Data Protection

Who we are

The accountable body within the meaning of Art. 4 Paragraph 7 DGSVO for data processing on this website is:

EOS Saunatechnik GmbH
Schneiderstriesch 1
35759 Driedorf, Germany

Phone: +49 2775 82 0
E-Mail: datenschutz@eos-sauna.de

The accountable body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

Legally required data protection officer

We have appointed a data protection officer for our company.

Data protection officer at EOS Saunatechnik GmbH
Schneiderstriesch 1
35759 Driedorf, Germany

If you have any questions about data protection, contact our data protection officer at the above address / email: datenschutz@eos-sauna.de.

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission via internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

Definitions

Based on the model of Art. 4 GDPR, this data protection notice is based on the following definitions:

  • “Personal data” (Art. 4 No.1 GDPR) is any information relating to an identified or identifiable natural person (“data subject”). A person can be identified if they can be identified directly or indirectly, in particular by means of an assignment to an identifier such as a name, an identification number, an online identifier, location data or using information about their physical, physiological, genetic, psychological, economic, cultural or social identity characteristics can be identified. The identifiability can also be provided by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photos, video or sound recordings can also contain personal data).
  • “Processing” (Art. 4 No. 2 GDPR) is any process in which personal data is handled, whether with or without the help of automated (i.e. technology-based) processes. In particular, this includes collecting (i.e. acquiring), recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosing through transmission, distribution or other provision, comparison, the linking, the restriction, the deletion or the destruction of personal data as well as the change of an objective or purpose on which data processing was originally based.
  • “Responsible” (Art. 4 No.7 GDPR) is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
  • “Third party” (Art. 4 No.10 GDPR) is any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data; this also includes other corporate legal entities.
  • “Processor” (Art. 4 No. 8 GDPR) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible, in particular in accordance with their instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.
  • “Consent” (Art. 4 No.11 GDPR) of the data subject means any voluntary, informed and unequivocal expression of will in the form of a declaration or other clear affirmative action with which the data subject indicates that you consent to the processing of your personal data.

Personal data

Personal data is information that can be used to find out personal or factual circumstances about you, such as your name, address, telephone number or email address.

Information that we cannot use to relate to you is generally not personal data.

Purposes of data processing

When the website is accessed, the Internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file for a limited period of time. Until the automatic deletion, the following data will be saved without further input by the visitor:

  • IP address of the visitor’s device,
  • Date and time of access by the visitor,
  • Name and URL of the page called up by the visitor,
  • Website from which the visitor came to this website (so-called referrer URL),
  • Browser and operating system of visitor’s device as well as the name of the access provider used by the visitor.

The processing of this personal data is justified in accordance with Article 6 Paragraph 1 Clause 1 lit f) GDPR. EOS-Saunatechnik has a legitimate interest in data processing for this purpose

  • To enable a user-friendly application of the website
  • To recognize and guarantee the security and stability of the systems and
  • To facilitate and improve the administration of the website.

The processing is expressly not carried out for the purpose of gaining knowledge about the person visiting the website.

Data Erasure and Storage Duration

For the processing operations carried out by us or by contract processors, we state below how long the data will be stored by us and when it will be deleted or blocked. Unless an express storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies.

However, storage can take place beyond the specified time in the event of an (impending) legal dispute with you or other legal proceedings or if the storage is required by statutory provisions to which we are subject as the person responsible (e.g. Section 257 HGB, Section 147 AO). is provided. If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for this.

Cooperation with processors

As with any company, we also use external service providers to process our business transactions (e.g. for the areas of IT, logistics, telecommunications, sales and marketing). These only act according to our instructions and have been contractually obliged in accordance with Article 28 GDPR to comply with the data protection regulations, especially regulations to ensure data security by means of suitable technical and organizational measures. This applies in particular to the usage of analysis and marketing tools used on our website.

If we pass on personal data from you to our subsidiaries or from our subsidiaries to us (e.g. for commercial purposes), this is done on the basis of existing order processing relationships.

Transmission of personal data to third parties; Basis of justification

The following categories of recipients, which are usually processors, may have access to your personal data:

  • Service providers for the operation of our website and the processing of the data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security or tool providers). The legal basis for the transfer is alternatively to your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR, Article 6 Paragraph 1 Clause 1 Letter b or Letter f GDPR, insofar as it is not a processor;
  • State bodies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is Article 6 Paragraph 1 Clause 1 Letter c GDPR;
  • Persons employed to conduct our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, those involved in company acquisitions or the formation of joint ventures). The legal basis for the transfer is then Art. 6 Para.1 S.1 lit. b or lit. f GDPR.

In addition, we only pass on your personal data to third parties if you have given your express consent to this in accordance with Art 6. Para.1 S.1.

Requirements for the transfer of personal data to third countries

As part of our business relationships, your personal information may be shared or disclosed with third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out solely to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer below at the relevant points.

In some third countries, the European Commission certifies data protection that is comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: ec.europa.eu/info/law/law- topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. In other third countries, to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we make sure that data protection is adequately guaranteed. This can be done via binding company regulations, standard contractual clauses from the European Commission for the protection of personal data, certificates or recognized codes of conduct.

Please note that when personal data is transferred to the USA, even if this is based on standard contractual clauses, it cannot be ruled out that the US security authorities, who have extensive powers, may access your personal data at any time and without cause – or that compel disclosure of your data from the US company in question. This applies even if the servers are in Europe. There are no effective legal remedies available to you against this. A level of data protection comparable to that in Europe may also be lacking in other third countries.

Please also note that in most cases a transfer of your personal data to a third country such as the USA cannot be based on your consent in accordance with Art. 49 GDPR.

With regard to the individual services, we will inform you at the appropriate point about the legal basis (e.g. standard contractual clauses) on which the data is transferred to third countries. Please contact our data protection officer if you would like more information on this.

No automated decision making (including profiling)

We do not intend to use personal information collected from you for any automated decision-making process (including profiling).

Mandatory information according to Article 13 GDPR

In the case of the first contact, we are obliged in accordance with Art. 12, 13 GDPR to provide you with the following mandatory information under data protection law. We only process your personal data

  •  if there is a legitimate interest in the processing (Art. 6 Para. 1 lit.f GDPR),
  •  you have consented to the data processing (Art. 6 Para. 1 lit. a GDPR),
  •  the processing is necessary for the initiation, justification, content design or change of a legal relationship between you and us (Art. 6 Para. 1 lit. b GDPR) or
  • another legal norm allows processing.

Your personal data will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods under tax and commercial law – remain unaffected. You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. Furthermore, you also have the right to object, data portability and the right to lodge a complaint with the competent supervisory authority. You can also request the correction, deletion and, under certain circumstances, the restriction of the processing of your personal data.

Details can be found in our data protection declaration www.eos-sauna.com/en/legal-information. You can contact our data protection officer at: datenschutz@eos-sauna.de

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. An informal e-mail to us is sufficient. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)

If the data processing takes place on the basis of Art. 6 Paragraph 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons that arise from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Paragraph 1 GDPR).

Right of appeal to the competent supervisory authority

In the event of violations of the GDPR, the data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation.

Der Hessische Beauftragte für Datenschutz und Informationssicherheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden

The right of appeal exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have your personal data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request direct transfer of the data to another person responsible, it’ll only be done if it’s technically feasible.

Information, blocking, deletion and correction

Within the framework of the applicable statutory provisions, you have the right to free information about your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to correction, Art. 16 GDPR, blocking, Art. 18 GDPR or deletion , Art. 17 GDPR, this data. You can contact us at any time. Check the address or email address given above if you have any further questions on the subject of personal data.

Right to restriction of processing

You have the right to request that the processing of your personal data be restricted. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the test, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data happened / happens unlawfully, you can request the restriction of the data processing instead of the deletion.
  • If we no longer need your personal data, but you need them to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being deleted.
  • If you have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR, your interests and ours must be weighed up. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the European Union or a member state.

Data Collection

Purpose and legal basis of data processing

We process the personal data described in detail above in accordance with the provisions of the GDPR, the Telecommunications and Telemedia Data Protection Act (hereinafter: “TTDSG”) and other relevant data protection regulations only to the necessary extent. Insofar as the processing of personal data is based on Article 6 Paragraph 1 Clause 1 Letter f GDPR, the stated purposes also represent our legitimate interests, subject to further interests to be specified.

The processing of the log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 Para.1 S.1 lit. f DSGVO).

The processing of contact form data takes place, if no other legal basis is given below, to process customer inquiries (legal basis is Art. 6 Para.1 S.1 lit. b or lit. f DSGVO).

Contact form

If you use the contact form to send us an enquiry (this includes forms completed at trade fairs, for example) or to extend the warranty on EOS Superior sauna heaters, your details from the form, including the contact details you provide there, will be stored by us for the purpose of processing the warranty extension or your enquiry and in the event of any follow-up questions. We will not share this information without your consent.

The processing of your data is carried out for execution or initiation of the contract and is based on Art. 6 par. 1 lit. b) GDPR.

The data will remain with us until you ask us to delete it or until the purpose for storing the data no longer applies (e.g. after processing your enquiry or after expiry of the warranty period). Mandatory legal provisions – in particular retention periods – remain unaffected.”

Inquiries by email, phone or fax

If you contact us by e-mail, telephone or fax, your request, including all personal data derived from it (name, request), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 Para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 Para. 1 lit.f GDPR), as we have a legitimate interest in the effective Processing the inquiries sent to us.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are saved on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and saved there.

The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

The personal data collected from you is transmitted to servers managed by Google, most of which are located in the USA. After the EU-US Privacy Shield has been abolished, data transmission to the USA may be based on standard contractual clauses and other guarantees issued by the EU Commission. Although the transfer of personal data takes place on the basis of standard contractual clauses, this does not prevent the US security authorities, which are equipped with extensive powers, from being able to access your personal data at any time and without cause. This applies even if the servers are in Europe. There are no effective legal remedies available to you against this.

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: tools.google.com/dlpage/gaoptout.

Deactivate data collection 

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set which prevents the collection of your data on future visits to this website. Deactivate Google Analytics.You can find more information on how Google Analytics handles user data in Google’s privacy policy: support.google.com/analytics/answer/6004245.

Storage period

Data stored by Google at user and event level that are linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymized after 14 months or deleted. You can find details on this under the following link: support.google.com/analytics/answer/7667196

Cookies

We use cookies on our websites and store information on your end device. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive with a characteristic character string and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer more user-friendly and effective overall, i.e. more pleasant for you.

Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to individuals. However, cookies cannot directly identify a user.

  • Technical cookies: These are mandatory to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they remember which websites you have visited;
  • Performance cookies: These collect information about how you use our website, which pages you visit and, for example, if you experience any errors when using the website; they do not collect any information that could identify you. All information collected is anonymous and is only used to improve our website and find out what interests our users;
  • Advertising cookies, targeting cookies: These serve to offer the website user needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and targeting cookies are stored for a maximum of 13 months;
  • Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 12 months.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Any use of cookies that is required for the provision of a telemedia service expressly requested by the user represents data processing that is only permitted with your express and active consent in accordance with Section 25 (1) TTDSG. Subsequent further processing must also be legitimized according to Art. 6 Para.1 S.1 DSGVO. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we only pass on your personal data processed by cookies to third parties if you have given your express consent to this in accordance with Art. In the following we name the legal bases in connection with the respective service.

Our Social Media Presentations

Data processing through social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-related processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, data is recorded, e.g. using cookies that are stored on your device or by recording your IP-address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot retrace all processing processes on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Para.1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases. It must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para.1 lit. a DSGVO and the storage of information on your device according to § 25 TTDSG).

Responsible and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we and the operator of the social media platform are responsible for the data processing operations triggered during this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) against us as well as claim against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the company policy of the respective provider.

Storage period

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you ask us to delete it, or revoke your consent to storage. Saved cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: www.facebook.com/settings.

Details can be found in Facebook’s privacy policy: www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Details on how they handle your personal data can be found in Instagram’s privacy policy: help.instagram.com/519522125107875.

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn processes your personal data in the USA. The USA does not offer an adequate level of data protection. However, any transmission of personal data takes place in compliance with the conditions laid down in Articles 44-50 GDPR and the other provisions of the GDPR in order to ensure that the level of protection guaranteed for natural persons is maintained.

You can find more information about the standard contractual clauses at LinkedIn at

www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz

If you would like to deactivate LinkedIn advertising cookies, please use the following link: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Details on how they handle your personal data can be found in LinkedIn’s data protection declaration: www.linkedin.com/legal/privacy-policy.

Data processing in connection with the use of NFC business cards

Instead of traditional paper business cards, our employees use digital business cards, so-called NFC business cards. For this purpose, we rely on the offer of wazzl GmbH, Hammerstatt 3, 91637 Wörnitz, Germany (hereinafter: wazzl).

A digital business card is a personal website with the data of a classic business card. The contact details of our employees are always available there. If you’d like to receive contact-details of our employees, data will be passed on using NFC-contact or by scanning QR-codes. NFC (Near Field Communication) refers to contactless data transmission that uses radio frequency identification (RFID) technology. As soon as the connection has been established using NFC or the code has been scanned, you can view the contact details of our employees and save them on your device if necessary.

You also have the option, for example in the event of an inquiry, to leave us your contact details. If you wish, you can send us your contact details by clicking on the “Leave your contact” field on the website and filling out the form that then opens. In this case, the following data is collected:

  • First and last name (mandatory)
  • Email address (mandatory)
  • if applicable, landline number
  • if applicable, cell phone number
  • if necessary position
  • if applicable, company
  • If necessary, a note describing your concerns

Legal basis

The data processing takes place for the purpose of being able to process and answer your request. It is based on Article 6 Paragraph 1 Sentence 1 Letter b) GDPR and Article 6 Paragraph 1 S. 1 lit. f) GDPR.

Storage period

Mandatory legal provisions – in particular retention periods – remain unaffected.

Data processing by wazzl

Note that if you visit websites containing the contact-details of our respective employees, data will also be processed by wazzl. We have no insight into the data processing by wazzl and cannot influence it. You can find wazzl’s privacy policy here: https://wazzl.de/Informationen/Datenschutz/

OUR COOKIES IN DETAIL