Privacy Policy

1. Preamble

We are delighted to welcome you to our website. We care deeply about protecting information and data in particular. You generally do not have to provide any personal data to use our website. Should you disclose data to us in connection with the processing described below, we will treat your personal data confidentially and in accordance with this privacy policy and the data protection laws and regulations of the European Union and the Federal Republic of Germany.

EIKONA AG, in its capacity as the controller, has taken numerous technical and organisational measures to ensure that the personal data processed by this website is afforded the greatest possible protection. However, internet-based data transfers may still have security vulnerabilities, which is why absolute protection cannot be guaranteed. You, the data subject, are therefore free to send personal data to us by alternative means, for example, by phone or postal service.

2. Definitions

The privacy policy of EIKONA AG is based on the terminology used by European legislators and regulators in issuing the General Data Protection Regulation (GDPR). The detailed definitions are available in GDPR Article 4. The main definitions are set out in simplified form below:

a) Personal data:

This is all the information that you provide to us, in our capacity as the controller, in order to identify you as a natural person (e.g. name, address, email, telephone number, IP address).

b) Data subject:

This is you, the natural person, provided we have identified you.

c) Processing:

Processing is any entering, storing, processing, forwarding, archiving and deleting of data. It is irrelevant whether the process is done manually (e.g. by letter) or automatically using IT systems.

d) Restriction of processing:

Restriction of processing is the flagging of stored personal data with the aim of restricting its future processing.

e) Profiling:

Profiling is any type of automatic processing of your data that consists of using this data to analyse certain personal aspects concerning you, In particular, to analyse or predict aspects concerning your work performance, economic situation, health, personal preferences, interests, behaviour, whereabouts or change in location.

f) Pseudonymisation:

 This is a process that applies an identifier to your personal data. Only this identifier is used from that point on. The pseudonym cannot be resolved without the original key or a "reference database” (e.g. assignment of a customer number).

g) Controller:

The controller or entity in charge of the processing is EIKONA AG with whom you have a contractual relationship. To be a controller, we must be able to independently select the processing methods and means.

h) Processor:

A processor is a company that EIKONA AG has retained to help collect, process, store, forward or delete your data. They are usually IT service providers but may also be waste disposal companies retained to shred documents, for example.

i) Consent:

Consent is any expression of will that you give for a specific individual case. You are fully informed about what you are consenting to.

3. Controller

For the purposes of the General Data Protection Regulation and other laws and regulations relating to data protection, the controller of this website and the central services provided by EIKONA AG is:

EIKONA AG
Am Alten Bahnhof 8
D-97332 Volkach
Executive Board: Bastian Späth
Phone: +49 9381 / 71 77 8 - 116
Email: kontakt@eikona.de

4. Data protection officer

A data protection officer has been appointed for EIKONA AG. The data protection officer can answer your data processing questions at any time.

pco GmbH & Co. KG
Data Protection Officer – Personal
Am Alten Bahnhof 8
97332 Volkach
Email:
Phone: +49 541 605 1500

5. Rights of the data subject

GDPR Chapter 3 gives you, the data subject, the rights described below. In order to lawfully fulfil our obligations in connection with your rights, we ask that you address appropriate inquiries to our data protection officer.

a) Article 15 Right of access
You have an unlimited right to request information about your personal data that is being processed. This information must be provided free of charge. You can request the following information, a copy of which must also be provided to you:
• The purpose of processing your data
• The data categories
• The internal and external recipients of your data
• The duration of the storage period
• Your rights under Chapter 3 in connection with the processing of your data
• The source of the data unless it was collected from you
• Whether a profile was created
• Whether your data was transmitted to a third country (non-EU and non-EEA)
• The data protection supervisory authority in charge of our company

b) Article 16 Right to rectification
If we process inaccurate personal data concerning you, you can always have your contact person correct the data.

c) Article 17 Right to erasure
You have the right to request the deletion of your personal data at any time. We may be required by law to retain your data for a certain retention period (e.g. 6 years for business correspondence or 10 years for tax documents), in which case we will block your data record until the retention period expires and then delete it. Please address any requests for deletion to the data protection officer, who will exercise your rights in our company on your behalf.

d) Article 18 Right to restriction of processing
If you dispute the accuracy of our data concerning you, or if you refuse to have your data deleted and instead demand restriction (e.g. for advertising mailings), then you can obtain restriction of processing from us. We will then set your data to “blocked”.

e) Article 19 Notification obligations in connection with correction, deletion or restriction
We are required to inform all recipients of your data of any correction, deletion or restriction that you may request wherever possible and practicable. We will let you know who has received your data on your request.

f) Article 20 Right to data portability
You have the right to demand that we transfer your data to another controller. This refers to all master data that we maintain concerning you. Where technically feasible, we will provide the data record in a common machine-readable format (e.g. .csv)

g) Article 21 Right to object
You can object to the processing of your data wherever it is based on Article 6(1) point (f) (“legitimate interest”).

h) Article 77 Right to lodge a complaint with a supervisory authority
You have the right to complain to the data protection supervisory authority who has jurisdiction over our company at any time if you believe that we are violating the provisions of the GDPR in any way. The following authority has jurisdiction over EIKONA AG:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
You can access the website of the data protection supervisory authority at the following link:

www.lda.bayern.de/de/index.html

6. Processing

This section describes the data processing operations that are related to our website and/or that apply to a general business relationship between you and our company.

We base the processing of your data on the legal bases set out below. GDPR Article 6(I) point (a) serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose.

The processing of your data is based on GDPR Article 6(I) point (b) wherever it is necessary for the performance of a contract to which you are party, such as data processing operations needed to provide goods or any other service or consideration. The foregoing also applies to processing operations needed to take steps at the request of the data subject prior to entering into a contract, such as enquiries about our products or services.

If our company is subject to a legal obligation that necessitates the processing of personal data, such as satisfying tax obligations, the processing is based on GDPR Article 6(I) point (c).

In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were to be injured and the visitor’s name, age, health insurance details or other vital information had to be shared with a doctor, hospital or other third party. In this case, processing would be based on GDPR Article 6(I) point (d).

Finally, processing operations can be based on Article 6(I) point (f). Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party unless that interest is overridden by your interests or rights and freedoms. We are allowed to perform such processing operations because, among other reasons, they are specifically mentioned by the European Parliament.

a) Website
We operate this website and collect various types of data in this context.

Cookies

The website uses cookies. Cookies do not damage your computer or contain viruses. Cookies make our website more secure, effective and user-friendly. Cookies are small text files that your browser stores on your computer.

Most of the cookies we use are “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can configure your browser to notify you when cookies are set, allow cookies only in individual cases, refuse cookies in certain cases or in general or automatically delete cookies when the browser closes. Deactivating cookies may limit our website’s functionality.

Cookies required to carry out electronic communications or provide certain functions requested by you (e.g. shopping cart) are stored on the basis of GDPR Article 6(1) point (f). As the website’s operator, we have a legitimate interest in storing cookies in order to provide our services in an optimised manner without technical errors. Any other cookies (e.g. cookies to analyse your surfing behaviour) are stored on your device are addressed separately in this privacy policy.

Server log files
EIKONA AG and/or our website provider collects data on page views and stores this information as server log files. The following data is logged in this way:

• Website visited
• Time of access
• Bytes of data transferred
• Referring URL
• Browser used
• Operating system used
• IP address used (anonymised)

The collected data is only used for statistical analyses and website improvements. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

Google Search Console

This website uses Google Search Console. Google Search Console is a service that Google provides free of charge for website operators to monitor and analyse their websites. This allows us, as the authorised user, to detect errors in our page links, see which pages link to our page, how many clicks come from which countries and from which devices (desktop, tablet or cell phone) (but not who does the clicks), and which images are viewed and how often. However, no personal data is collected, stored or displayed.
You can learn more at: https://support.google.com/webmasters/answer/9128668?hl=en&ref_topic=9128571

We process this information based on our legitimate interest (GDPR Art. 6(1) point f) to optimise our website and make content easier to find.

Blog on the website

(1) Comment function

We give our website visitors the opportunity to leave comments on individual posts on a blog. A blog is a usually public portal on a website in which one or more people – known as bloggers or web bloggers – can publish articles or write down their thoughts in blog posts. Third parties can comment on blog posts.
If you leave a comment in the blog on our website, information about the time you entered your comment and your chosen user name (pseudonym) will be stored and published along with your comment. Your IP address will be logged as well. Your IP address is stored for security reasons and for the eventuality that you may violate the rights of third parties or post illegal content in your comment. Your personal data is therefore stored in our own interest so that we can exonerate ourselves from a possible legal violation if necessary. Your personal data will not be disclosed to third parties except where this is required by law or is necessary for our legal defense.

(2) Subscription to comments

You and other people can generally subscribe to the comments made on our website. In particular, as a commenter, you can subscribe to the comments made on a particular blog post after your comment. To do this, simply check the "Notify me of new comments by email" checkbox before submitting your comment.
If you choose to subscribe to comments, we will send you an automatic confirmation email so that you can confirm that you are the actual owner of the indicated email address (i.e. double opt-in). You can cancel the subscription at any time.

(3) Sharing of blog posts

Social bookmarks are implemented in our blog posts. These are internet bookmarks that let you collect and share links and news stories on certain services. These services are implemented on our website as a link in the form of an embedded icon. The services are Facebook, Twitter, LinkedIn and Xing. If you click the icon, you will be redirected to the provider's website. Your user information will not be transferred to the provider until you click the icon. Please see the providers' privacy policies for information on how they handle your personal data.

Third-party modules / analytics tools / advertising

Browser plugin

You may refuse to store cookies by changing your browser settings; please note, however, that in that case, you may not be able to use the full functionality of this website. You can also prevent the data generated by the cookie with regard to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

(1) Web analytics tool Matomo

We have integrated Matomo components on this website. They represent an open source software tool for web analytics. In web analytics, data about your behavior on our website is captured, collected and evaluated. This includes what website referred you to our website, what page on our website you visited or how often and how long you viewed a page. Web analytics helps us optimise our website and improve our internet presence.

The software runs on our own servers, so your data (e.g. log files) is stored exclusively on our servers and is not passed on to third parties.

The purpose of the Matomo components is to analyse flows of visitors to our website. We use the resulting data and information in order, among other things, to evaluate the use of our website and generate online reports that show activities on our website.

Matomo sets a cookie on your system to enable us to analyse your use of our website. Every time you access a single page on our website, the Matomo component causes your system's internet browser to transmit data to our server for online analytics purposes. This process tells us your IP address, which we use to track your origin and clicks, among other things.

The cookie also provides information such as access time, the location you accessed the website from and how often you visit our website. This personally identifiable information (including your IP address) is transmitted to our server every time you visit our website. We store this information and do not pass it on to third parties.

If you do not consent to our website setting a cookie on your system, you can always permanently disable web analytics by unchecking the box below. This also prevents the Matomo cookie from being set. You can also use your internet browser or other software programs to delete previously set cookies at any time.

Matomo web statistics

Matomo takes account of the 'do not track' feature of your browser. If you have activated this function, we will automatically treat this as an objection to Matomo web analytics and will refrain from collecting any data.

However, deactivation may render our website partially unusable for you.

Further information and Matomo's privacy policy can be found at: https://matomo.org/privacy/

(2) LinkedIn link

We have embedded a link from the LinkedIn Corporation on this website. LinkedIn is an internet-based social network that allows users to connect with existing business contacts and make new business contacts.

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland is responsible for data privacy issues outside the US.

Every single time you access our website, the embedded LinkedIn link, once activated, causes your browser to transmit information such as your IP address and browser string to LinkedIn. Further information on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. Through this technical process, LinkedIn receives information about which specific page on our website you visit.

If you are simultaneously logged in to LinkedIn, LinkedIn will recognise which specific page on our website you are visiting each time you visit our website and for the entire duration of your visit to our website. This information is collected by LinkedIn and associated with your LinkedIn account. If you click a LinkedIn button embedded on our website, LinkedIn will associate this information with your personal LinkedIn user account and store this personal data.

LinkedIn is always notified via the link that you have visited our website if you are logged in to LinkedIn when you visit our website; however, this only happens if you click the LinkedIn link. If you do not want this information to be transmitted to LinkedIn, you can block it by logging out of your LinkedIn account before visiting our website and/or not following the link to LinkedIn in the first place.

At https://www.linkedin.com/psettings/guest-controls, LinkedIn provides the option to unsubscribe from email messages, text messages and targeted ads and manage ad settings. LinkedIn has also partnered with Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, Lotame and other companies that can set cookies. You can reject these types of cookies at https://www.linkedin.com/legal/cookie-policy.

LinkedIn’s current privacy policy can be accessed at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy can be accessed at https://www.linkedin.com/legal/cookie-policy.

(3) XING link

We have included a link to the Xing career platform on this website. Xing is an internet-based social network that allows users to connect with existing business contacts and make new business contacts. Individual users can create personal profiles for themselves on Xing. Companies can create company profiles or advertise job vacancies on Xing.

Xing is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Every time you access a page on our website that contains a Xing component (Xing plug-in), the Xing component will automatically cause the internet browser on your information technology system to download a representation of that Xing component from Xing.

Further information on Xing plug-ins can be found at https://dev.xing.com/plugins. Through this technical process, Xing receives information about which specific page on our website you visit.

If you are simultaneously logged in to Xing, Xing will recognise the specific page on our website that referred you to the Xing page. This information is collected by Xing and associated with your Xing account.

If you do not want this information to be transmitted to Xing, you can block it by logging out of your Xing account before visiting our website.

Xing's privacy policy, which can be accessed at https://www.xing.com/privacy, provides information about the collection, processing and use of your personal data by Xing. Xing has also published privacy notices for the XING Share button at https://www.xing.com/app/share?op=data_protection.

The Xing link is used on the basis of GDPR Article 6(1) point (f). We have a legitimate interest in maximising our company's visibility in social media and on business platforms.

b) Contact us / enquiries / newsletter
This section describes the options for contacting the entities and employees in our company.

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the enquiry and asking follow-up questions. We will not share this data without your consent.

The processing of the data entered in the contact form is therefore based first on your consent (GDPR Article 6(1) point (a)). You can revoke your consent at any time. All you have to do is to send us an informal message by email. The withdrawal of consent does not affect the lawfulness of processing prior to the withdrawal. In further correspondence, there may be a change of the legal base (e.g. if you ask for a quotation), in which case your data will be processed in accordance with GDPR Article 6(1) point (b).

We will retain the data you enter in the contact form until you ask us to delete it or revoke your consent to storage or the purpose for which the data was stored ceases to apply (e.g. after your enquiry has been processed). Mandatory provisions of law – retention periods, in particular – remain unaffected hereby.

Email / phone enquiry

If you send us enquiries by email, your details from the email or phone call, including the contact data you provided, will be stored by us for the purpose of processing the enquiry and asking follow-up questions. We will not share this data without your consent.

The processing of the data provided in the email or phone call is therefore based on your consent (GDPR Article 6(1) point (a)). You can revoke your consent at any time. All you have to do is to send us an informal message by email. The withdrawal of consent does not affect the lawfulness of processing prior to the withdrawal. In further correspondence, there may be a change of the legal base (e.g. if the correspondence pertains to business matters), in which case your data will be processed in accordance with GDPR Article 6(1) point (b).

We will retain the data you provide in the email or phone call until you ask us to delete it or revoke your consent to storage or the purpose for which the data was stored ceases to apply (e.g. after your enquiry has been processed). Mandatory provisions of law – retention periods, in particular – remain unaffected hereby.

Newsletter

Our website gives you the option of subscribing to our company's newsletter. The input form determines what personal data are sent to us when you subscribe to the newsletter.

EIKONA AG regularly communicates its products and services to customers, business partners and interested parties by means of a newsletter. You can generally only receive our company newsletter if you (1) have a valid email address and (2) sign up for the newsletter. An opt-in email is sent to the email address you initially provided for receiving the newsletter (double opt-in). This confirmation email is used to verify that you, as the owner of the email address, have authorised the receipt of the newsletter.

When you register for the newsletter, we also store the date and time of registration as well as the IP address assigned by your internet service provider (ISP) to the computer system that you were using at the time of registration. This data has to be collected in order to be able to subsequently identify (possible) misuse of a data subject's email address and therefore serves to protect us legally.

The personal data collected during newsletter registration will be used exclusively for sending our newsletter. Newsletter subscribers could also receive emails if necessary to operate the newsletter service or require registration due to circumstances such as changes in the newsletter programme or in technical conditions. The personal data collected for the newsletter service will not be shared with third parties. You can unsubscribe from our newsletter at any time. You can also revoke your consent to the storage of your personal data, which you have given us for sending the newsletter, at any time. You will find a link to revoke your consent in every newsletter. You can also unsubscribe from our newsletter directly on our website or by contacting us in another way.

The newsletter is sent out on the basis of GDPR Article 6(1) point (f). We have a legitimate interest in providing customers, business partners and interested parties with as much information as possible concerning our products and services.

Newsletter tracking

EIKONA AG's newsletters contain tracking pixels. A tracking pixel is a thumbnail image embedded in emails that are sent in HTML format to enable log files to be recorded and analysed. This supports statistical evaluations of the success or failure of online marketing campaigns. Using the embedded tracking pixel, EIKONA AG can see if and when you opened an email and which links in the email you clicked.

We store and analyse the personal data collected via tracking pixels in newsletters to optimise newsletter mailings and better align the content of future newsletters with your interests. We do not share this personal data with third parties. You may withdraw the separate consent that you gave by double opt-in at any time. We will delete this personal data after the withdrawal of consent. EIKONA AG automatically interprets a cancellation of the newsletter subscription as a withdrawal of consent.

The use of newsletter tracking is based on GDPR Article 6(1) point (f). We have a legitimate interest in providing customers, business partners and interested parties with as much information as possible about our products and services and finding out which of our services have generated the most interest.

c) Data processing for the performance of contracts

If you have entered into a business relationship with our company, e.g. if you have placed an order with us, the processing of data is based on GDPR Article 6(1) point (b). All the data required to initiate, fill or complete this order, such as contact details, property data, service providers involved, photo documentation, plans, orders for goods, etc., may be collected and processed by us without any separate consent.

If it becomes necessary to call in a subcontractor (e.g. other IT service providers, special software suppliers) in order to perform our contract with you, we may also share your data with this subcontractor. We guarantee that we have bound our subcontractors to the same strict data protection requirements that you can expect from us.

In some cases, we may obtain a company report from Creditreform before we set up an order from you. We will clarify any consequences that this data may have for the order with you separately.

We also screen individuals; however, this is done rarely. Our company does this by randomly checking the individual’s creditworthiness prior to signing a contract and, in certain cases with a legitimate interest, after signing a contract (existing customers). To do this, we partner with Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, Germany, who provides us with the necessary data. This requires us to share your name and contact details with Creditreform Boniversum GmbH. You can find the information required by GDPR Article 14 on data processing conducted by Creditreform Boniversum GmbH here:

www.boniversum.de/EU-DSGVO Data relating to orders is subject to different retention periods.

For example, general business correspondence must be retained for 6 years and tax documents for 10 years. We will only share your data within our company where necessary and justified by the subject of your order with us.

d) Handling of application documents

Applications that we receive are first forwarded to LUNISA trust & match GmbH, Industriestr. 2b, 97332 Volkach, where they are processed on behalf of EIKONA AG.

The legal basis for processing your personal data for application purposes is German Federal Data Protection Act (new) (BDSG-neu) § 26.

Data is only collected and processed for this purpose to the extent required by law. Where other data may not be directly necessary to establish the employment relationship, the processing is based on a legitimate interest of the company under GDPR Article 6(1) point (f).

A legitimate interest may arise, for example, for internal organisational and administrative purposes or to protect the company's facilities, systems and assets as well as the data processing systems and data. The processing of your data is permitted unless it is overridden by the protection of your interests or fundamental rights and freedoms.

We can also obtain your consent to process or transfer your data in individual cases. Absent an agreement to the contrary, your consent is voluntary in these cases and can be withdrawn with future effect at any time.

Applications and CVs are shared within our corporate group. The appropriate functional department is then involved in the application process. Functional departments are instructed to treat applications and CVs as strictly confidential. They are not transferred to a third country.

LUNISA trust & match GmbH reserves the right to contact you to obtain your consent to review your application and CV for other vacancies that LUNISA trust & match GmbH has been engaged to fill. Your consent is freely given and can be withdrawn by you without justification at any time. This does not affect your application with EIKONA AG.

The party responsible for collecting, processing and using your personal data is EIKONA AG.

Your personal data will only be stored as long as knowledge of the data is needed for the above purposes or as long as required by law or contract. Your application and CV are usually deleted 6 months after the application process has been completed.
Your data may be stored for a longer period of time if you give us your consent. During this extended period, EIKONA AG will be happy to contact you about new job offers.

e) Use of feedback options

We give you the option to provide us with feedback on our services and our website. You can do so in the following ways:

(1) Link to Google review

You can submit a review with a star rating on Google about your experience with our company while providing your Google username. To do this, you will be redirected to Google's website, where you can log in to your Google account to submit a review.

Google's privacy policy and terms of use can be found at: https://policies.google.com/?hl=en
We reserve the right to publish your Google review on our website for an indefinite period of time using your Google username and review date.

The data processing is carried out according to GDPR Art. 6(1) point (a) on the basis of your consent, which you voluntarily provide by submitting your rating.

(2) Email invitation to submit a rating

If you have subscribed to our newsletter, you can click a link in the newsletter that will take you to Google, where you can rate our services as well as our company as a whole. The information provided on Google in the previous paragraph applies in all other respects.

7. Protection / encryption

This website uses SSL or TLS encryption for security reasons and to protect transfers of confidential information, such as orders or enquiries that you send to us as the website operator. You can tell that your connection is encrypted by the fact that the address line of the browser changes from “http://” to “https://” and by the lock icon in your browser bar.

If SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.

8. Profiling

Being a responsible company, we avoid automatic decision-making or profiling.

9. Timeliness / version

This privacy policy was last revised in March 2021 and is constantly updated and adapted to reflect new laws, regulations and technical developments.