Privacy Notice

A. General Information

1. Controller and Contact Details

The controller responsible for this website is:

EKO-Punkt GmbH & Co. KG
Waltherstraße 49-51
51069 Cologne
Germany

Further details about our company and contact information can be found in our legal notice.

Contact details of our Data Protection Officer:

EKO-Punkt GmbH & Co. KG
c/o REMONDIS GmbH Co. KG

• Data Protection Officer -
  Robert-Bosch-Straße 20-22
  50769 Cologne, Germany
  datenschutz-rheinland@remondis.de

2. Joint Responsibility Declaration

EKO-Punkt GmbH & Co. KG, along with its subsidiaries and affiliated companies, operates under joint responsibility pursuant to Art. 26 GDPR in many areas. Services and deliveries are generally provided by our group’s subsidiaries, which rely on the central data processing infrastructure of our corporate group.

This joint responsibility specifically applies to the following areas:

• Customer databases
• Applicant management & recruiting

Within the framework of joint responsibility, EKO-Punkt GmbH & Co. KG and its subsidiaries and affiliated companies have agreed on who fulfills which data protection obligations (particularly information obligations pursuant to Art. 13, 14 GDPR). REMONDIS SE & Co. KG and the relevant subsidiary or affiliated company are jointly obliged to provide the necessary information required under Art. 13, 14 GDPR. Companies provide each other with the necessary information from their respective areas of responsibility and promptly inform one another about rights exercised by data subjects. All necessary information for responding to access requests is made available between the parties. Data subject rights may be asserted against any of the involved companies.

In addition, joint responsibility may apply between REMONDIS companies or with third parties in certain cases. These will be indicated in the respective processing sections (Part B).

3. Categories, Purposes, and Legal Bases for Data Processing

We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and all other applicable legal regulations. The type and scope of data collection and processing depend on the service or information you request.

In general, we collect the following information:

• Name, first name, salutation
• Email address
• Communication data (IP address, device information)
• Usage data (visited pages, access times, content interests)
• Postal address
• Phone number

Specific types of data collected and processing purposes can be found in Part B and the respective terms of our contractual documents.

4. Data Recipients

We only transfer your personal data to third parties in the following cases:

• When required to fulfill a legal obligation (e.g., statutory reporting duties)
• To external service providers or processors acting on our behalf (e.g., courier and logistics companies, call centers, data centers, IT services, website management, auditors, banks, data disposal services, etc.)
• Based on your explicit consent
• For the performance of a contract pursuant to Art. 6(1)(b) GDPR (e.g., to affiliated companies, subcontractors, or logistics providers)

5. Data Retention and Deletion

As a rule, we only process and store your data for the duration of our business relationship, including contract initiation and execution, as well as in compliance with statutory retention periods.

Data that is no longer required to fulfill contractual or legal obligations will be deleted regularly, unless temporary further processing is required to fulfill the purposes stated above due to overriding legitimate interests.

Where different retention periods apply to certain data processing activities, these are specified in Part B.

6. Data Processing in Third Countries

Data transfers to entities in third countries (outside the EU/EEA) only occur when necessary for fulfilling a contract with you, legally required (e.g., tax reporting obligations), supported by adequate data protection levels, or based on your consent.

Processing in a third country may also occur through external service providers under a processing agreement. Where no adequacy decision exists, we ensure that your rights and freedoms are appropriately protected via contractual safeguards (e.g., EU Standard Contractual Clauses).

You may request further details or a copy of the guarantees from our Data Protection Officer.

7. Your Rights as a Data Subject

Upon request, we will provide written or electronic information about whether and which personal data we have stored about you (Art. 15 GDPR). We will also examine and, where applicable, fulfill your requests for deletion (Art. 17), rectification (Art. 16), restriction (Art. 18), or data portability (Art. 20).

Please contact:

EKO-Punkt GmbH & Co. KG
c/o REMONDIS GmbH Co. KG

• Data Protection Officer -
  Robert-Bosch-Straße 20-22
  50769 Cologne, Germany
  datenschutz-rheinland@remondis.de

If you believe that your data is being unlawfully processed, you may lodge a complaint with a supervisory authority (Art. 77 GDPR). A list of supervisory authorities and their contact details is available at: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

8. Right to Object

If your personal data is processed based on Art. 6(1)(f) GDPR (legitimate interests) or Art. 6(1)(e) GDPR (public interest), you have the right to object at any time.

In the event of an objection, we will no longer process your data for direct marketing or related profiling. We will also refrain from other processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims. In this case, you must present reasons arising from your particular situation.

Please send your objection to: datenschutz-rheinland@remondis.de

This also applies if you wish to revoke any previously given consent. Such consent can be withdrawn at any time with effect for the future via email or letter.

B. Individual Processing Activities

1. Logging

When using our website, certain connection data and information provided by your internet browser are temporarily stored. The following data are logged for the operation of the website:

• IP address of the requesting computer
• Operating system of the requesting device
• Browser version of the requesting device
• Name of the requested file
• Date and time of the request
• Amount of data transferred
• Referrer URL
• Connection log data

The collection and processing of log file information are based on our legitimate interests and serve the purpose of ensuring the functionality of our online services. The log file information is anonymized after the session ends.

2. Contact Form / Information Request / Personal Contact

To facilitate communication with customers and interested parties, we offer a contact form on our website through which you can request information about our products or contact us in general. In addition to voluntary information and your message, we require the following mandatory details:

• Salutation
• Name
• First name
• Email address

This information is necessary for us to respond to your request appropriately. Inquiries submitted via the contact form are stored as emails and regularly reviewed to determine whether data can be deleted. If the data are no longer required in the context of a customer or prospect relationship, or if there is an overriding interest on the part of the customer, the data will be deleted after 180 days at the latest, unless statutory retention obligations prevent this.

Legal basis: Art. 6(1)(f) GDPR. If contact is made for the initiation of a contractual relationship, the legal basis is Art. 6(1)(b) GDPR.

3. Personal Contact

If you have given consent to be contacted personally, we process the following personal data:

• Salutation
• Name
• First name
• Email address
• Postal address
• Phone number

If you withdraw your consent or the data are no longer required, or if there is an overriding interest of the customer, we will delete the data after 180 days at the latest, unless statutory retention obligations apply.

Legal basis: Art. 6(1)(a) GDPR; for contract initiation: Art. 6(1)(b) GDPR.

Please send your objection to: datenschutz-rheinland@remondis.de

4. Newsletter Subscription

You can subscribe to our newsletters via our website. We only send newsletters and electronic communications with promotional content based on the recipient’s consent or legal permission. Newsletters include information about our services, company, and industry news.

Subscription is handled via a double opt-in process. You only need to provide your email address, first name, and last name. Subscription confirmations are stored for legal documentation purposes, including time of registration/confirmation and IP address.

We also log newsletter delivery data and any undeliverable messages (bounces).

Newsletters are sent via Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA. Privacy information: https://aws.amazon.com/de/compliance/germany-data-protection/

Legal basis: Art. 6(1)(a), Art. 7 GDPR in conjunction with § 7(2)(3) UWG, or § 7(3) UWG.

You may withdraw your consent at any time. An unsubscribe link is included in each newsletter. We retain unsubscribed email addresses for up to three years based on legitimate interest to prove prior consent.

5. Matomo

We use a self-hosted version of Matomo, an open-source analytics software for statistical analysis of website visits. We aim to determine which pages are accessed how often, without identifying individual users.

Our implementation does not use cookies. We only store anonymized usage data. IP addresses are anonymized before storage, and timestamps are randomized, making tracking impossible.

Legal basis: Art. 6(1)(f) GDPR.

6. Google Services

We use various services from Google Ireland Ltd. ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. For details, refer to the respective sections below.

Google may collect and process data (including personal data), possibly in third countries such as the USA. Standard Contractual Clauses (SCCs) are used where necessary. See: https://policies.google.com/privacy/frameworks

For more information on Google data use: https://policies.google.com/technologies/partner-sites

6.1 Google Maps

We use Google Maps to provide interactive maps. When used, user data (e.g., IP address, location) is processed by Google and possibly transferred to third countries.

Legal basis: Art. 6(1)(a) GDPR (if consented). You can revoke consent at any time in our cookie settings or prevent the service by disabling cookies in your browser.

6.2 Google Tag Manager

This service helps us organize and implement website tags efficiently. Google may process personal data (e.g., IP address, cookie identifiers) via this tool.

Legal basis: Art. 6(1)(a) GDPR. Consent may be withdrawn at any time via our cookie settings.

6.3 Google Ads & Conversion Tracking

We use Google Ads and Conversion Tracking to measure ad effectiveness. Cookies store whether a user clicked on an ad and reached a specific page.

Legal basis: Art. 6(1)(a) GDPR. You may revoke consent at any time via our cookie settings or by deactivating cookies.

6.4 Google Analytics

We use Google Analytics to understand user behavior and improve our website. Data processed includes device identifiers, cookie IDs, and anonymized IP addresses.

Legal basis: Art. 6(1)(a) GDPR. More on data collection: https://privacy.google.com/businesses/adsservices/

7. Cookiebot

We use the consent management tool Cookiebot by Cybot A/S to manage cookie preferences.

Legal basis: Art. 6(1)(c) GDPR. Data such as anonymized IP, timestamp, browser, and user consent key are stored. Cookie preferences are saved for 12 months.

More info: https://www.cookiebot.com/en/privacy-policy/

C. Cookie Overview

Cookies are small text files stored by your browser. We use both session and persistent cookies.

Legal basis: Art. 6(1)(f) GDPR for technically necessary cookies.

1. Essential Cookies

• __csrf_token-1: Validation of customer input
• allowCookie / cookiePreferences: Stores cookie preferences
• csrf / session-1 / phpsessid / slt: Session and user cart info
• sw-cache-hash / sw-states: Caching
• timezone: Stores user time zone
• x-ua-device: Identifies user device

2. Functional Cookies

• sUniqueID: Wishlist functionality

3. Statistics & Tracking

• Analytical cookies to evaluate performance and usability

Last updated: October 4, 2023