1. Data controller

The data controller is
Elbe Holding GmbH & Co. KG
Gerokstraße 100 | 74321 Bietigheim – Bissingen

We have appointed a data protection officer for our company.
You can contact our data protection officer at the above postal address and as well as:
Email:

2. Your rights in relation to data processing carried out by us

We will be happy to provide you with information about whether and which of your personal data we process and for what purposes (Art. 15 GDPR). In addition, under the respective legal requirements, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR). Under the legal requirements, you have the right to object to the processing (Art. 21 GDPR). To exercise your above rights, please contact our data protection officer.

If our data processing is based on your consent within the meaning of Art. 6 (1) (a) GDPR, you may revoke this consent at any time freely and without giving reasons
(Art. 7 para. 3 GDPR). The revocation of consent shall not affect the lawfulness of processing based on consent before its revocation.

The exercise of your aforementioned rights is free of charge.

Without prejudice to these rights and the possibility of asserting any other administrative or judicial remedy, you have the possibility at any time to exercise your right to lodge a complaint with a supervisory authority. The supervisory authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart | Germany
Tel.: 0711/615541-0
Fax: 0711/615541-15
E-mail:

3. Data security

We have taken extensive technical and organisational measures to protect your personal data from manipulation, loss, destruction or access by unauthorised third parties.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries via our contact forms, which you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties..

4. Automated decision-making (including profiling)

We do not process and do not intend to process your personal data as part of an automated decision-making process (including profiling).

5. Recipients of data

We transfer your data to third parties in the following cases:

• Insofar as we use processors to fulfil the purposes specified by us, we transfer personal data to these processors. The legal basis in this case is Art. 28 GDPR.
• If this is necessary to fulfil our contractual obligations, e.g. in particular to the commissioned credit institution for invoicing. The legal basis in this case is Art. 6 para. 1 (b) GDPR.
• Insofar as this is necessary to fulfil a legal obligation to which we are subject, e.g. in particular to authorised law enforcement and tax authorities. The legal basis in this case is Art. 6 para. 1 (c) GDPR.
• Insofar as this is necessary to safeguard legitimate interests. Our legitimate interests include, in particular, disclosure within the ELBE Group, as well as the defence and assertion of our legal claims. The legal basis in these cases is Art. 6 para. 1 (f) GDPR.

6. Processing of data that you actively provide to us

6.1. Use of the website
You can use the website without actively providing us with your personal data. If you actively provide us with your personal data (e.g. name, address or email addresses), this is always done on a voluntary basis. Please note that when you visit the website, certain personal data is processed without you actively providing it. We explain below in sections 7 ff. what data this is and how it is processed.

6.2. Contacting us
If you contact us with an enquiry, we will process the personal data you provide in the enquiry in order to process, manage and respond to your enquiry.  If you use the contact forms on our website, we will ask for your consent to the aforementioned processing of your data. This consent is always voluntary and you can revoke it at any time without giving reasons free of charge. To do so, please contact our data protection officer. The legal basis in this case is Art. 6 para. 1 (a) GDPR.

If you choose another way to communicate with us, the legal basis for the processing of your data as described above is Art. 6 para. 1 (b) GDPR, insofar as it concerns the initiation of a contract or customer service within the framework of an existing contractual relationship. In all other cases, the legal basis is Art. 6 (1) (f) GDPR, namely our legitimate interest in communicating with all persons who are interested in our work in accordance with their wishes.

We store the data you provide when contacting us until the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Statutory retention periods remain unaffected.

6.3. Use of our whistleblower system
In accordance with the provisions of the Whistleblower Protection Act (HinSchG), we have set up a system within our company to receive reports of potentially illegal or unethical conduct within our company. As part of this system, we provide a contact form on our website that you can use to report potentially illegal or unethical conduct to us. You are free to submit such reports anonymously or by providing your contact details. If you provide us with your contact details, this will help us to better understand the allegation and, if necessary, remedy the situation, as we will be able to contact you and consult with you. Please note that as a whistleblower, you always enjoy  the protection of the HinSchG, even if you provide us with your contact details.

If personal data is processed in the context of a report under the HinSchG, this is always done exclusively for the purpose of complying with the requirements of the HinSchG and to stop the potentially illegal or unethical behaviour. Any further processing of such data is excluded. The purpose of this processing is to fulfil the legal obligations of the HinSchG. The legal basis for this processing is Art. 6 (1) (c) GDPR.

6.4 Protection of legitimate interests and fulfilment of legal obligations
We would like to advertise our goods and services. In doing so, we comply with the strict legal framework.

If you give your consent to receive email advertising from us, your consent, which can be revoked at any time, is the legal basis in accordance with Art. 6 (1) (a) GDPR. In accordance with Section 7(3) of the German Unfair Competition Act (UWG), we may, in exceptional cases, send you advertising by email without your consent if you have provided your email address in connection with an order and we are advertising our own similar goods or services. The legal basis for data processing in this case is Art. 6 (1) (f) GDPR. The legitimate interest we pursue is direct marketing.

You can object to this form of email advertising at any time; we will inform you of this right of objection when you provide your email address and in every advertising email.

We will delete this data if you lodge an effective objection within the meaning of Art. 21 GDPR or revoke your consent within the meaning of Art. 7 (3) GDPR. Mandatory legal provisions – in particular retention periods – remain unaffected.

Where necessary, we also process your data to protect our legal interests, e.g. when passing on your data to debt collection companies or law firms, courts and authorities. The legal basis for this is the protection of our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR, namely the assertion, enforcement or defence of legal claims.

Furthermore, we process your data to fulfil our retention obligations for business documents under commercial and tax law and disclose your data to third parties if we are legally obliged to do so, e.g. to the tax office. The legal basis is Art. 6 para. 1 (c) GDPR (compliance with legal obligations).

6.5. Country information
We use country of origin detection on our website. To do this, we read the country information stored in your IP address and display the version of our website corresponding to the detected country. This serves to improve the readability and usability of the website. Users can change their country preference at any time.

The legal basis for the aforementioned processing is Art. 6 para. 1 (f) GDPR. The legitimate interests we pursue are the provision of a user-friendly website.

7. Processing of data from your end devices: „Cookies“ and similar identifiers

7.1. Our „Consent Manager“
We use technical tools on our website for various services and functions that are stored on your device. These are primarily cookies, but also similar identifiers such as tracking pixels or web beacons (all such technical tools are collectively referred to as “cookies” in this document). This privacy policy explains which services and functions use cookies. We use so-called “session cookies”, which are automatically deleted at the end of your visit. We also use cookies that remain stored on your device until you actively delete them or their lifetime expires, so-called “persistent cookies”. These cookies enable us to recognise your browser the next time you visit.

When you access our website, our consent manager will be displayed immediately. The consent manager will ask you whether you consent to the use of cookies. You can access  the consent manager at any time by clicking on the “Cookie settings” button and change your previous settings.

7.2. Technically necessary cookies
Our website uses cookies for technically necessary functions: the technical structure of the website requires us to use certain cookies. Without these technologies, our website cannot be displayed completely and correctly, or the support functions may not be available. We explain which cookies these are in this privacy policy and also in the consent manager. You cannot deselect these cookies if you wish to use our website. The legal basis for the use of such cookies is Section 25 (2) No. 2 TDDDG. The legal basis for the processing of personal data in the context of the use of such cookies is Article 6 (1) (f) GDPR, namely our legitimate interest in being able to offer you a functional and operational website.

7.3. Other cookies
In addition, we use optional cookies for which we require your consent: we only use these cookies after receiving your consent via the consent manager. The functions are only activated with your consent and can be used in particular to analyse and improve visits to our website, to make it easier for you to use different browsers or devices, to recognise you when you visit again, or to display advertising (including, where applicable, to tailor advertising to your interests, measure the effectiveness of advertisements, or display interest-based advertising). We explain which cookies these are in this privacy policy. The legal basis for the use of such cookies is your consent in accordance with Section 25 (1) TDDDG. The legal basis for the processing of personal data in the context of the use of such cookies is Article 6 (1) (a) GDPR or the legal basis specified below in connection with the explanation of the respective functions that use cookies.

8. Processing of data when visiting the website: Data processing in the context of technical provision

8.1. Web hosting: Hetzner
Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. The hosting services we use are used to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services that we use for the purpose of operating our website. In doing so, we or the hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer. We have concluded a contract with the hosting provider as our service provider for order processing in accordance with Art. 28 GDPR. Hetzner’s privacy policy can be found here.

We process the aforementioned data in order to provide and display our website and the content contained therein to you. The legal basis for this processing is Art. 6 para. 1 (f) GDPR. Our legitimate interest in processing arises from the fact that processing is technically necessary to display our website to you and to ensure the stability and security of the website. The data will be deleted as soon as it is no longer required for the purpose described. You can object to this legitimate interest at any time.

8.2. Log files
When you visit our website and view its content, information is transmitted from your browser to our server, including the following personal data:

• Date and time of access to one of our Internet pages
• Your browser type
• the browser settings
• The operating system used
• The page you last visited
• The amount of data transferred and the access status (file transferred, file not found, etc.) as well as
• your IP address

This information is temporarily stored in a so-called log file until it is automatically deleted, which occurs regularly within two months.

We process this data to provide and display our website and its contents to you, as well as to protect against brute force attacks. The legal basis for this processing is Art. 6 para. 1 (f) GDPR. Our legitimate interest in processing arises from the fact that processing is technically necessary to display our website to you and to ensure the stability and security of the website. The data will be deleted as soon as it is no longer required for the purpose described. You can object to this legitimate interest at any time.

8.3. Our „Consent Manager“: CookieBot
As explained in section 7, we offer you the option of configuring and controlling the use of cookies at any time on our website with the help of our consent manager. However, our consent manager must communicate with your device, i.e. know its IP address, in order to function correctly. These are processed in anonymised form. The consent manager must also store the consent or refusal of consent, as well as the date and time of consent and browser information, as otherwise it would not be able to fulfil its purpose.

We use the CookieBot consent manager on our website. CookieBot is a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. We have concluded a contract with CookieBot as our service provider for order processing in accordance with Art. 28 GDPR. Processing by CookieBot takes place exclusively within the European Union. 

When you enter our website, a consent manager cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of the consent manager. This cookie has a lifetime of one month. This means that your browser will remember the settings you have made in the consent manager for this period, and the cookie will be deleted when this period expires.

The legal basis for the use of this cookie is Section 25 (2) No. 2 TDDDG. The legal basis for the data processing carried out in connection with the use of the consent manager is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in providing you with a functional and operational website and enabling you to control the cookies used on it. The data will be deleted at the latest upon expiry of the cookie’s lifetime. You can object to this legitimate interest at any time.

8.4. Google Tag Manager
We use the Google Tag Manager service on our website. Google Tag Manager is an auxiliary service that ensures the loading of other services on the website. Google Tag Manager itself does not access or process this data, but it enables the functioning of other services that may process data. We explain which data these services process at the relevant point in this privacy policy.

The provider of Google Tag Manager is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as well as other companies affiliated with Google LLC. We have concluded a contract with Google Ireland Ltd. as our service provider for order processing in accordance with Art. 28 GDPR. Further information about Google Tag Manager and Google’s privacy policy can be found here.

9. Processing of data when visiting the website: Web analysis 

9.1. Google Analytics 
We would like to know how users use our website and how we can improve it. We use Google Analytics on our website to analyse user behaviour. The service sets and uses cookies and processes the IP address used by your device.

„Google“ is a group of companies consisting of Google Ireland Ltd. (service provider), Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, as well as other companies affiliated with Google LLC. We have concluded a contract with Google Ireland Ltd. as our service provider for order processing in accordance with Art. 28 GDPR. Further information about Google Analytics and Google’s privacy policy can be found here.

We use Google Analytics with the “user ID function” deactivated. This means that, according to Google, no collection and assignment of user behaviour is carried out using a pseudonymised ID created by the user. According to Google, the IP address used by your device is also truncated and anonymised by Google immediately and within the European Union. According to Google, non-anonymised IP addresses are only transferred to the United States in exceptional cases. According to Google, the IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of „events“.
Events can include:

• Page views
• First visit to the website
• Start of the session
• Web pages visited
• Your “click path”, interaction with the website
• Scrolls (whenever a user scrolls to the bottom of the page (90%))
• Clicks on external links
• Internal search queries
• Interaction with videos
• File downloads
• Ads viewed/clicked
• Language settings

The following is also recorded:

• Your approximate location (region)
• Date and time of your visit
• Your IP address (in abbreviated form)
• Technical information about your browser and the devices you use (e.g. language settings, screen resolution)
• Your internet service provider
• The referrer URL (the website/advertisement that referred you to this website)

The information generated by the cookies about your use of this website, which cannot be traced back to you due to the anonymisation of the IP address, is usually transferred to a Google server in the USA and stored there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The data sent by us and linked to cookies is automatically deleted after two months. The maximum lifetime of Google Analytics cookies is two months. Data whose retention period has expired is automatically deleted once a month.

The legal basis for the use of this cookie is your consent in accordance with Section 25 (2) No. 2 TDDDG. The legal basis for the data processing carried out in this context is your consent in accordance with Article 6 (1) (a) GDPR. You can give us both via our Consent Manager (see section 6 above), where you can withdraw your consent at any time. You can also prevent the processing described above by adjusting the settings in your browser. Google participates in the EU/US Data Privacy Framework. Any data transfers to the USA associated with our use of Google services are lawful in accordance with the adequacy decision of the European Union pursuant to Art. 45 para. 1 (a) GDPR.

9.2. Visable Leads
We use the Visable Leads service on our website for analysis and marketing purposes. Visable Leads is a service provided by Visable GmbH, ABC-Straße 21, 20354 Hamburg, Germany. The service sets and uses cookies and processes the IP address used by your device. We have concluded a contract with Visable as our service provider for order processing in accordance with Art. 28 GDPR. Further information and Visable’s privacy policy can be found here.

When the Visable Leads service is activated, the following information is collected, processed and stored using pixel tracking technology when you visit our website: IP address of the device used to access the website, including URL, referrer, user agent and timestamp. We use this data to create usage profiles that are at least pseudonymised and, where possible and appropriate, completely anonymised. The data collected, which may initially contain personal data, is transmitted to Visable or collected directly by Visable and used there to create the aforementioned usage profiles. Visitors to this website are not personally identified.

May contain personal data, is transmitted to Visable or collected directly by Visable and used there to create the above-mentioned usage profiles. Visitors to this website are not personally identified, and no other personal data is merged with the usage profiles. If IP addresses are identified as personal data, they are deleted immediately.

The legal basis for the processing described is your consent in accordance with Art. 6 (1) (a) GDPR. You give us this consent via our consent manager (see section 7 above), through which you can also revoke your consent at any time. You can also prevent the processing described by adjusting the settings in your browser.

10. Data protection information regarding our presence on the LinkedIn platform

10.1. Joint responsibility
The provider of the social network „LinkedIn“ is LinkedIn Ireland Unlimited Co., Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn).

When you use the “LinkedIn” platform, LinkedIn regularly processes personal data about you as an independent data controller. We have no insight into LinkedIn’s data processing and no influence over it. LinkedIn’s privacy policy can be found here.

If you visit our company’s presence on the “LinkedIN” platform, we are “joint controllers” with LinkedIn within the meaning of Art. 26 GDPR for the processing of your personal data that occurs during your visit to our presence in accordance with the applicable legal situation. We have entered into an agreement with LinkedIn on joint responsibility in accordance with Art. 26 (1) GDPR, which you can view  here.

10.2. Validity of the above information
With regard to the data protection responsibilities to be assumed by us, the information provided in sections 1 to 5 above also applies mutatis mutandis to our presence on the LinkedIn platform.

10.3. Purpose, categories of personal data and legal basis for data processing

10.3.1. Processing by us
We use the “LinkedIN” platform for public relations, to market our services and products, and to stay in contact with our business partners and customers. For this purpose, we process the data entered by the users of the social networks themselves on our presence (e.g. user name, account content, comments).

The legal basis for this processing is Art. 6 para. 1 (f) GDPR. Our legitimate interest in processing this data arises from our desire to present our company and our products to interested people on social networks. We do not pass on any of this personal data to third parties. The data will be deleted within the scope of the options provided to us by the social networks as soon as it is no longer required for the purpose described. You can object to this legitimate interest at any time.

10.3.2. Processing by LinkedIn
Please refer to LinkedIn’s privacy policy and the additional information provided by LinkedIn to find out  which of your personal data is processed by LinkedIn  when you visit the “LinkedIN” platform and when you visit our presence on the “LinkedIN” platform, on what legal basis this is done, whether this data is also processed outside the European Union and how long this data is stored by LinkedIn.

Please note that LinkedIn states that it analyses the behaviour of visitors to our presence on the “LinkedIN” platform and creates evaluations (so-called page insights). LinkedIn processes a selection of your personal data for this purpose. The page insights provided to us by LinkedIn are aggregated and anonymised. They do not allow us to draw any conclusions about individual users of the LinkedIn platform or individual visitors to our presence on the “LinkedIn” platform.

LinkedIn does not provide conclusive and clear information about how it uses the data from visits to our LinkedIn presence for its own purposes, to what extent activities on our LinkedIn presence are assigned to individual users, how long LinkedIn stores this data, and whether data from a visit to our LinkedIn presence is passed on to third parties. In the agreement on joint responsibility concluded with LinkedIn in accordance with Art. 26 GDPR, LinkedIn, as the operator, acknowledges joint responsibility under data protection law with regard to Insights data and assumes essential data protection obligations to inform data subjects, ensure data security and report data protection violations. LinkedIn is the primary point of contact for the exercise of data subject rights in accordance with the agreement. LinkedIn has direct access to the necessary information and can provide information or take other measures.

Last update: 01.09.2024