic involved and the scope and the effects intended of such processing for the data subject. Furthermore, the data subject has a right to information about whether personal data has been transmitted to a third country or to an international organisation. If this is the case, the data subject otherwise has the right to receive information about suitable guarantees in connection with the transmission. If a data subject would like to claim this information right, they can contact an employee of the data controller at any time.
c) Right to rectification
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation setters to demand the immediate correction of inaccurate personal data relating to them. Furthermore, the data subject is entitled to the right to demand, taking into consideration the purpose of the processing, the completion of incomplete personal data — including by means of a supplementary declaration. If a data subject would like to claim this rectification right, they can contact an employee of the data controller at any time.
d) Right to erasure (right to be forgotten)
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation setters to demand from the controller that they erase the relevant personal data without delay, if one of the following reasons apply and insofar as processing is not required:
The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
The data subject revokes their consent on which processing is based as per Art. 6 (1) a GDPR or Art. 9 (2) a GDPR and there is no other legal basis for the processing.
The data subject objects to the processing as per Art. 21 (1) GDPR and there are no overriding legal grounds for the processing or the data subject objects to the processing as per Art. 21 (2) GDPR.
The personal data was illegally processed.
It is necessary to erase the personal data to meet a legal obligation in accordance with Union law or the law of the member states to which the controller is subject.
The personal data was collected in relation to the services offered of the information company as per Art. 8 (1) GDPR.
If one of the grounds specified applies and a data subject would like to erase personal data stored at EISA-Sachsen GmbH they can contact our Data Protection Officer or another employee of the data controller for this purpose at any time. The employees of EISA-Sachsen GmbH will arrange for the request for erasure to be met without delay. If the personal data was made public by EISA-Sachsen GmbH and if our company is obliged to erase the personal data as the controller as per Art. 17 (1) GDPR, EISA-Sachsen GmbH will take appropriate actions, taking into consideration the available technology and the implementation costs, including of a technical nature, in order among others to inform the data processing controller that processes the published personal data that the data subject affected by this other data processing controller has demanded the erasure of all links to this personal data or copies or duplicates of this personal data, insofar as the processing is not required. The employees of EISA-Sachsen GmbH will arrange what is necessary in the individual case.
e) Right to restrict processing
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation setters to demand the restriction of processing by the controller if one of the following conditions applies:
The accuracy of the personal data is disputed by the data subject and this for a period that enables the controller to check the accuracy of the personal data.
The processing is illegal, the data subject rejects the erasure of the personal data and demands instead the restriction of use of the personal data.
The controller no longer requires the personal data for the purposes of processing but the data subject requires it to assert, exercise or defend legal claims.
The data subject has objected to processing as per Art. 21 (1) GDPR and it has not yet been established whether the legitimate grounds of the controller outweigh those of the data subject.
If one of the conditions specified exists and a data subject would like to restrict the processing of personal data stored at EISA-Sachsen GmbH, they can contact our Data Protection Officer or another employee of the data controller for this purpose at any time. The employees of EISA-Sachsen GmbH will arrange the restriction of processing.
f) Right to data portability
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation setters to receive the personal data relating to them, which was provided by the data subject to a controller, in a structured, common and machine-readable format. The data subject also has the right to transmit this data to another controller without impediment by the controller to whom the personal data was provided, if the processing relates to the consent as per Art. 6 (1) a GDPR or Art. 9 (2) a GDPR or to a contract as per Art. 6 (1) b GDPR and the processing is done with the help of automated procedures, if the processing is not required to carry out a task that is in the public interest or in exercising public authority, which was transferred to the controller.
Furthermore, the data subject has the right when exercising their right as per Art. 20 (1) GDPR to effect that the personal data is transmitted directly from one controller to another controller, insofar as this is technically feasible and if the rights and freedoms of other persons are not impaired.
To assert the right to data portability the data subject can contact the Data Protection Officer appointed by EISA-Sachsen GmbH or another employee at any time.
g) Right to object
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation setters to object for grounds that result from their particular situation to the processing of personal data that relates to them that is done on the basis of Art. 6 (1) e or f GDPR. This also applies to any profiling done based on these provisions.
In the event of an objection EISA-Sachsen GmbH will no longer process the personal data, unless we can prove mandatory grounds worthy of protection for the processing that outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.
If EISA-Sachsen GmbH processes personal data in order to make direct advertising, the data subject has the right to object to the processing of the personal data for the purposes of such advertising at any time. This also applies to profiling, insofar as this is connected with such direct advertising. If the data subject makes an objection to EISA-Sachsen GmbH for the purposes of direct advertising, EISA-Sachsen GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right, for grounds that result from their particular situation, to object to the processing of personal data relating to them done at EISA-Sachsen GmbH for scientific or historical research purposes or for statistical purposes as per Art. 89 (1) GDPR, unless such processing is required for a task that is in the public interest.
To exercise the right of objection the data subject can directly contact the Data Protection Officer of EISA-Sachsen GmbH or another employee. Furthermore, the data subject is free to exercise their right of objection in connection with the use of services of the information company, regardless of Directive 2002/58/EC, by means of an automated procedure for which technical specifications are used.
h) Automated individual decision-making including profiling
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation setters not to be subject to a decision relating exclusively to automated processing — including profiling — that has a legal effect on them or considerably disadvantages them in a similar manner, if the decision (1) is not required to conclude or fulfil a contract between the data subject and the controller, or (2) on the basis of legal regulations of the Union or the member states to which the controller is subject this is permissible and these legal regulations contain appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject or (3) is taken with the explicit consent of the data subject. If the decision (1) is required to conclude or fulfil a contract between the data subject and the controller or (2) is taken with the explicit consent of the data subject, EISA-Sachsen GmbH will take appropriate measures in order to protect the legitimate interests of the data subject, which includes at least the right to effect the intervention of a person by the controller, to present their own viewpoint and to appeal against the decision. If a data subject would like to assert this right in connection with automated decisions, they can contact an employee of the data controller at any time.
i) Right to withdraw data protection law consent
Every data subject affected by the processing of personal data has been granted the right by European directive and regulation setters to withdraw any consent given to process personal data at any time. If a data subject would like to assert their right to withdraw any consent, they can contact an employee of the data controller at any time.
10. Privacy provisions for the use and application of Google Analytics (with anonymisation function) and Google Tag Manager
This website uses functions from the web analysis services Google Analytics and Google Tag Manager. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics and Google Tag Manager use so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually sent to a Google server in the USA and stored there.
The storage of Google Analytics and Google Tag Manager cookies and use of this analysis tools is carried out on the basis of Art. 6 (1) f of the GDPR. The website operator has a legitimate interest in analysing user conduct in order to optimise both its advertising range and its advertising.
We have activated the function IP anonymisation on this website. This means your IP address will be shortened by Google within Member States of the European Union or in other contracting states to the European Economic Area before it is transmitted to the USA. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptions. Google will use this information on behalf of the user of this website to evaluate your use of the website, compile reports about website activities and to provide further services associated with website use and internet use to the website provider. The IP address transmitted within the scope of Google Analytics from your browser will not be brought together with other data by Google.
You can prevent the storage of cookies by setting your browser software accordingly; however, we must point out that in this case you may not be able to use all the functions of this website in full. Furthermore, you can prevent the recording of the data generated by the cookie relating to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available on the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Refusal of data recording
You can prevent the recording of your data by Google Analytics by clicking on the following link. It will set an opt-out cookie, which will prevent the recording of your data during future visits to this website. Deactivating Google Analytics
We have concluded an agreement with Google for job processing and fully implement the strict requirements of the German data protection authorities in the use of Google Analytics.
Length of storage
Data stored at Google at user and incident level that is linked with cookies, user recognitions (e.g. user IDs) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or erased after 14 months. For details please see the following link: https://support.google.com/analytics/answer/7667196?hl=de
11. Privacy provisions for the use and application of Microsoft Bing Universal Event Tracking and Bing Webmaster Tools
Bing Universal Event Tracking: Bing Universal Event Tracking („UET“) is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA („Microsoft“). We use this service to personalize our Bing ads and analyze our website visitors. To do so, a cookie is stored on your computer. A so-called UET-Tag (code) allows us to gain pseudonymized about our visitors. With this, we can see which actions you took after clicking a Bing ad that lead you to our site. Additionally, Microsoft can analyze your user behaviour across multipe devices by using Cross-Device-Tracking. This information is stored on Microsoft’s servers in the USA.
Bing Webmaster Tools: Bing Webmaster Tools store cookies and beacons (invisible picture files) on your computer. This allows to see if a website has been visited.
Storing the Bing-cookies and using these analytics tools is done based on Art. 6 (1) f of the GDPR. We have a legitimate interest in analyzing the user behaviour in order to optimize the website as well as online ads.
Length of storage
Microsoft stores this data for a maximum of 180 days. You can refuse of the storage by disabling the storage of cookies by simply following this link: [http://choice.microsoft.com/de-de/opt-out] Please be aware, that this can lead so unexpected behaviour on our website. For more information on privacy at Microsoft and Bing, visit: https://privacy.microsoft.com/de-de/privacystatement
12. Privacy provisions for the use and application of YouTube
In order to integrate and show video content, we use website plugins by YouTube. The provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you open a site with an integrated YouTube-plugin, a connection to YouTube’s servers is established. Through this, YouTube knows which of our websites you have visited.
YouTube can link your user behaviour directly to your YouTube account, if you are logged into your YouTube account. By logging out beforehand, you can prevent this.
Using YouTube is done based on Art. 6 (1) f of the GDPR. We have a legitimate interest in making our website as interesting as possible.
13. Legal basis of processing
Art. 6 (I) a GDPR serves as the legal basis for our company for processing procedures for which we obtain consent for a certain processing purpose. If processing personal data is required to fulfil a contract whose contracting party is the data subject, for example, as is the case for processing procedures that are necessary to deliver merchandise or provide another service or return service, this processing relates to Art. 6 (I) b GDPR. The same applies to such processing procedures that are required to conduct pre-contractual measures, such as in cases of enquiries about our products or services. If our company is subject to a legal obligation that requires a processing of personal data, for example, to fulfil taxation obligations, the processing will be based on 6 (I) c GDPR. In rare cases the processing of personal data can be required in order to protect essential interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our business were injured and as a result their name, age, health insurer data or other essential information had to be transmitted to a doctor, a hospital or other third party. Then the processing would relate to Art. 6 (I) d GDPR. Finally, processing procedures can relate to Art. 6 (I) f GDPR. Processing procedures are based on this legal basis that are not covered by any of the aforementioned legal bases, if the processing is required to protect a legitimate interest of our company or a third party, if these do not outweigh the interests, fundamental rights and fundamental freedoms of the data subject. We are therefore permitted such processing procedures because these are mentioned in particular by European legislators. These legislators are of the opinion that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).
14. Legitimate interests in processing pursued by the controller or a third party
If the processing of personal data is based on Article 6 (I) f GDPR, our legitimate interest is conducting our business activity in favour of the wellbeing of all our employees and our shareholders.
15. Term for which personal data is stored
The criterion for the term of storage of personal data is the relevant legal retention period. After expiry of this period the corresponding data is routinely erased, if it is no longer required to fulfil a contract or to initiate a contract.
16. Legal or contractual regulations for providing personal data; requirement for conclusion of a contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We must explain to you that the provision of personal data is in part legally stipulated (e.g. tax regulations) or may result from contractual regulations (e.g. disclosures on the contractual partner). Sometimes, in order to conclude a contract it can be required that a data subject provides us with personal data that we consequently have to process. For example, the data subject is obliged to provide personal data, if our company concludes a contract with them. The consequence of non-provision of personal data is that the contract could not be concluded with the data subject. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee will explain to the data subject whether the provision of personal data is legally or contractually stipulated or is required to conclude the contract, whether there is an obligation to provide the personal data and which consequences the non-provision of the personal data would have.
17. Existence of automated decision-making
As a responsible company we waive the use of any automated decision-making or profiling.