Data Protection Policy of EIZO GmbH
The data protection policy of EIZO GmbH provides information concerning the collection of personal data. “Personal data” refers to all information by which it is possible to make inferences about, or identify, a specific natural person.
EIZO GmbH operates the websites www.eizo-or.com and www.eizo-endo.com.
1. Name and contact details of the responsible party
HRB 703009, Commercial Register of the District Court of Mannheim, Germany
represented by Mr. Peter Ziegler, CEO
Phone: +49 721 20321-0
Fax: +49 721 20321-471
1.2. Data Protection Officer (DPO)
Mr. Maximilian Marxen, Attorney
Rintheimer Str. 63 a
2. Scope and purpose of personal data processin
2.1. Website access
When you visit the websites www.eizo-or.com and www.eizo-endo.com, your web browser automatically sends data to our web server and temporarily stores a protocol file (so-called log file).
Our websites use SSL encryption for the personal data that you send us, for example in the contact form fields. An encrypted site can be recognized by the characters “https://” at the beginning of the URL, and the locked padlock icon in the browser search bar.
- device IP address
- date and time of access
- name and URL of the page you have accessed
- website or source from which you reached our websites (the so-called referring URL)
- browser and operating system of your device, as well as the name of the access provider you use
These personal data are processed in accordance with Article 6, paragraph 1, clause 1, letter (f) of the General Data Protection Regulation (GDPR). We have a legitimate interest in processing data for the purposes of:
- ensuring rapid connection to our websites;
- making our websites user-friendly;
- guaranteeing the security and stability of the system; and
- facilitating and improving the administration of the websites.
Data are expressly not processed with the aim of obtaining knowledge about you.
You can contact us by email. If you do so, your personal data will be gathered. Data are obtained solely for the purposes of responding to your message and for the related technical processing.
In the context of job applications, we will also collect and store the data you send.
These personal data are processed in accordance with Article 6, paragraph 1, letter (f) of the GDPR. If you contact us in order to conclude a contract, Article 6, paragraph 1, letter (b) of the GDPR will also be applicable.
Your data will be erased following the final processing of the respective issue, provided there is no statutory retention period. If a contract has been concluded, the data will be erased on completion of the contract and the expiration of the respective statutory retention period.
2.3. User accounts
You may apply for a user account in order to gain access to the product database, manuals, and other product-specific documents. If you do so, your personal data will be gathered. The registration form will indicate which data will be collected. Data are collected solely for the purposes of responding to your requests, and for the related technical processing.
These personal data are processed in accordance with Article 6, paragraph 1, letter (f) of the GDPR. If you contact us in order to conclude a contract, Article 6, paragraph 1, letter (b) of the GDPR will also be applicable.
Your data will be erased following the deletion of your user account, provided there is no statutory retention period. If a contract has been concluded, the data will be erased on completion of the contract and the expiration of the respective statutory retention period.
3. Disclosure of data
Personal data will be transmitted to third parties if
- the data subject has expressly given their consent, pursuant to Article 6, paragraph 1, clause 1, letter (a) of the GDPR;
- disclosure is required for the establishment, exercise, or defense of legal claims, pursuant to Article 6, paragraph 1, clause 1, letter (f) of the GDPR, and there are no grounds for believing that the data subject has overriding legitimate interests that require the protection of their personal data;
- there is a legal obligation in place, pursuant to Article 6, paragraph 1, clause 1, letter (c) of the GDPR; and/or
- it is required, pursuant to Article 6, paragraph 1, clause 1, letter (b) of the GDPR for the performance of a contract to which the data subject is party.
In all other cases, personal data will not be forwarded to third parties.
Cookies are used on the websites. These are data files that are exchanged between the website server and your browser. They are saved on the web browser of the device you use when you access the websites (e.g. PC, notebook, tablet, smartphone, etc.). Cookies do not therefore cause any damage to the devices used. In particular, you will not be exposed to viruses or other harmful software. Cookies store information that the visited sites send to the user’s terminal. We are unable in any way to obtain direct knowledge of your identity.
Cookies are generally accepted according to the basic settings in your browser. Your browser preferences can be set so that either cookies are not accepted on the devices used, or specific notice is given before the creation of a new cookie. It should be noted, however, that deactivating cookies may prevent optimal functioning of the websites.
Temporary cookies are created to make the website more user-friendly. They are stored on your device for a certain period of time. If you visit the website again, it will automatically recognize that you have accessed the site previously, and which inputs and settings you created, thus saving you from needing to repeat these steps.
Cookies are also used to analyze website visits for statistical purposes, and to improve functionality. When you visit a website, these cookies automatically recognize whether you have accessed the site earlier. In this case, there is a defined period after which the cookies are automatically deleted.
The data processed by cookies for the above purposes are used to pursue our legitimate interests, pursuant to Article 6, paragraph 1, clause 1, letter (f) of the GDPR, to provide optimal website functioning and a user-friendly and efficient experience for end users.
5. Website analysis services, tracking, plugins to social networks (social plugins)
5.1. Matomo (formerly Piwik)
Our websites use Matomo (www.matomo.org), a program provided by InnoCraft Ltd., 150 Willis St., 6011 Wellington, New Zealand, to protect our legitimate interests in the statistical analysis of user behavior for the purposes of optimization and marketing, pursuant to Article 6, paragraph 1, letter (f) of the GDPR. Pseudonymous user profiles can be created and assessed from these data for the same purposes. Cookies can be generated here (see point 4 above). Cookies are text files that are stored locally in the temporary cache of your Internet browser, making it possible, among other things, to recognize the web browser. The data collected and stored by Matomo, including your pseudonymized IP address, are processed on our servers.
The information generated by the cookie in the pseudonymized user profile is not used to identify you personally, nor is it merged with the personal data of the bearer of the pseudonym.
If you do not agree to the storage and analysis of the data generated during your visit, you can state your objection at any time by clicking with your mouse. In this case, a so-called opt-out cookie will be placed on your browser, and consequently Matomo will not collect any session data.
Please bear in mind that the deletion of your cookies on the system leads to, among other things, the deletion of the Matomo opt-out cookie, which must therefore be reactivated the next time you visit the website.
The so-called social plugins of the Facebook social network are used on our website. These are offered and operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.
Facebook, Inc. is headquartered in the USA and is certified according to the EU-U.S. Privacy Shield data protection treaty, which ensures adherence to the same level of data protection applicable in the EU.
We use the plugins “Like” and “Share”. These are identified by the Facebook logo. An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins
When you visit a page on our website that contains a Facebook plugin, your browser sets up a direct connection to the Facebook servers. The content of the Facebook plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this connection, Facebook obtains the information that your browser has called up the respective page of our website, even if you do not have a Facebook profile or are not logged into Facebook at the time. This information (which includes your IP address) is sent directly to a Facebook server in the USA and stored there.
If you are registered with Facebook and logged in, Facebook can directly assign your visit to our website to your Facebook profile. Every interaction, such as the use of the “Like” button or making a comment, is directly sent to a Facebook server and stored there. The information may also be published to your Facebook profile, depending on your selected privacy settings, and displayed to your Facebook friends and third parties.
The data processing procedures described here are in accordance with Article 6, paragraph 1, letter (f) of the GDPR, based on Facebook’s legitimate interests in including personalized advertising in order to inform other users of the social network about your activities on our website, and to structure their services according to needs.
If you do not want Facebook to assign the data gathered from our website directly to your profile, you must log out from Facebook before visiting our website. You can also prevent the loading of the Facebook plugin in the future, and thus the data processing procedures described above, with add-ons for your browser, such as the “NoScript” script blocker (http://noscript.net/).
The purpose and scope of data collection and the further processing and use of the data by Facebook, as well as your related rights and settings options for the protection of your privacy, can be found in Facebook’s data protection policy:
So-called social plugins from the short message service Twitter are used on our website. These are offered and operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The party responsible for processing the data of those living outside the USA is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
Twitter Inc. is headquartered in the USA and is certified according to the EU-U.S. Privacy Shield data protection treaty, which ensures adherence to the same level of data protection applicable in the EU.
Please note that you make use of the Twitter short message service and its functions (such as sharing and liking) on your own responsibility.
Information about which data are processed by Twitter, and the purpose of data collection, can be found in Twitter’s data protection policy: https://twitter.com/de/privacy
We have no influence over the type and scope of data collected and processed, the type of processing and use, or the transmission of these data to third parties. We have no available monitoring mechanisms.
When you use Twitter, your personal data will be harvested by Twitter Inc., transmitted, stored, published, and used. They will therefore be transmitted, stored, and used independently of your residence in the USA, Ireland, or any other country in which Twitter Inc. is legally active.
On the one hand, Twitter processes your voluntarily entered data, and, on the other, Twitter analyzes the content you share to find out which topics you are interested in. It stores and processes confidential messages that you send directly to other users, and is able to determine your location using GPS data, information from wireless networks, or your IP address, in order to send you advertising or other content.
Twitter Inc. uses analytical tools such as Twitter Analytics or Google Analytics. We have no influence over the use of such tools by Twitter Inc., thus we are not informed about their potential deployment. We are able to see only specified, non-personal information about tweet activities, such as the number of profile or link clicks connected to a specific tweet.
When you visit a page of our website that contains a Twitter button (widget), your browser sets up a direct connection to the Twitter servers. The content of the Twitter plugin is transmitted directly by Twitter to your browser and integrated into the page. Through this connection, Twitter obtains the information that your browser has visited the respective page of our website (especially IP address, type of browser, operating system, information about the referring website and previously visited pages, your location, your cell phone provider, and the device you are using, including the device ID and user ID), the search terms you used, and your cookie information, even if you do not have a Twitter profile or are not currently logged into Twitter. This information (including your IP address) is sent directly to a Twitter server in the USA, and stored there.
The purpose and scope of data collection and the further processing and use of the data by Twitter, as well as your related rights and setting options for the protection of your privacy, can be found in Twitter’s data protection policy.
Options to restrict the processing of your data are available via the Twitter account general settings, and under the “Privacy and Security” settings. In addition, you can use the settings on your mobile devices (smartphones and tablets) to restrict access by Twitter to your contacts, calendar, photos, location data, etc. However, this depends on the operating system you are using.
We process your data in the following ways. We do not gather any data from your Twitter account. However, when we retweet your tweets, or when we respond to your tweets or to tweets that refer to your account, we process the data that you have submitted to Twitter, especially your user name and the content that has been published from your account. The data that you allow Twitter to publish and disseminate will be included in our offer and made available to our Twitter followers.
Further information about these points can be found on the following Twitter support pages:
On our website, we use YouTube plugins offered and operated by YouTube, LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Google LLC is headquartered in the USA and both it and its subsidiaries are certified according to the EU-U.S. Privacy Shield data protection treaty, which ensures adherence to the same level of data protection applicable in the EU.
When you visit a page of our website that features a YouTube plugin, your browser will allow a YouTube component to download the respective YouTube component from YouTube.
YouTube collects information about the YouTube services you use and the way they are used, for example when you watch a video on YouTube, or visit a website that uses YouTube advertising services. These data include:
a model of the hardware you use, the version of the operating system, unambiguous device identification, and information about your cell phone network, including your phone number. Google may associate your device ID or phone number with your Google account.
- Details about the ways in which you use YouTube services, such as your search queries.
- Telephone protocol information, such as your phone number, caller number, forwarding numbers, date and time of call, duration of call, SMS routing information, and type of call.
- IP address
- Data about device events, such as crashes, system activity, hardware settings, browser type, browser language, date and time of query, and referring URL.
- Cookies that can be clearly identified by your browser or your Google account.
If you are logged into YouTube, information will be collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google collect information, via the YouTube components, that the data subject has visited our website if the data subject logs into YouTube at the same time as they are logged into our website. This happens whether or not the data subject has clicked on a YouTube video. If the data subject does not agree to the transmission of such information to YouTube and Google, the transmission can be prevented by logging out of their YouTube account before visiting our website.
The data protection policy published by YouTube/Google can be found on the following link:
6. Your rights as a data subject
As a data subject according to the GDPR, the GDPR provides you with the following rights in relation to the processing of your personal data by us while you are visiting our websites.
6.1. Information, GDPR Article 15
You have the right to request information from us about whether we have stored and processed your personal data, and, if so, which data.
The right to information does not apply if the provision of the requested information would be in breach of a statutory obligation of secrecy, or if the information must be kept confidential for other reasons, especially the overriding interest of a third party. By contrast, there may be an obligation to provide information if, in particular with respect to the threat of damage, your interests override the interest of maintaining confidentiality. The right to information is likewise not applicable if the data are stored only because they may not be erased due to a statutory or corporate retention period, if they serve only for the purposes of data security or data protection monitoring, if the provision of the information would entail disproportionate expense, or if processing for other purposes is excluded by appropriate technical and organizational measures.
If the right to information is applicable in your case, and if we are processing your personal data, you may request the following information from us:
- the purpose of the data processing;
- the categories of personal data that we are processing;
- the recipients, or categories of recipients, to whom your personal data have been disclosed, especially recipients in nonEU countries;
- if applicable, the planned term for which your personal data will be stored, or, if this is not possible, the criteria used to determine the duration of storage;
- the right to correct, erase, or restrict the processing of your personal data, or the right to object to their processing;
- the right to make a complaint to a data protection authority;
- in the event that the personal data have not been gathered from you as a data subject, available information about the origin of the data;
- where applicable, the existence of automated decision making, including profiling, and meaningful information about the logic involved, as well as the implications and intended impact of automated decisionmaking; and
- if applicable, in the event of transmission to recipients in nonEU countries, where there is no decision on the part of the European Commission concerning the appropriate protection level pursuant to Article 45, paragraph 3 of the GDPR, information about the kind of safeguards provided for the protection of personal data, pursuant to Article 46, paragraph 2 of the GDPR.
6.2. Correction and rectification, GDPR Article 16
If you discover that we have inaccurate personal data about you, you can request the immediate correction of such data. If your personal data are incomplete, you can request their rectification.
6.3. Right to erasure, GDPR Article 17
You have the right to erasure (“right to be forgotten”) as long as the purpose of the processing is not to exercise the right to freedom of expression or the right to information, to fulfill a statutory obligation, or to complete a task that is in the public interest, or unless one of the following applies:
- The personal data are no longer necessary for the purpose for which they were processed.
- The legal basis for processing your data was solely your consent, which you have withdrawn.
- You have raised an objection to the processing of your personal data that we made public.
- You have raised an objection to the processing of your personal data that we have not made public, and there are no overriding legitimate grounds for their processing.
- Your personal data have been unlawfully processed.
- The erasure of personal data is required by a statutory obligation to which we are subject.
No right to erasure exists if erasure in the case of legal, non-automated data processing is not possible due to the special means of storage, or is only possible at unreasonably high cost, and your interest in erasure is minor. In this case, rather than erasure, processing is restricted.
6.4. Restriction of processing, GDPR Article 18
You may request the restriction of data processing if one of the following applies:
- You challenge the accuracy of the personal data. In this case, the restriction may be requested for a period that enables us to verify the accuracy of the data.
- The processing was unlawful, and, rather than erasure, you request the restriction of the use of your personal data.
- We no longer need your personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims.
- You have objected to processing pursuant to Article 21, paragraph 1 of the GDPR. A restriction on processing may be requested pending verification of whether our legitimate grounds override yours.
The restriction of processing means that personal data may only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest. We are obliged to inform you before the restriction of processing is lifted.
6.5. Notification obligation, GDPR Article 19
Insofar as you have requested from us the correction, erasure, or restriction of processing of your personal data (see points 6.2, 6.3 and 6.4), we are obliged to communicate the rectification or erasure of your data or restriction of processing to each recipient to whom your personal data have been disclosed.
If this proves impossible or requires disproportionate effort, we will inform you about these recipients.
6.6. Data portability, GDPR Article 20
You have the right to data portability, provided the processing of your data is based on your consent (Article 6, paragraph 1, clause 1, letter (a), or Article 9, paragraph 2, letter (a) of the GDPR), or on a contract to which you are a party, and the processing is carried out using automated means. The right to data portability in this case implies the following rights, provided that the rights and freedoms of others are not adversely affected: You may request from us the personal data that you have provided to us in a structured, commonly used, and machine-readable format. You have the right to transmit these data to another party without hindrance on our part. If technically feasible, you may request that we directly transmit your personal data to another party.
If the data processing is based on Article 6, paragraph 1, clause 1, letter (e) of the GDPR (performance of a task carried out in the public interest or the exercise of official authority) or Article 6, paragraph 1, clause 1, letter (f) of the GDPR (the legitimate interests of the responsible party or a third party), you have the right to object at any time to the processing of your personal data for reasons arising from your specific situation. This also applies to profiling, pursuant to Article 6, paragraph 1, clause 1, letters (e) or (f) of the GDPR. If you exercise your right to object, we will no longer process your personal data, unless we are able to demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or unless the processing is related to the establishment, exercise, or defense of legal claims.
You may object at any time to the processing of your personal data for the purposes of direct advertising. This also applies to profiling that is connected to direct advertising. If you exercise your right to object, we will no longer use your personal data for the purposes of direct advertising.
You may notify us about your objection by telephone, email or fax, or by writing to the postal address given at the beginning of this company data protection policy, without the need to use a special form.
6.8. Right of withdrawal, GDPR Article 7, paragraph 3
You have the right to withdraw your consent at any time with future effect; in this case, we will immediately erase data related to the data subject, as long as the further processing of your personal data cannot be supported on legal grounds for processing without consent.
Notification of the withdrawal of consent may be given by telephone, email or fax, or in writing to our postal address. Withdrawal does not affect the lawfulness of the data processing carried out based on your consent prior to its withdrawal.
6.9. Right to object, GDPR Article 21
You have the right to object at any time to the processing of your personal data if, in the balancing of interests, the data processing was carried out on the grounds of our legitimate interests (see Article 6, paragraph 1, clause 1, letter (f) of the GDPR), which are overridden by grounds relating to your particular situation.
If your exercise your right to object, we will no longer process your personal data.
We will continue to process your data only in cases where we can prove on balance that processing is necessary for the purposes of our legitimate interests that override your interests or fundamental rights and freedoms, especially if the further processing supports the establishment, exercise, or defense of legal claims.
6.10. Complaints, Article 77 GDPR
If you consider that the processing of your personal data has been carried out by us unlawfully, you may lodge a complaint with a data protection authority in the state of your habitual residence or place of work or the place of the alleged infringement.
7. Duration of storage
The duration of the storage of your personal data depends on the respective statutory retention period, and in particular the period established by commercial or tax law.
In addition, your personal data will be erased unless they are needed for the purposes of concluding a contract or fulfilling or implementing a contract. This is especially relevant for the establishment, exercise, or defense of legal claims within the respective statute of limitations.
Fair processing note
We handle your data confidentially.
You can download our note on data protection here: Fair processing note EIZO GmbH