Thank you very much for visiting our website. Complying with the regulations of data protection law is very important to our company. The purpose of this data privacy declaration is to inform you, as a user of the website, regarding the type, scope and purpose of processing that is carried out using your personal data, as well as to explain your rights as a data subject in the sense of Art. 4 no. 1 of the General Data Protection Regulation. The following data privacy declaration already takes into consideration the changes according to the General Data Protection Regulation (GDPR) enacted as of 5/25/2018. This declaration also fulfills the applicable requirements of the Telecommunication and Telemedia Data Protection Act.
This website and available services are provided by
CREMER ERZKONTOR GmbH
Beckergrube 38-52
23552 Lübeck
PO Box 1633
23505 Lübeck
Tel: +49 451 929 62 0
Fax: +49 451 929 62 199
Email: dataprotection@erzkontor.com
Website: www.erzkontor.com
Managing Directors: Nils Fleig
We have developed this website so as to collect as little data from you as possible. In general, it is possible to visit our website without providing any personal data. Only if you decide to take advantage of certain services (such as by using the contact form) will it be necessary to process your personal data. When doing so, we always process your personal data only in accordance with a lawful justification, or in accordance with consent granted by you. We comply with the regulations of the General Data Protection Regulation (GDPR), enacted on 5/25/2018, and with applicable national legislation such as the German Federal Data Protection Act, the Telemedia Act, or other specific laws on data protection.
The terms used in this data privacy declaration have the following meanings, in accordance with the GDPR.
“Personal data” is all information that refers to an identified or identifiable natural person (referred to in the following as a “data subject”); a natural person is considered identifiable if they can be identified either directly or indirectly, in particular by assignment to an identifier such as a name, ID number, location data, online identification or by association with one or more specific features that are an expression of the mental, physiological, genetic, intellectual, economic, cultural or social identity of this natural person;
“Processing” describes any procedure or any series of procedures carried out with the assistance of automated processes associated with personal data, such as collecting, recording, organizing, ordering, storing, adjusting or changing, reading out, querying, using, disclosing through transmission, dissemination or other form of delivery, comparison or linking, restricting, deleting, or destroying such data;
“Restriction of processing” describes marking stored personal data with the goal of restricting the future processing of such data;
“Pseudonymization” describes the processing of personal data in such a way that the personal data can no longer be associated with a specific data subject without combining it with additional information, if this additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data cannot be associated with an identified or identifiable natural person;
“Controller” describes the natural person or legal entity, authority, institution or other entity that makes decisions regarding the purposes and means of processing personal data either alone or jointly with others; if the purposes and means of this processing are specified under EU law or the laws of member nations, then the controller or the specific criteria under which the controller is named can be provided under EU law or the laws of member nations;
“Contract processor” describes a natural person or legal entity, authority, institution or other entity that processes personal data on behalf of the controller;
“Recipient” describes a natural person or legal entity, authority, institution or other entity to whom the personal data is disclosed, regardless of whether this is a third party or not. Agencies that may receive personal data in the framework of a specific investigation mandate under EU law or the laws of member nations are not considered recipients; processing of this data by the agencies indicated is carried out in accordance with applicable data protection regulations, depending on the purpose of processing;
“Third party” describes a natural person or legal entity, authority, institution or other entity besides the data subject, controller, contract processor and persons authorized under the direct responsibility of the controller or contract processor to process the personal data;
“Consent” of the data subject describes any voluntary expression of intent granted for the specific case in an unmistakable and informed manner in the form of a declaration or other clearly confirmatory action, by which the data subject indicates that they are in agreement with the processing of their personal data;
We process personal data necessary to legitimate, carry out or execute our range of services on the legal basis of Art. 6 para. 1 lit. b GDPR. If we make use of external service providers in the framework of contract processing, the processing is carried out on the legal basis of Art. 28 GDPR.
We collect, process and use personal data exclusively for the following purposes:
| Purpose of data processing | Legal basis for data processing (“why is the data processing necessary”) |
| to make contact and engage in associated correspondence | in the framework of pre-contractual measures according to Art. 6 para. 1 lit. b GDPR |
| to process your inquiry and provide any further advising requested by you | in the framework of pre-contractual measures according to Art. 6 para. 1 lit. b GDPR or our legitimate interest with respect to other inquiries according to Art. 6 para. 1 lit. f GDPR |
| to regulate pre-contractual matters in the framework of preparing an offer | in the framework of pre-contractual measures according to Art. 6 para. 1 lit. b GDPR |
| to process your application to a job vacancy advertised by us | in the framework of initiating an employment relationship in accordance with Sec. 26 para. 1 in conjunction with para. 2 BDSG |
| to ensure that our website is presented to you in the most effective and interesting manner possible (such as through anonymized analysis) | based on our legitimate interests |
| for the technical implementation of our services | based on our legitimate interests |
We collect and process your personal data only if you provide it to us voluntarily with your knowledge of said processing. This is the case if you contact us and request information on our services and products. In general, this contact is carried out via email. If you contact us via email, you transmit personal data to us voluntarily and make it available for processing. We will only process your data in the framework of the purposes indicated above. If a contract or business relationship does not come into being, we will delete your data once the purpose for which it was collected no longer applies.
The personal data and content you provide are retained exclusively by us and our affiliated companies. We will only store and process your data for the purposes indicated in clause 5. Any usage going beyond the indicated purpose requires your express consent. The same is true of the transmission and transfer of your data to third parties.
The web server temporarily saves the connection data for the requesting computer (IP address), the pages of our website that you visit, the date and duration of your visit, the identification data for the browser used and the operating system type, as well as the website from which you visit us and the fact that access was successful in log files. Technical administration of the websites and anonymous collection of statistical data allow us to analyze access to CREMER ERZKONTOR’s website and to evaluate this data with the goal of improving data protection and data security within our company, in order to ultimately ensure an optimal level of protection for the personal data we process.
Data in the server log files is stored separately from all of the personal data you provide. Unless different retention obligations apply by law, we delete your IP address seven days after you leave our website.
Our website is hosted by an external service provider. The personal data collected on this website is stored on the hoster’s servers. Our hosting service provider will only process your data insofar as this is necessary for it to provide its services, and will follow our instructions in relation to this data. We have concluded a contract data processing agreement with the hosting service provider in accordance with Art. 28 para. 3 clause 1 GDPR. We use the provider All-Inkl.com – Neue Medien Münnich (“All-Inkl”), Hauptstraße 68, 02742 Friedersdorf as our hosting service provider.
You can find contact persons for applications and our current job vacancies at www.erzkontor.com/en/careers/.
If you apply to work at CREMER ERZKONTOR electronically, your information will be used only to process your application, and will not be disclosed to third parties. Please note that applications you send to CREMER ERZKONTOR via e-mail will be transmitted as non-encrypted documents. Therefore, there is a risk that unauthorized persons could intercept and use this data.
We collect and process only the personal data you provide to us in the framework of the application process, such as:
Data is processed in consideration of and in accordance with the applicable General Data Protection Regulation (GDPR) and German Federal Data Protection Act (new version – BDSG-neu), as well as area-specific data protection standards in the course of the application process, such as the Social Security Statute Book, Telecommunication Act and Works Constitution Act.
If necessary, we process your data to safeguard our legitimate interests or the legitimate interests of third parties. These include, in particular, asserting legal claims and defending ourselves in case of legal disputes, as well as business management and development measures.
The legal basis for processing your personal data within the framework of the application process is Sec. 26 para. 1 in conjunction with para. 2 BDSG.
The collected data is transmitted within our company to the responsible office entrusted to carry out the application process that requires the data to fulfill its statutory obligations. Contract processors collaborating with the company can also receive your data for the purposes indicated. In addition to internal group companies, this also includes IT service companies. We would like to note that we do uphold and consider data protection law regulations when disclosing data to third parties in the circumstances described above.
Your data is transmitted only in accordance with the law, your consent that you have granted to us, or if we are entitled to provide information about it. These are data recipients such as affiliated companies (application processes for other advertised positions) for which you have granted us your consent to transmit the data.
Your personal data is processed and stored, if necessary, for the duration of the application process. We delete this data after the purpose for which it was collected is fulfilled, or after 6 months at the latest. If it is no longer necessary to store the data to carry out the application process, and if there is no statutory retention period, or if we do not have your consent justifying a longer storage term, the data will be deleted promptly.
Data is not transmitted to third countries, e.g., countries outside of the European Economic Area EEA.
We do not use any automated decision-making processes in the course of our application process. We do not use data to create profiles to initiate or carry out the application process.
Type and scope of processing
We have integrated components from d.vinci applicant management on our website. d.vinci applicant management is a service of d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, Germany, which offers applicant and staff management software. d.vinci applicant management is used in conjunction with application processes in order to optimize applicant management, for example through automated analysis of reference letters. Furthermore, d.vinci applicant management makes it possible for us to create and evaluate job advertisements.
Purpose and legal basis
We use these services based on our legitimate interests, e.g., our interests in optimizing our application process according to Art. 6 para. 1 lit. f GDPR. The legal basis for data processing is Sec. 26 BDSG.
Storage term
We have no influence over the specific storage term for the processed data; instead, this is determined by d.vinci HR-Systems GmbH. Further information is available in the d.vinci applicant management data privacy declaration: www.dvinci.de/datenschutz .
You have the right to object to the processing of your personal data at any time. If you do object, we will no longer process your personal data. However, if there are grounds (which we must verify) that outweigh your interests, rights and freedoms, or if further processing is carried out for the purpose of asserting, exercising, or defending against legal claims, then an objection is not valid.
The objection can be issued without formal requirements and forwarded promptly to the controller.
You can contact us via email or using our contact form (offer form for business customers). In this case, we will save the personal data you provide in order to process your inquiry and contact you for the purpose of handling your concerns. If we request information via our contact form, we have marked the mandatory fields (asterisk) required when contacting us. We use the voluntary information for further details about your inquiry and to better handle your concerns. You provide the requested data to us on a purely voluntary basis.
Depending on the type of inquiry, the legal basis for this processing is Art. 6 para. 1 lit. b GDPR for inquiries that you yourself submit in the framework of pre-contractual measures, or Art. 6 para. 1 clause 1 lit. f GDPR, if your inquiry is of some other type. The legitimate interest follows from the purposes indicated under clause 3 a.). If personal data is requested which we do not need to fulfill a contract or safeguard legitimate interests, then it shall be transmitted to us only based on your consent according to Art. 6 para. 1 lit. a GDPR.
Our website uses content, services and offers from other providers. Transmission of your IP address is required so that this data can be accessed and displayed in the user’s browser. Therefore, the providers (hereinafter referred to as “third party providers) receive the IP address of the corresponding user.
Although we attempt to use only third party providers who only need the IP address in order to deliver content, we have no influence over whether they may save the IP address. In this case, the information is used for statistical purposes, among other purposes. If we become aware that your IP address is being saved, we will inform you of this.
Type and scope of processing
We use the open source software tool Matomo (formerly PIWIK) on our website. The software saves a cookie in your browser (for more information on cookies, see above). When individual pages of our website are accessed, the following data is saved:
Purpose and legal basis
We process your data with the help of the analytic software Matomo for the purpose of evaluating the use of individual components and content of our website, based on your consent according to Art. 6 para. 1 lit. a GDPR and Sec. 25 para. 1 TTDSG. You grant your consent through your settings for using cookies (cookie banner / consent manager), which you can use to declare revocation at any time with future effect according to Art. 7 para. 3 GDPR. There is no legal or contractual obligation to provide your data. If you do not grant your consent, it is possible to visit our website without restrictions; however, all functions may not be available to you without restrictions.
Storage term
The specific storage germ for the saved cookies is 13 months.
We use our presence on social networks to best present our company, communicate with you as a user, customer, or stakeholder, and inform you about our offered services. In order to use social networks, data is processed outside of the European Union (EU) and European Economic Area (EEA). It is not possible to ensure an equivalent level of data protection to that in the EU in all countries outside of the EU.
In this context, you as the user may be exposed to risks when the transmitted data is processed in so-called third countries with an inappropriate level of data protection.
This makes it more difficult to exercise normal user rights. In addition, your data may be processed by the provider in a third country in a manner that is not in your interest.
The USA does not offer a level of data protection equivalent to the specifications of the GDPR. It is possible that state authorities may access personal data without you or us becoming aware of this. It will most likely not be possible to enforce your rights in the USA.
In addition to the respective provider of a social network, we also collect and process personal data on so-called “fan pages.” With this notice, we hereby inform you which data we collect from you on our presences on social media, how we use it, and how you can object to this data usage. For the individual purposes of data processing and categories of data, please see the respective services described in more detail below.
We carry out our activities on social media, which are described in more detail in the following, based on a balancing of interests according to Art. 6 para. 1 lit. f) GDPR.
We use cookies to do so which collect information on user behavior and make it possible to create a profile of the user.
A list of specific purposes for processing user data is available in the data privacy notices of the respective providers. You can restrict the creation of a profile about you, at least to a certain extent, by changing relevant settings in your user account. For the exact process, please read the corresponding data privacy notices of the respective provider.
The relevant platforms are:
| Platform | Controller | Data privacy notice of the platform operator |
| New Work SE Am Strandkai 1, 20457 Hamburg, Germany |
https://privacy.xing.com/de/datenschutzerklaerung | |
| LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland |
https://de.linkedin.com/legal/privacy-policy? | |
| Meta Platforms Ireland Ltd 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland |
https://privacycenter.instagram.com/policy/ |
CREMER ERZKONTOR GmbH uses profiles on the platforms listed in order to make users aware of products and available services and to interact with customers, stakeholders, and other users of the platform.
In this context, the platform operators also use certain data that they have collected from platform users (such as whether a user “liked” a photo on a profile or added a comment to it) in order to create aggregated usage statistics and provide these to the respective operators of the profile (so-called “insights” or “analytics”). We as a profile operator also receive such usage statistics. The information we receive as a profile operator does not allow us to draw conclusions about individual users. The profile operator themselves has no access to personal data that the platform operator processes in order to create the usage statistics. Only the platform operator determines which data is processed for these purposes, and in what manner. As a profile operator, CREMER ERZKONTOR GmbH & Co. KG cannot exercise any legal or actual influence over processing by the platform operator.
CREMER ERZKONTOR GmbH and the respective platform operator are considered joint controllers in the sense of Art. 26 GDPR for processing associated with the creation of usage statistics.
If possible, agreements on joint responsibility have been concluded with the respective platform operators.
Beyond this, data is processed by CREMER ERZKONTOR GmbH as the profile operator only to a very limited extent.
In general, we only process your name, the content of your message or comment, and “public” profile information that you provide for these purposes.
Cookies are small text files that we send to the browser on your device and that are stored there in the course of your visit to our website. As an alternative to using cookies, information can also be stored in the local storage of your browser. There are some functions of our website that we are not able to offer without using cookies or local storage (technically necessary cookies). Other cookies, in contrast, allow us to carry out different analyses, for example allowing us to recognize the browser you are using the next time you visit our website and transmit a variety of information to us (non necessary cookies). We can use cookies to make our website more user-friendly and effective for you, for instance by tracking your use of our website and determining your preferred settings (such as your country and language settings). If third parties process information using cookies, they collect this information directly through your browser. Cookies do not harm your device. They cannot execute programs, and do not contain viruses.
We will inform you about the services for which we use cookies in the individual processing procedures. For full information on the cookies we use, see the cookie settings or the Consent Manager for this website.
Unfortunately, transmitting information over the internet is never 100% secure, so we are not able to guarantee the security of data transmitted to our website over the internet.
However, we do secure our website against loss, destruction, access, change or distribution of your data by unauthorized persons via technical and organizational measures. In particular, we transmit your personal data in an encrypted format. We use the SSL/TLS coding system (Secure Sockets Layer/ Transport Layer Security) to do so. Our security measures are continuously improved according to new technological developments.
If you are considered a data subject in the sense of Art. 4 no. 1 GDPR, you have the following rights with respect to the processing of your personal data under the GDPR.
Right to confirmation and information
Under the requirements of Art. 15 GDPR, you have the right to request confirmation of whether your personal data is being processed and to receive information free of charge at any time from the controller responsible for the processing regarding the personal data saved on you, as well as to receive a copy of this information.
Right to rectification
Under the requirements of Art. 16 GDPR, you have the right to request prompt rectification of your incorrect personal data. In addition, you have the right to request that incomplete personal data be completed – including with a supplementary declaration – in consideration of the purposes of processing.
Right to deletion
Under the requirements of Art. 17 GDPR, you have the right to request that your personal data is deleted promptly if one of the grounds under Art. 17 GDPR applies, and if the processing is not necessary.
Right to restrict processing
Under the requirements of Art. 18 GDPR, you have the right to request the restriction of processing if one of the stipulations in Art. 18 GDPR applies.
Right to data portability
Under the requirements of Art. 20 GDPR, you have the right to receive the personal data that you have provided to us in a structured, commonly-used and machine-readable format. You also have the right to transmit this data to another controller without our interference, if the further requirements of Art. 20 GDPR apply.
Right to revoke consent
You have the right to revoke consent you have granted us to process personal data at anytime with future effect. Please direct the revocation to the contact information provided above.
Right to object
Under the requirements of Art. 21 GDPR, you have the right to object to the processing of your personal data. If the requirements for an effective objection are fulfilled, then we are no longer entitled to process your data.
Right to submit complaints to a supervisory authority
Regardless of any other legal remedies under administrative or other law, you have the right to submit a complaint to a supervisory authority, in particular in your member state of residence, your workplace or the location of the alleged violation, if you believe that processing of your personal data violates the specifications of the GDPR.
Your personal data is transmitted as described below.
The website is hosted by an external service provider in Germany. By doing so, we ensure that data is processed only in Germany. This is required for the operation of the website and in order to initiate, carry out, and process the existing usage contract, and is possible even without your consent.
In addition, data is transmitted if we are entitled or obligated to disclose the data under statutory regulations and/or an official or court order. This may, in particular, include providing information for the purpose of criminal prosecution, to avoid danger, or to enforce intellectual property rights.
If your data is transmitted to a service provider in the required scope, they will only have access to your personal data as necessary to fulfill their duties. These service providers are obligated to treat your personal data in accordance with applicable data protection laws, in particular the GDPR.
In general, we will not transmit your data to third parties without your consent except in the circumstances described above. In particular, we will not provide any personal data to entities in a third country or an international organization.
With respect to the storage term, we delete personal data once it is no longer necessary to store the data in order to fulfill the original purpose, and once no further statutory retention periods apply. Statutory retention periods ultimately serve as the criteria for determining the final storage term for personal data. After the end of this term, corresponding data is routinely deleted. If there are retention periods, then processing is restricted in the form of blocking the data.
When you access websites that our website refers to, you may be asked for information such as your name, address, email address, browser characteristics, etc. once again. This data privacy declaration does not regulate the collection, transmission or handling of personal data by third parties.
Third party service providers may have their own, differing provisions governing the collection, processing, and use of personal data. Therefore, before entering personal data on third party websites, we advise you to learn about their practices for handling personal data.
We are always improving our website, in order to improve our services for you. We will keep this data privacy declaration up to date and adjust it accordingly if and insofar as this is necessary.
Of course, we will inform you promptly regarding any amendments to this data privacy declaration. We will do so, for instance, via an email to the email address you provide to us. If we require further consent from you for our use of your data, we will of course obtain this consent from you before relevant amendments go into effect.
You can always access the current version of our data privacy provisions online at www.erzkontor.com/legal/datenschutz.html.
We have appointed a Data Protection Officer.
Philipp Herold
www.mein-datenschutzbeauftragter.de
Hafenstr. 1 a
23568 Lübeck
Tel.: +49 451 – 16 08 52 -21 (if necessary. -13)
Email: dataprotection@erzkontor.com
Subsidiaries, partner companies and contacts on almost every continent are key pillars in terms of both our business operations and our cultural exchange. But our headquarters are still located in one of German’s historically most important centers of business and commerce: the Hanseatic city of Lübeck.
Beckergrube 38-52
23552 Lübeck
Phone: +49 451 929 62 0
