Privacy policy

 

The protection of your personal data during your visit to our website is important to us. Your data is protected in accordance with the statutory provisions. We would like to inform you below about the nature and scope of the processing of personal data via this website in accordance with Article 13 of the General Data Protection Regulation (GDPR).

 

  1. Details oft he responsible body.

 

 

ecom GmbH

Am großen Teich 2

58640 Iserlohn

Germany

Phone.: 02371/945 5

E-Mail: info@ecom.de

Website: www.ecom.de

 

  1. Information on the data protection officer

If you have any questions about data protection, please contact our external data protection officer:

 

Mister Arndt Halbach from the GINDAT GmbH

Wetterauer Str. 6, 42897 Remscheid

Mail: datenschutz@gindat.de

Phone: 02191 / 909 430

  • Data processing via website

Your visit to our website is logged. The following data, which your browser transmits to us, is initially recorded:

  • the IP address currently used by your PC or your router
  • date and time
  • browser type and version
  • the operating system of your PC
  • the pages you have viewed
  • name and size of the requested file(s)
  • and, if applicable, the URL of the referring website.

 

This data is collected solely for the purposes of data security, to improve our website and to analyse errors on the basis of Art. 6 (1) f GDPR. We reserve the right to use this data in the event of system misuse in order to determine the reasons and the cause of the misuse and, if necessary, to take legal action. Otherwise, the IP address of your computer is only analysed in anonymised form (shortened by the last 3 digits).

You can visit our website without providing any personal details.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible. You should therefore send us confidential data by other means, e.g. by post.

 

Applications

The controller processes the personal data of applicants for the purpose of handling the application process. The legal basis is § 26 Para. 1 S.1 BDSG. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to the controller electronically, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted after the advertised position has been filled, taking into account the statutory provisions, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). For this purpose, the data is stored for 6 months after completion of the application process and then deleted.

 

If you have agreed to be included in our talent pool, we will also store your data in order to consider your application data for other vacancies in our company. For this purpose, we store your data for 12 months and then delete it. The legal basis is your consent, Art. 6 para. 1 a GDPR.

Applications can only be processed by us if they are sent to the e-mail address ‘personal@ecom.de’. If you use a different e-mail address, your application will unfortunately not be recognised by our systems and will therefore not be considered. Please bear in mind that an e-mail is not a secure medium. If your application reaches our e-mail server at the above-mentioned e-mail address, we will protect your application with stringent technical and organisational measures. We have no control over the route your application takes to reach us via the public Internet and cannot guarantee the level of protection afforded to your application. If your sending e-mail server supports STARTTLS, our e-mail server will also use STARTTLS and thus guarantee transport encryption.

Contact us

Personal data (e.g. your name, address data or contact details) that you provide to us voluntarily, e.g. as part of an enquiry or in any other way, will be stored by us and processed only for correspondence with you and only for the purpose for which you have provided us with this data. This data is processed on the basis of our legitimate interest in responding quickly to enquiries from interested parties on the basis of Art. 6 para. 1 lit. f. GDPR.

Registration

You can register on our website in order to use additional functions on the site. We will only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration. In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way. The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. All you need to do is send us an informal email. The legality of the data processing that has already taken place remains unaffected by the cancellation. The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

Secure data transmission

To protect the security of your data during transmission, we use a state-of-the-art encryption method (SSL) via HTTPS.

Encrypted payment transactions on this website

If there is an obligation to provide us with your payment details (e.g. account number for direct debit authorisation) after the conclusion of a chargeable contract, this data is required for payment processing. Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. With encrypted communication, the payment data you transmit to us cannot be read by third parties.

Processing of data (customer and contract data)

We only process personal data insofar as it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We only process personal data about the use of our website (usage data) insofar as this is necessary to enable the user to use the service or to bill the user. The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Data transmission when concluding contracts for services and digital content

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with payment processing. Any further transmission of data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

  1. Recipients of personal data

We may use service providers by way of commissioned data processing to carry out and handle processing operations.

Specifically, we have engaged service providers for our applicant portal and for hosting our website.

The contractual relationships with our service providers are regulated in accordance with the provisions of Art. 28 GDPR, which contain the legally required points on data protection and data security.

  1. Data collection by Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Ltd (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660.

Google Analytics uses cookies to help the website analyse how users use the site. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We use Google signals. This enables Google Analytics to collect additional information about users who have activated personalised ads (interests and demographic data) and the ads can be delivered to these users in cross-device remarketing campaigns.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of ‘events’. Events can be

Page views

– First visit to the website

– Start of the session

– Web pages visited

– Your ‘click path’, interaction with the website

– Scrolls (whenever a user scrolls to the bottom of the page (90%))

– Clicks on external links

– Internal search queries

– Interaction with videos

– File downloads

– Ads viewed / clicked on

– Language setting

In addition, the following is recorded

-Your approximate location (region)

– Date and time of the visit

– Your IP address (in abbreviated form)

– Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)

– Your internet provider

– The referrer URL (via which website/advertising medium you came to this website)

Google will use this information to analyse your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and to improve our services for our customers.

 

Possible recipients of your data are Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR) as well as Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

 

The European Commission adopted its adequacy decision for the USA on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

The data sent by us and linked to cookies is automatically deleted after 12 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TDDDG.

You can revoke your consent at any time with effect for the future by accessing the cookie settings [Please insert the link to the consent tools here] and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

  1. not giving your consent to the setting of the cookie or
  2. downloading and installing the browser add-on to deactivate Google Analytics here. https://tools.google.com/dlpage/gaoptout?hl=de

You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

 

 

  1. Google Web Fonts

This site uses so-called web fonts provided by Google for the standardised display of fonts. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, e-mail: support-deutschland@google.com . When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. This informs Google that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer. Further information on Google Web Fonts can be found in Google’s privacy policy:

https://www.google.com/policies/privacy/

  • Google-reCAPTCHA

On this website, we use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This function is primarily used to differentiate whether an entry is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. This service is performed on the basis of our legitimate interest in preventing misuse and spam. The legal basis is Art. 6 para. 1 lit. f GDPR.

As part of the use of Google reCAPTCHA, personal data may also be transmitted to the servers of Google LLC. in the USA.

Further information on Google reCAPTCHA and Google’s privacy policy can be found at

https://www.google.com/intl/de/policies/privacy/

Further information on Google reCAPTCHA and Google’s privacy policy can be found at

https://www.google.com/intl/de/policies/privacy/

 

 

  • Data analysis by Rapidmail

 

For the purpose of analysis, the emails sent with Rapidmail contain a so-called ‘tracking pixel’, which connects to the Rapidmail servers when the email is opened. This allows us to determine whether a newsletter message has been opened.

We can also use Rapidmail to determine whether and which links in the newsletter message are clicked on. All links in the email are so-called tracking links that can be used to count your clicks.

For more information on Rapidmail’s analysis functions, please see the following link: https://de.rapidmail.wiki/kategorien/statistiken/.

Data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the Rapidmail servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

For more information, please refer to Rapidmail’s data security information at: https://www.rapidmail.de/hilfe/kategorie/dsgvo-und-datensicherheit

We have concluded a contract with Rapidmail in which we oblige Rapidmail to protect our customers’ data and not to pass it on to third parties. This contract can be viewed at the following link: https://www.ecom.de/wp-content/uploads/2025/02/eudsgvo-20200604_144945.pdf

 

 

  1. Pipedrive

We use the CRM system ‘Pipedrive’, provided by Pipedrive OÜ (Mustamäe tee 3a, 10615 Tallinn, Estonia), to manage our customer relationships and to optimise our sales processes and communication. Personal data such as names, contact details, enquiries, contract details and communication histories are processed.

Data processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR for the fulfilment of contractual obligations or for the implementation of pre-contractual measures. In addition, we rely on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to ensure effective customer service and optimised work processes.

Your personal data will be passed on to Pipedrive OÜ as our processor. Pipedrive acts on our behalf and in accordance with the provisions of an order processing contract pursuant to Art. 28 GDPR. It is possible that personal data may be transferred to countries outside the European Union. In these cases, Pipedrive ensures that appropriate safeguards in accordance with Art. 46 GDPR, such as EU standard contractual clauses, are in place to ensure an adequate level of data protection.

Your data will only be stored for as long as is necessary to fulfil the contract or due to legal retention obligations. After these periods have expired, the data will be deleted unless there are additional legal retention obligations.

 

  1. Adwords and Google Conversion Tracking

Diese Website verwendet Google AdWords. AdWords ist ein Online-Werbeprogramm der Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland@google.com . Im Rahmen von Google AdWords nutzen wir das so genannte Conversion-Tracking. Wenn Sie auf eine von A cookie for conversion tracking is set when you click on an advert placed by Google. Cookies are small text files that the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user has clicked on the ad and has been redirected to this page. Each Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your Internet browser under user settings. They are then not included in the conversion tracking statistics. The storage of ‘conversion cookies’ is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can find more information about Google AdWords and Google Conversion Tracking in Google’s privacy policy:

https://www.google.de/policies/privacy/

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can change your settings at any time via the cookie settings ️ Cookie-Einstellungen ändern Soziale Medien / Plugins

YouTube

Our website uses plugins from the Google-operated YouTube site. The operator of the pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, telephone: +353 1 543 1000, fax: +353 1 686 5660, e-mail: support-deutschland@google.com (‘Google’ or synonymously ‘YouTube’). We have integrated the service with a so-called two-click solution. A connection to the Google servers is only established when you click on the corresponding placeholder. When a video is accessed via YouTube, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. Further information on the handling of user data can be found in Google’s privacy policy at:

https://www.google.de/intl/de/policies/privacy

As a registered user of the YouTube platform, you can also use the YouTube platform to control Google’s comprehensive advertising settings to determine the extent to which your user behaviour may be recorded and used by Google. The use of YouTube is in the interest of an appealing presentation of our online offers. The legal basis is your consent, which you give by clicking on a corresponding placeholder, within the meaning of Art. 6 para. 1 lit. a GDPR. If consent is not required, the legal basis in this case is Art. 6 para. 1 lit. f GDPR.

 

  1. Use of Cookies

So-called cookies are used on our website. Cookies are small text files that are saved by your browser and stored on your computer. Cookies are used to make the website more user-friendly. For example, it is possible to recognize the user for the duration of the session without having to constantly re-enter the user name and password. The cookies do not cause any damage to your computer and are deleted at the end of your session. The basis for data processing is Art. 6 para. 1 f GDPR.

Some of the cookies we use are deleted immediately after you close your browser (so-called session cookies).

Other cookies remain on your end device and make it possible to recognize your browser the next time you visit (persistent cookies).

Data processing in connection with cookies that are used solely to establish the functionality of our online offer is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

In all other cases, we only use cookies with your consent. The legal basis is therefore Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by changing your Cookie- Settings ️ Cookie-Einstellungen ändern.

If you do not wish to use cookies, you can set your browser so that the storage of cookies is not accepted.Please note, however, that in this case you may not be able to use all the functions of our website.

  • Your rights

In accordance with Articles 15-21 GDPR, you can assert the following rights in relation to the personal data processed by us if the conditions described therein are met.

You can request information about your personal data processed by us in accordance with Art. 15 GDPR.

If incorrect personal data is processed, you have the right to rectification in accordance with Art. 16 GDPR.

If the legal requirements are met, you can request the erasure or restriction of processing (Art. 17, 18 GDPR).

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object pursuant to Art. 21 GDPR

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

 

 

  • Standard time limits for the erasure of data

If there is no statutory retention requirement, the data will be deleted or destroyed if it is no longer required to achieve the purpose of the data processing. Different periods apply to the retention of personal data, e.g. data with tax law relevance is generally retained for 10 years, other data in accordance with commercial law regulations is generally retained for 6 years. Finally, the storage period can also be based on the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.

  • Right to lodge a complaint with a supervisory authority

According to Art 77 GDPR, every data subject has the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes the GDPR. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based.

The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

P.O. Box 20 04 44

40102 Düsseldorf

Phone: 0211/38424-0

Fax: 0211/38424-999

E-mail: poststelle@ldi.nrw.de

  1. Disclaimer

Liability for content

As a service provider, we are responsible for our own content on these pages in accordance with the general laws (pursuant to Section 7 (1) DDG). However, as a service provider, we are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity (§8 to §10 DDG). This does not affect obligations to remove or block the use of information in accordance with general legislation. However, liability in this respect is only possible from the time of knowledge of a specific infringement. As soon as we become aware of such infringements, we will remove this content immediately.

Liability for links

Our website contains links to external third-party websites over whose content we have no influence. Therefore, we cannot accept any liability for this third-party content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal content was not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of an infringement. If we become aware of any legal infringements, we will remove such links immediately.