Privacy Policy

1. Preamble

We are pleased about your visit to our company's website. The protection of information, and in particular data protection, is of great importance to our management. The websites of EIKONA Media GmbH can generally be used without providing any personal data. However, if a data subject wishes to use special services of our company via our website, the processing of personal data may become necessary.

The processing of personal data is always carried out in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to EIKONA Media GmbH. As the party responsible for processing, EIKONA Media GmbH has implemented numerous technical and organisational measures to ensure the most complete protection possible of the personal data processed via this website. Nevertheless, internet-based data transmissions can in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone or by post.

2. Definitions

This declaration is based on the terms of the General Data Protection Regulation (Art. 4 GDPR):

Personal data: all information available to us as the controller that allows us to identify you as a natural person (e.g. name, address, email, telephone number, IP address).
Data subject: any natural person, provided we have identified or can identify you.
Processing: any collection, storage, further processing, forwarding, archiving and deletion of data.
Restriction of processing: the marking of stored personal data with the aim of limiting their future processing.
Profiling: any kind of automated processing of your data that consists of using this data to evaluate certain personal aspects.
Pseudonymisation: a procedure to provide your personal data with an identifier so that it can no longer be attributed to a data subject without the use of additional information.
Controller: EIKONA Media GmbH, with which you have a contractual relationship.
Processor: a company that has been commissioned by EIKONA Media GmbH to assist us in the collection, processing, storage, forwarding or deletion of your data.
Consent: any freely given expression of will provided by you for the specific case.

3. Name and Address of the Controller

EIKONA Media GmbH
Am Alten Bahnhof 8
D-97332 Volkach

Management: Torsten Herbert, Patrick Krisch
Phone: 09381 / 71 77 8-0
Email: kontakt@eikona-media.de

4. Data Protection Officer

pco GmbH & Co. KG
Am Alten Bahnhof 8
97332 Volkach
Email: datenschutz@eikona-media.de
Phone: +49 541 605 1500
www.it-ist-alles.de

5. Rights of the Data Subject

In accordance with Chapter 3 of the GDPR, you as a data subject have the rights listed below. To enable us to fulfil our obligations in connection with your rights in a legally compliant manner, please address corresponding requests to our data protection officer.

a) Art. 15 – Right of Access

You have an unrestricted right to request information about the personal data we process about you. This information must be provided to you free of charge. You may request information about the following, which must also be provided to you in a copy:

the purpose of processing your data,
the categories of data,
the internal and external recipients of your data,
the duration of data storage,
your rights under Chapter 3 in connection with the data processing,
the origin of the data, insofar as it was not collected from you,
whether profiling has been carried out,
whether your data has been transferred to a third country (outside the EU and EEA),
which data protection authority is responsible for our company.

b) Art. 16 – Right to Rectification

If we process incorrect data about you, you can have it corrected at any time via your contact person.

c) Art. 17 – Right to Erasure

You have the right at any time to request the erasure of your personal data. It may happen that we are legally obliged to retain your data for a certain retention period (e.g. 6 years for business correspondence or 10 years for documents with tax relevance). In such a case, we will block your data record until the retention period has expired and then delete it accordingly. Please address erasure requests to the data protection officer, who will exercise your rights within our company on your behalf.

d) Art. 18 – Right to Restriction of Processing

If you dispute the accuracy of our data about you, or if you refuse the erasure of your data and instead request restriction (e.g. in the case of advertising mailings), you can request the restriction of processing from us. We will then set your data to blocked.

e) Art. 19 – Notification Obligations Regarding Rectification, Erasure or Restriction

We are obliged to notify all recipients of your data of any rectification, erasure or restriction requested by you, insofar as this is possible and can be realised with a proportionate effort. We will inform you about the recipients of your data if you request this.

f) Art. 20 – Right to Data Portability

You have the right at any time to request from our company a transfer of your data to another controller. This relates to all master data we hold about you. Where technically possible, we will provide the data record in a common machine-readable format (e.g. .csv).

g) Art. 21 – Right to Object

Should a data processing be based on Art. 6 (1) (f) (so-called legitimate interest), you can object to the processing in this context.

h) Art. 77 – Right to Lodge a Complaint with a Supervisory Authority

You have the right at any time to lodge a complaint with the data protection supervisory authority responsible for our company if you are of the opinion that we are in any way infringing the provisions of the GDPR. The following authority is responsible for EIKONA Media GmbH:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany

You can reach the website of the data protection supervisory authority via the following link: https://www.lda.bayern.de/de/index.html

6. Processing Operations

The processing of personal data is carried out under the following legal bases:

Art. 6 (1) (a) GDPR: consent for specific processing purposes.
Art. 6 (1) (b) GDPR: performance of a contract or pre-contractual measures.
Art. 6 (1) (c) GDPR: fulfilment of legal obligations.
Art. 6 (1) (d) GDPR: protection of vital interests.
Art. 6 (1) (f) GDPR: legitimate interests of the company or third parties.

a) Website

Cookies

Cookies are small files that are stored on the user's computer and saved by the browser. Session cookies are automatically deleted at the end of the visit; persistent cookies remain until they are deleted manually. They enable recognition functions as well as the storage of language settings and login information.

The legal basis for functionally necessary cookies is Art. 6 (1) (f) GDPR (legitimate interest in error-free provision). Other cookies are dealt with separately in this declaration. Users can deactivate cookies via the browser settings, which may however restrict functionality.

Server Log Data

EIKONA Media GmbH or its website provider collects the following data and stores it as "server log files":

the website visited,
the date and time of access,
the amount of data sent in bytes,
the source/referrer,
the browser used,
the operating system used,
the IP address used (anonymised).

This data is used for statistical analyses and for improving the website. The company reserves the right to subsequently review server log files should there be concrete indications of unlawful use.

Blog on the Website

The company offers a blog to provide information about relevant topics, with the option to share articles. Social bookmarks (Facebook, Twitter, LinkedIn, XING) are implemented as links with embedded graphics. Only after a user clicks are user details transmitted to the respective provider. The provider's data protection conditions apply to their handling of personal data.

Third-Party Modules / Analysis Tools / Advertising

(1) Google Tag Manager

The Google Tag Manager is provided by Google Ireland Limited and is used to manage website tags. The Google Tag Manager itself is a cookieless domain that does not set cookies and works without processing personal data. It is responsible for triggering other tags, whose data it cannot access. Deactivations at domain or cookie level remain in place for all tracking tags implemented via the Google Tag Manager.

(2) Google Analytics

With prior consent, the company uses Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for the needs-based design and ongoing optimisation of its pages. Pseudonymised usage profiles are created and cookies are used. The following information is transmitted to and stored on Google servers in the USA:

browser type/version,
operating system used,
referrer URL,
host name/IP address,
time of the server request.

The information is used to evaluate the use of the website, to compile reports on website activities and to provide further services connected with the use of the website. The IP address is anonymised (IP masking); no merging with other Google data takes place.

Note: In the USA there is no level of data protection equivalent to that in the EU, as there is no adequacy decision and US law grants security authorities far-reaching access powers. EU citizens lack legal remedies in this regard.

The legal basis is Art. 6 (1) (a) GDPR (the user's consent via the consent banner). This can be revoked at any time via the consent banner settings. A browser add-on for deactivation is available at https://tools.google.com/dlpage/gaoptout?hl=en. Further information: https://support.google.com/analytics/answer/6004245?hl=en.

(3) Google Ads and Google Conversion Tracking

The company uses Google Ads to promote products and services. As part of Google Ads, conversion tracking is used. When you click on an ad, a conversion tracking cookie (valid for 30 days) is stored on your device. This cookie contains no personal data and is not used for personal identification.

If the user visits certain pages of the website and the cookie is still valid, Google and the company can recognise that an ad was clicked and that a redirect took place. Each Google Ads customer uses a different cookie; tracking across the websites of Ads customers is not possible. The information collected via the conversion cookie is used to create conversion statistics. Customers learn the total number of users who clicked on their ad and were redirected to a conversion tracking page, but receive no information that personally identifies users.

The legal basis is Art. 6 (1) (a) GDPR (the user's consent via the consent banner). The consent can be revoked at any time via the consent banner settings. Further information: http://www.google.com/policies/technologies/ads/ and http://www.google.de/policies/privacy/.

(4) YouTube Links

The company has integrated components of the YouTube video platform. YouTube is an internet video portal of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), a subsidiary of Google LLC (1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA).

Each time a subpage on which a YouTube component is integrated is called up, the internet browser is automatically prompted to download a representation of the corresponding YouTube component from YouTube. In the course of this procedure, YouTube and Google become aware of which specific subpage is visited. If the user is simultaneously logged in to YouTube, YouTube recognises the visit and assigns the information to the YouTube account – regardless of whether a video is clicked or not. To prevent this transmission, the user can log out of their YouTube account before calling up the website.

YouTube privacy policy: https://policies.google.com/privacy?hl=en.

Contact Form

Inquiries submitted via contact forms are stored, including the contact data provided, for the purpose of processing and for follow-up questions. The data is not passed on without consent.

The legal basis is initially Art. 6 (1) (a) GDPR (the user's consent). This can be revoked informally at any time; the lawfulness of previous processing remains unaffected. In further correspondence, the legal basis may change (e.g. for a request for a quote pursuant to Art. 6 (1) (b) GDPR). The data remains stored until a deletion request, revocation of consent, or the purpose of storage no longer applies. Mandatory statutory retention periods remain unaffected.

Email / Telephone Inquiry

Inquiries by email or telephone are stored, including the contact data provided, for the purpose of processing and for follow-up questions. The data is not passed on without consent.

The legal basis is Art. 6 (1) (a) GDPR (the user's consent). This can be revoked informally at any time; the lawfulness of previous processing remains unaffected. In further correspondence, the legal basis may change (e.g. for business correspondence pursuant to Art. 6 (1) (b) GDPR). The data remains stored until a deletion request, revocation of consent, or the purpose of storage no longer applies. Mandatory statutory retention periods remain unaffected.

The company offers a newsletter subscription. Individuals can only receive the newsletter with a valid email address and after registration. For legal reasons, a confirmation email is sent to the email address entered for the first time using the double opt-in procedure, in order to verify that the owner has authorised the delivery of the newsletter. The following are stored upon registration:

the email address,
the IP address of the computer system assigned by the internet service provider,
the date and time of registration.

This data is required to be able to trace any later misuse of the email address and serves as legal safeguarding. The data collected as part of the newsletter registration is used exclusively to send the newsletter. The data is not passed on to third parties. The subscription can be cancelled at any time; every newsletter contains an unsubscribe link.

The legal basis is Art. 6 (1) (f) GDPR (legitimate interest in comprehensively informing customers, business partners and interested parties about products and services).

c) Data Processing for the Performance of Contracts

In the case of business relationships (e.g. placing an order), data processing is carried out on the basis of Art. 6 (1) (b) GDPR. All data necessary for the initiation, performance or conclusion of the order, such as contact data, object data, involved service providers, photo documentation, plans, goods orders, etc., may be collected and processed without separate consent.

If a subcontractor (e.g. IT service provider, supplier of specialist software) is required to fulfil the order, the company may pass on data to them. Subcontractors are bound by data protection requirements as strict as those of the company itself.

In individual cases, the company obtains company information via Creditreform. Should this result in consequences for the order, this will be clarified separately with the customer. The company carries out random credit checks upon conclusion of contracts and, in certain cases with legitimate interest, also for existing customers. For this purpose, it cooperates with Creditreform Boniversum GmbH (Hellersbergstraße 11, 41460 Neuss, Germany), which transmits the required data to the company. For this purpose, name and contact data are transmitted to Creditreform Boniversum GmbH. Information on data processing at Creditreform Boniversum GmbH: https://www.boniversum.de/eu-dsgvo/?lang=en.

The data is subject to different retention periods (general business letters: 6 years; documents with tax relevance: 10 years). It is passed on within the company only to the extent justified by the subject of the order. Mandatory statutory retention periods remain unaffected.

7. Protection / Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

8. Profiling

As a responsible company, we refrain from automatic decision-making or profiling.

9. Status and Amendment of this Privacy Policy

This privacy policy is dated January 2023 and is subject to constant updating and adaptation to new legal requirements and technical developments.