Privacy Policy

I Preliminary Remarks

Our products and services are not developed, produced, and distributed for privat persons. The products and services apply solely to professional users in companies, institutions of research and education, and authorities who possess the required expert knowledge in handling electric drives and supplemental products.

Apart from professional users, this website addresses people with general public interests and applicants interested in a job in our company.

II Controller and Data Protection Officer

The controller in the sense of art. 4 (7) of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, is

ESR Pollmeier GmbH – Servo Drive Technology
Lindenstr. 20
64372 Ober-Ramstadt
Germany
ds‑v@esr.de
Phone: +49 6167 9306-0
Fax: +49 6167 9306-77

You can contact the controller's data protection officer at the postal address or fax number specified above with the endorsement “Data Protection Officer„ or by e-mail at ds‑v@esr.de.

III General Information About Data Processing

1. Scope of Processing of Personal Data

In principle, we collect and use our users' personal data only to the extent necessary to provide both a functional website and our content and services. The collection and use of our users' personal data takes place regularly only with the user's consent. An exception applies to cases in which prior consent cannot be obtained due to practical considerations, and in which the processing of the data is permitted by law.

2. Legal Basis for the Processing of Personal Data

Insofar as we obtain the consent of the data subject for processing personal data, art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data.

Art. 6 (1) (b) GDPR is the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations required to carry out pre-contractual actions.

Art. 6 (1) (c) GDPR is the legal basis for the processing of personal data that is required to fulfil a legal obligation to which our company is subject.

In the event that vital interests of the data subject or another natural person require the processing of personal data, art. 6 (1) (d) GDPR is the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the above-mentioned interest, art. 6 (1) (f) GDPR is the legal basis for the processing.

3. Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as there is no longer a need for the storage. In addition, such storage may take place if provided for by the European or national legislative authorities in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion of a contract agreement or fulfilment of the contract.

IV Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Our websites are hosted on servers in Germany by German companies.

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected here::

• IP address of the access's origin,
• date and time of the access,
• the visited page or the downloaded file,
• HTTP status code of the access,
• transferred data volume,
• information about the user's browser, the preferred language, and the operating system (as long as the browser provides these data),
• website from which the user reached our website, and
• only when accessing pages and files in our protected download areas: user name used for legitimation.

The data is stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.

2. Legal Basis for Data Processing

The legal basis for temporary storage of the data and the log files is art. 6 (1) (f) GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the user's computer. To do this, the user's IP address must be kept for the duration of the session.

Storage in log files occurs to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. Evaluation of the data for marketing purposes does not take place in this context.

For these purposes, our legitimate interest in the processing of data is based on art. 6 (1) (f) GDPR.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

5. Objection and Deletion Options

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. In consequence, the user does not have the option to object.

V Use of Cookies

Our website does not use cookies.

VI Registration

1. Description and Scope of Data Processing

We offer users the opportunity to register for download areas on our website by providing personal information. The data is entered into an input mask, transmitted to us, and stored. A transfer of data to third parties does not take place. The following data is collected during the registration process:

• first name and surname of the user,
• name and address of the company,
• e-mail address we should use for sending a copy of the inquiry and the access authorization,
• phone number in case of further questions,
• the download areas the user wants to access,
• only when accessing the full version of SPP Windows: version of the software in use and commission number of the delivery,
• customer status (direct customer, indirect customer, or no customer),
• only when indirect customer: company that provided the ESR products, and
• date and time of the request.

On issuing the access authorization, the following data is stored:

• company, name and e-mail address of the user receiving the access authorization,
• the download areas to which access is granted,
• user name (company-based) and password,
• the starting date of access authorization.

When accessing the protected download areas by using the assigned user name and password, the user name will appear in the log files together with the other data collected during website access (see above).

As part of the registration process, the user's consent to processing this data is obtained.

2. Legal Basis for Data Processing

The legal basis for the processing of the data is in the user's consent pursuant to art. 6 (1) (a) GDPR.

If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, an additional legal basis for the processing of the data is art. 6 (1) (b) GDPR.

3. Purpose of Data Processing

User registration is required for access to protected download areas of our website. They notably contain operating instructions and software which, in general, the user may only need after conclusion of a contract. The obligation to register serves the protection of our intellectual property and allows us to inform the user about updates of the provided information, if necessary.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This is the case for the data collected during the registration process when the registration to our website is canceled or modified.

This is the case for those during the registration process to fulfill a contract or to carry out pre-contractual measures when the data is no longer required for the execution of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

Perpetual obligations require the storage of personal data during the term of the contract. In addition, warranty and product liability periods must be observed and, if applicable, the storage of data due to tax purposes. The limits for the duration of storage in this context cannot be specified generally, but have to be determined individually for the contracts and contract partners on a case-by-case basis.

5. Objection and Deletion Options

As a user, you have the option of canceling your registration at any time. You can have the data stored about you modified at any time. Please use the e-mail address given on the registration page for this purpose.

VII E-Mail Contact

1. Description and Scope of Data Processing

Receiving and sending e-mails is realized on Germany-based servers run by German companies.

You can contact us by using the e-mail addresses provided on this website. In this case, the user's personal data transmitted in the e-mail will be stored. Data transmission by e-mail in the internet is generally not secure, hence we cannot guarantee that the data transmitted by e-mail is protected from unauthorized access by third parties.

There is no disclosure of the data to third parties in connection with this. The data will be used exclusively for processing the conversation.

2. Legal Basis for Data Processing

The legal basis for the processing of the data transmitted in the course of sending an email is art. 6 (1) (f) GDPR. If the aim of the email contact is to conclude a contract, the additional legal basis for processing the data is art. 6 (1) (b) GDPR.

3. Purpose of Data Processing

The processing of the personal data from e-mails serves us only for establishing contact. This also includes the required legitimate interest in processing the data.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This is the case for the personal data from e-mails when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

Perpetual obligations require the storage of personal data during the term of the contract. In addition, warranty and product liability periods must be observed and, if applicable, the storage of data due to legal provisions. The limits for the duration of storage in this context cannot be specified generally, but have to be determined individually for the contracts and contract partners on a case-by-case basis.

5. Objection and Deletion Options

The user has the option to revoke his consent to the processing of the personal data at any time. He may object to the storage of his personal data at any time by contacting us by email. In such a case, the conversation cannot continue.

Consent and storage may continue to be revoked at any time in writing by fax or letter. The contact details of the company and of the data protection officer are set out in this privacy policy.

All personal data stored as a result of making contact will be deleted in this case.

VIII Rights of the Data Subject

If your personal data is processed, you are the data subject in the sense of GDPR and you have the following rights with regards to the controller:

1. Right to Information

You may ask the controller to confirm if personal data concerning you is processed by us.

If such processing occurs, you can request information from the controller about the following information:

1. the purposes for which the personal data is processed;
2. the categories of personal data that is processed;
3. the recipients or the categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;
4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
5. the existence of a right to correction or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
6. the existence of a right of appeal to a supervisory authority;
7. all available information on the source of the data if the personal data is not collected from the data subject;
8. the existence of automated decision-making, including profiling according to art. 22 (1) and (4) GDPR and – at least in these cases – significant information about the logic involved, as well as the implications and intended effects of such processing on the data subject.

You have the right to request information about whether your personal information has been be transferred to a third country or an international organisation. In this context, you can request the appropriate guarantees pursuant to art. 46 GDPR in connection with the transfer.

2. Right to Correction

You have a right to require that the controller correct and/or complete personal data if processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

3. Right to Restriction of Processing

You may request the restriction of the processing of your personal data under the following conditions:

1. you contest the accuracy of your personal data and provide a sufficient time period for the controller to verify the accuracy of your personal data;
2. the processing is unlawful and you decline to delete the personal data and instead request the restriction of the use of the personal data;
3. the controller no longer needs the personal data for the purposes of the processing, but you need it for the assertion, exercise or defence of legal claims, or
4. you have filed an objection against the processing pursuant to art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of your personal data has been restricted, apart from its storage, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing is limited in accordance with the above-mentioned requirements, you will be informed by the controller before the restriction is lifted.

4. Right to Deletion

a) Deletion Obligations

You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:

1. Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
2. You revoke your consent to the processing pursuant to art. 6 (1) (a) or art. 9 (2) (a) GDPR and there is no other legal basis for processing.
3. You object to the processing pursuant to art. 21 (1) GDPR and there are no legitimate reasons for the processing, or you object to the processing pursuant to art. 21 (2) GDPR.
4. Your personal data has been processed unlawfully.
5. The deletion of your personal data is required in order to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
6. Your personal data was collected in relation to information society services offered pursuant to art. 8 (1) GDPR.

b) Information to Third Parties

If the controller has made your personal data public and if he is obligated to delete it pursuant to art. 17 (1) GDPR, he must take appropriate measures, including technical measures, with due account of the technology available and the costs of implementation, to inform controllers who process the personal data for the purpose of processing that you as the data subject have requested deletion of all links to such personal data or of copies or replications of such personal data.

c) Exceptions

The right to deletion does not exist if the processing is necessary

1. to exercise the right to freedom of expression and information;
2. to fulfil a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or necessary for the performance of a task carried out in the public interest or in the exercise of public authority conferred on the controller;
3. for reasons of public interest in the field of public health pursuant to art. 9 (2) (h) and (i) and art. 9 (3) GDPR;
4. for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to art. 89 (1) GDPR, to the extent that the right referred to in subparagraph a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
5. to assert, exercise or defend legal claims.

5. Right to Information

If you have the right to correction, deletion, or restriction of processing against the controller, he is obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have a right against the controller to be informed about these recipients.

6. Right to Data Portability

You have the right to receive your personal data that you provide to the controller in a structured, common, and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the controller who provided the personal data, provided that

1. the processing is based on consent pursuant to art. 6 (1) (a) GDPR or art. 9 (2) (a) GDPR or on a contract pursuant to art. 6 (1) (b) GDPR and
2. the processing is done using automated procedures.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another controller, as far as technically feasible. Freedoms and rights of other persons may not be hereby affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the controller.

7. Right of Objection

You have the right at any time, for reasons that arise from your particular situation, to object to the processing of your personal data that is taking place pursuant to art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller will no longer process your personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or the processing is for the purpose of enforcing, exercising, or defending legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right of objection through automated procedures that use technical specifications.

8. Right to Revoke the Data Protection Consent Declaration

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation occurred.

9. Automated Decision on an Individual Basis Including Profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or affect you in a similar manner. This does not apply if the decision

1. is required for the conclusion or performance of a contract between you and the controller,
2. is permissible on the basis of Union or Member State legislation to which the controller is subject, assuming this legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
3. is taken with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to art. 9 (1) GDPR, unless art. 9 (2) (a) or (g) applies and reasonable measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to protect your rights and freedoms and your legitimate interests, including at minimum the right to obtain intervention on the part of the controller, to the presentation of your own position, and to hear an appeal of the decision.

10. Right of Complaint to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence or place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to art. 78 GDPR.