Privacy Policy
Privacy Policy

Datenschutz­erklärung

This privacy policy explains to you the nature, scope, and purpose of the processing of personal data (hereinafter briefly referred to as “data”) within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “personal data” or its “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller:

Name / Company: Ehrlich Entertainment GmbH & Co. KG
Street No.: Wichernstraße 116
Postal Code, City, Country: 32257 Bünde, Germany
Commercial Register: HRA 7786
Managing Directors: Andreas Ehrlich, Chris Ehrlich
E‑mail address: info@ehrlich‑brothers.com

Data Protection Officer:

Name: Kai Kolbe
Street No.: Wichernstraße 116
Postal Code, City, Country: 32257 Bünde, Germany
Phone: +49 5223 654686
E‑mail address: info@ehrlich‑brothers.com

Categories of processed data:

  • Inventory data (e.g. names, addresses)

  • Contact data (e.g. e‑mail addresses, telephone numbers)

  • Content data (e.g. text entries, photographs, videos)

  • Usage data (e.g. visited websites, interest in content, access times)

  • Meta/communication data (e.g. device information, IP addresses)

Processing of special categories of data (Art. 9 (1) GDPR):

No special categories of data are processed.

Categories of data subjects affected:

  • Visitors / users of the online offering

Below, we collectively refer to the affected persons as “users”.

Purpose of processing:

  • Providing the online offering, its content, and functions

  • Responding to contact inquiries and communicating with users

  • Marketing, advertising, and market research

  • Security measures

Status: May 24, 2018

Legal bases:

In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. If the legal basis is not named in this privacy policy, the following applies: the legal basis for obtaining consents is Art. 6 (1) (a) and Art. 7 GDPR; the legal basis for processing for the performance of our services and execution of contractual measures as well as responding to inquiries is Art. 6 (1) (b) GDPR; the legal basis for processing to fulfil our legal obligations is Art. 6 (1) (c) GDPR; and the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) GDPR. In cases where the vital interests of the data subject or another natural person require the processing, Art. 6 (1) (d) GDPR serves as the legal basis.

Changes and updates to the privacy policy:

Please check this privacy policy regularly. We adapt it whenever changes in our data processing activities require it. We inform you as soon as changes require your cooperation (e.g. consent) or another individual notification.

Security measures:

In accordance with Art. 32 GDPR, taking into account the state of the art, implementation costs, the nature, scope, circumstances and purposes of processing, and the varying likelihood and severity of the risk to individuals’ rights and freedoms, we implement suitable technical and organisational measures to ensure a level of protection appropriate to the risk. Measures in particular include securing confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, entry, transmission, ensuring availability and separation. We have also implemented procedures to uphold data subject rights, delete data, and respond to threats to data. Additionally, we take data protection by design and by default into account when developing or selecting hardware, software and processes (Art. 25 GDPR).
In particular, we ensure encrypted transmission of data between your browser and our server.

Cooperation with processors and third parties:

Whenever we disclose, transfer or grant access to data to other persons or companies (processors or third parties), this is done only on a legal basis (e.g. if it is necessary for contract fulfilment with payment service providers under Art. 6 (1) (b) GDPR), you have consented, it is legally required, or on the basis of our legitimate interests (e.g. when engaging agents, web hosts, etc.).
Processors are engaged under an “order processing agreement” pursuant to Art. 28 GDPR.

Transfers to third countries:

If we process or have others process data in a third country (outside the EU/EEA), this only happens where necessary for contractual obligations, with your consent, legal requirement, or on our legitimate interests. Subject to legal or contractual provisions, data is processed in a third country only when the conditions of Art. 44 ff. GDPR apply – for example, based on special guarantees such as an adequacy decision (e.g. the EU–US Privacy Shield) or standard contractual clauses.

Rights of data subjects:

You have the right to request confirmation whether data concerning you is processed, and to request access to that data, further information and a copy, in accordance with Art. 15 GDPR.
Under Art. 16 GDPR, you have the right to request completion or correction of your data.
Under Art. 17 GDPR, you have the right to demand deletion, or alternatively restriction under Art. 18 GDPR.
Pursuant to Art. 20 GDPR, you have the right to receive data you have provided and to request its transfer to another controller.
Furthermore, under Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

Right to withdraw consent:

You may withdraw any consent given under Art. 7 (3) GDPR at any time with effect for the future.

Right to object:

You may object at any time to the future processing of data concerning you under Art. 21 GDPR. This includes direct advertising.

Cookies and objection to direct advertising:

We use temporary and permanent cookies (small files stored on users’ devices). For details see the final section of this policy. Cookies serve security or are necessary for the operation of our online offering (e.g. for website display or storing your cookie‑banner decision). We or our tech partners also use cookies for reach measurement and marketing, which we explain further in this policy.
You can object to cookies used for online marketing via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. You can also disable cookie storage in your browser settings, although this may limit some functions of our online offering.

Data deletion:

We delete or restrict data processing pursuant to Art. 17 and 18 GDPR. Unless otherwise stated, data is deleted when no longer needed for its purpose unless legal retention obligations prevent it. If not deleted, data is restricted and blocked from processing for other purposes (e.g. retained for legal reasons).
Statutory retention applies: 6 years under § 257 (1) HGB (e.g. accounting records) and 10 years under § 147 (1) AO (e.g. tax‑relevant documents).

Provision of contractual services:

We process inventory data (e.g. names, addresses, contact), contract data (e.g. services used, contact persons, payment info) to fulfil contractual obligations and services (Art. 6 (1) (b) GDPR). Mandatory form fields are required for contract conclusion.
During registration, login, or use of our online services, we store IP address and timestamps based on our and users’ legitimate interest in fraud prevention (Art. 6 (1) (f) GDPR). These are not shared, except for asserting legal claims or statutory duty (Art. 6 (1) (c) GDPR).
We process usage and content data to create user profiles for advertising, showing product recommendations based on past usage.

Data retention is reviewed every three years after warranty or storage obligations; if longer, we retain until these expire (6 or 10 years). Account data remain until deletion of the user account.

Contact inquiries:

When contacting us (via form or e‑mail), data is processed for handling and execution of contact requests under Art. 6 (1) (b) GDPR. Data may be stored in our CRM or similar system.
Requests are deleted when no longer needed, reviewed every two years; requests from customers with accounts remain permanently (subject to account deletion); statutory retention applies.

Collection of access data and server log‑files:

We collect server log‑files on the basis of our legitimate interests (Art. 6 (1) (f) GDPR), including page names, file, date/time, data transfer volume, status code, browser type/version, operating system, referrer URL, IP address, and provider.
Log‑file info is kept for up to seven days; data required for evidentiary purposes is exempt until final resolution.

Social media presences:

Based on our legitimate interests (Art. 6 (1) (f) GDPR), we maintain social media presences to communicate with active customers and inform them about our services. Social networks’ terms and privacy policies apply.
We process data when users interact with our social media pages, e.g. via posts or messages.

Cookies & reach measurement: (see earlier explanation)

Session cookies expire at the end of the visit (e.g. logout or browser close). They contain a session ID and cannot store other data.
We use pseudonymous cookies for reach measurement and inform users accordingly.
You can disable or delete cookies in your browser, though functionality may be limited. You may also object via http://optout.networkadvertising.org/, http://www.aboutads.info/choices, or http://www.youronlinechoices.com/uk/your-ad-choices/.

Google Analytics

We use Google Analytics under our legitimate interests (Art. 6 (1) (f) GDPR) to analyze, optimize, and run our online offering. Google uses cookies. Information is usually transferred to servers in the USA and stored there.
Google is certified under the Privacy Shield, guaranteeing compliance with EU data protection . Google uses the data to evaluate site usage, compile reports, and provide us with other services. Pseudonymous user profiles may be created.

We use Google Analytics to display ads only to users who have shown interest or meet certain criteria we transmit to Google (“remarketing” / “Google Analytics Audiences”).
We use IP anonymization: within the EU/EEA, Google truncates IP addresses; only in exceptional cases is the full IP transmitted to the USA and then truncated. The IP address is not merged with other Google data.
Users can prevent cookie storage via browser settings or disable Google’s collection and processing via a browser plugin.
Further information about data use by Google, settings, and objections is available from Google at their privacy and ads settings pages.
Personal data is anonymized or deleted after 14 months.

Facebook Custom Audiences and Facebook Marketing Services

Within our online offering, we use Facebook pixel based on our legitimate interests (Art. 6 (1) (f) GDPR) for analysis, optimization, and operation. Facebook Inc. (or, for EU users, Facebook Ireland Ltd.) operates the pixel.
Facebook is certified under the Privacy Shield . The pixel enables Facebook to define audiences for our ads (“Facebook‑Ads”) and show ads to users who have shown interest in our online offering or match criteria we transmit (“Custom Audiences”). This ensures ads correspond to user interests.
Using the pixel, we can track conversions (whether users reach our site after clicking Facebook ads).
You can object to cookies used for reach measurement and advertising via http://optout.networkadvertising.org/, http://www.aboutads.info/choices, or http://www.youronlinechoices.com/.
We use Facebook social plugins based on our legitimate interests for interaction elements or content (videos, graphics, text). You can recognise them by Facebook logos (“f” or “Like” / “Gefällt mir”).
If you access pages with such plugins, your device connects directly with Facebook servers, which may create user profiles. We have no control over the extent of data Facebook collects via these plugins and inform you based on our knowledge.
Facebook receives info that you visited our site; if you are logged in, it may associate it with your Facebook account. If you are not a member, Facebook may still record your IP address (anonymised in Germany).
Please refer to Facebook’s privacy notice for purpose, scope and rights. To prevent Facebook from collecting data about your visit and linking it to your account, log out before visiting our site and delete your cookies. Further settings to opt out are available via Facebook profile or the linked choice pages. Settings apply across devices.

Newsletter

We inform you about the content, subscription, delivery, statistical evaluation, and your rights via the following. By subscribing, you agree to receive it and to the described procedures.
Newsletter content: We send newsletters, e‑mails and electronic notifications with marketing information only with consent or legal permission. If content is described in detail during sign‑up, that governs the consent. Otherwise, newsletters contain info about our products, offers, campaigns and our company.
Double opt‑in and logging: Subscription uses double opt‑in. After signing up, you receive an e‑mail requesting confirmation – required to prevent misuse. Subscriptions are logged including signup and confirmation timestamp and IP address, to legally document consent. Changes to stored data by the mailing service provider are logged.
The mailing provider may use these data in pseudonymous form to improve its services, e.g. optimizing delivery or display, or determining recipients’ countries; but does not use the data to send e‑mails to or share them with third parties.
Registration data: You only need to provide your e‑mail address to subscribe. Providing a name is optional and used for personal addressing.
Success tracking: Newsletters contain a web beacon (pixel‑sized file retrieved from the provider’s server upon opening). This collects technical info like browser/system, IP address and time. This data is used to optimize delivery, tailor content to users, and determine locations or access times. Tracking can identify individual recipients, but it is not intended to observe individuals; it aims to recognize reading habits and tailor content.
Sending and tracking are based on consent (Art. 6 (1) (a), Art. 7 GDPR in conjunction with § 7 (2) No. 3 UWG) or legal permission (§ 7 (3) UWG).
Logging of subscription is based on our legitimate interests (Art. 6 (1) (f) GDPR) and serves proof of consent.
Termination/withdrawal: Recipients can cancel at any time via an unsubscribe link in each newsletter, which also withdraws consent for tracking. Separate revocation of tracking is not possible; full unsubscription is required. After unsubscribing, personal data is deleted unless retention is legally required or justified, in which case processing is restricted. We may retain unsubscribed e‑mail addresses for up to three years based on legitimate interests to prove past consent, before deleting them. An individual deletion request is possible at any time, provided former consent is confirmed.

Integration of third‑party services and content

Based on our legitimate interests (Art. 6 (1) (f) GDPR), we use third‑party content or services (e.g. videos or fonts). This requires the third party to recognise the user’s IP address to deliver content to their browser. We endeavour to use only providers who use IP addresses only for content delivery.
Third parties may use pixel tags (also called web beacons) for statistics or marketing; these can set pseudonymous cookies and collect technical info (browser, OS, referrer, visit time, etc.), and may combine with other sources.

The following provides an overview of third‑party providers and their content, including links to their privacy policies and opt‑out options:

Bitte drehen Sie das Smartphone

Please use the Portraitmode