Privacy Policy

Requirements under Articles 13 and 14 GDPR (information obligations)

1. Name and contact details of the controller and the data protection officer

This privacy notice applies to data processing by:

Technical operator:
ERC.D GmbH
Lina-Ammon-Str. 3
D-90471 Nuremberg
Email: info@ercd.de
Phone: +49 (0)911 – 4779 1930

Content responsibility: ERC.D GmbH

You can reach the data protection officer at datenschutz@biehn-und-professionals.de or by phone at +49 (0)2944 – 979710.

2. Collection and storage of personal data as well as the type and purpose of their use

When visiting the website

When you access our website www.european-railway-company.com, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

• IP address of the requesting device
• Date and time of access
• Name and URL of the retrieved file
• Website from which the access originates (referrer URL)
• Browser used and, if applicable, the operating system of your device as well as the name of your access provider

The aforementioned data is processed by us for the following purposes:

• Ensuring a smooth connection to the website,
• Ensuring comfortable use of our website,
• Evaluation of system security and stability, and
• for further administrative purposes.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the collected data to draw conclusions about your person.

Furthermore, we use cookies and analytics services when you visit our website. More detailed explanations can be found in Sections 4 and 5 of this privacy policy.

Disclosure of data

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We only disclose your personal data to third parties if:

• you have given your explicit consent pursuant to Article 6(1)(a) GDPR
• the disclosure is necessary pursuant to Article 6(1)(f) GDPR for the establishment, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data
• there is a legal obligation for disclosure pursuant to Article 6(1)(c) GDPR, and
• it is legally permissible and required pursuant to Article 6(1)(b) GDPR for the performance of a contract with you.

4. Cookies

We use cookies on our website. These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device, nor do they contain viruses, trojans, or other malware.

The cookie stores information related to the specific device you are using. However, this does not mean that we directly gain knowledge of your identity.

The use of cookies serves, on the one hand, to make the use of our services more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted once you leave our site.

In addition, we use temporary cookies to optimize user-friendliness, which are stored on your device for a defined period. If you visit our site again to use our services, it is automatically recognized that you have been here before and which inputs and settings you have made, so you do not need to re-enter them.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you (see Section 5). These cookies allow us to automatically recognize that you have visited us before when you return to our site. These cookies are automatically deleted after a defined period.

The data processed through cookies is necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties pursuant to Article 6(1)(f) GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a notification always appears before a new cookie is set. Completely disabling cookies may, however, mean that you are unable to use all functions of our website.
[borlabs-cookie type=”btn-cookie-preference” title=”Change privacy settings” /]

5. Analytics tools

Tracking tools

The tracking measures listed below and used by us are carried out on the basis of Article 6(1)(f) GDPR. With these tracking measures, we aim to ensure a needs-based design and the continuous optimization of our website. We also use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you. These interests are considered legitimate within the meaning of the aforementioned provision.

The respective purposes of data processing and data categories can be found in the descriptions of the individual tracking tools.

Google AdWords Conversion Tracking

To statistically record the use of our website and to evaluate it for the purpose of optimizing our site, we also use Google Conversion Tracking. In this process, Google AdWords places a cookie (see Section 4) on your device if you arrive on our website via a Google advertisement.

These cookies expire after 30 days and do not serve to personally identify users. If a user visits certain pages of the AdWords customer’s website and the cookie has not yet expired, Google and the customer can determine that the user clicked the advertisement and was redirected to that page.

Each AdWords customer receives a different cookie. Cookies therefore cannot be tracked across AdWords customers’ websites. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. AdWords customers learn the total number of users who clicked on their advertisement and were redirected to a page tagged with a conversion tracking code. They do not receive any information that personally identifies users.

If you do not wish to participate in the tracking process, you can refuse the required cookie— for example via a browser setting that disables the automatic placement of cookies. You can also disable cookies for conversion tracking by configuring your browser to block cookies from the domain “www.googleadservices.com”. Google’s privacy notice on conversion tracking can be found here: https://services.google.com/sitestats/de.html

6. Integration of Google Maps

We use Google Maps on this website. This allows us to display interactive maps directly on the site and enables you to conveniently use the map function.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in Section 3 of this privacy policy is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data is directly associated with your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research, and/or the needs-based design of its website. Such analysis is carried out in particular (even for users who are not logged in) to deliver tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the provider’s privacy policies. There you will also find further information about your rights in this regard and settings to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is certified under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

7. Data protection in job application procedures

 

8. Rights of data subjects

You have the right:

• pursuant to Article 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information about its details;
• pursuant to Article 16 GDPR to request the immediate rectification of inaccurate or completion of your personal data stored by us;
• pursuant to Article 17 GDPR to request the erasure of your personal data stored by us, unless processing is required for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
• pursuant to Article 18 GDPR to request the restriction of processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful but you refuse deletion, we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Article 21 GDPR;
• pursuant to Article 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request transmission to another controller;
• pursuant to Article 7(3) GDPR to withdraw your previously given consent at any time. This means that we may no longer continue the data processing that was based on that consent for the future; and
• pursuant to Article 77 GDPR to lodge a complaint with a supervisory authority. Generally, you may contact the supervisory authority at your usual place of residence or workplace, or at our company headquarters.

9. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are grounds relating to your particular situation, or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without requiring you to state a particular situation.

If you wish to exercise your right of withdrawal or objection, an email to tanja.stoesslein@erc-gruppe.eu is sufficient.

10. Data security

We use the widely adopted SSL (Secure Socket Layer) method during your website visit, in combination with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we instead use 128-bit v3 technology. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

11. Social media

This privacy policy applies to the following social media presences

• https://www.facebook.com/ERC.DGmbH/
• https://www.xing.com/pages/erc-dgmbh
• https://de.linkedin.com/company/erc-d-gmbh

Data processing by social networks

We maintain publicly accessible profiles on social networks. The social networks we use in detail are listed further below.

Social networks such as Facebook, Twitter, etc. are generally able to analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media profiles triggers numerous data-processing operations relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media platform can associate this visit with your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective social media platform. In this case, data collection occurs, for example, via cookies stored on your device or through the capture of your IP address.

Using the data collected in this way, the operators of social media platforms can create user profiles that store your preferences and interests. This enables interest-based advertising to be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, this interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot trace all processing operations on social media platforms. Depending on the provider, additional processing operations may be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Legal basis

Our social media presences are intended to ensure the broadest possible online visibility. This constitutes a legitimate interest pursuant to Article 6(1)(f) GDPR. The analysis processes initiated by the social networks may rely on different legal bases, which must be specified by the operators of the social networks (e.g. consent under Article 6(1)(a) GDPR).

Controller and exercise of rights

If you visit one of our social media profiles (e.g. Facebook), we share responsibility with the operator of the social media platform for the data processing operations triggered during that visit. You may generally exercise your rights (access, rectification, erasure, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media platform (e.g. against Facebook).

Please note that despite the shared responsibility with the operators of social media platforms, we do not have full influence over the data processing operations of the platforms. Our ability to act is largely determined by the corporate policies of each provider.

Storage period

The data collected directly by us via our social media presence is deleted from our systems as soon as you ask us to delete it, withdraw your consent, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory requirements – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data that social network operators store for their own purposes. For details, please consult the privacy policies of the respective social networks (see below).

Your rights

You have the right at any time to obtain, free of charge, information about the origin, recipients, and purpose of your stored personal data. You also have the right to object, the right to data portability, and the right to lodge a complaint with the competent supervisory authority. Furthermore, you may request the rectification, blocking, deletion, and, under certain circumstances, the restriction of the processing of your personal data.

Social networks in detail

Facebook

We maintain a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Meta”). According to Meta, the collected data is also transferred to the USA and other third countries.

We have concluded an agreement on joint processing (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click the following link and log in:
https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum
and https://de-de.facebook.com/help/566994660333381.

For details, please refer to Facebook’s privacy policy:
https://www.facebook.com/about/privacy/.

XING

We maintain a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to deactivate LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how LinkedIn handles your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

12. Updates and amendments to this privacy policy

This privacy policy is currently valid and was last updated in March 2024.

Due to the further development of our website and the services offered on it, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The most current version of the privacy policy can be accessed and printed at any time on the website at https://european-railway-company.com/datenschutz.