Data protection at EMH metering
Data protection is a matter of trust and your trust is a priority for us. Data processing by EMH metering GmbH & Co. KG, Neu-Galliner Weg 1, 19258 Gallin/GERMANY as the controller within the meaning of Article 4 no. 7 GDPR, is of course based on the statutory provisions.
This data use notice is designed to provide visitors to our website – and sub-websites – as well as users in specific processing scenarios outside the website, with information on how we process your personal data.
Processing of your personal data when using our website
If you use our website for purely informational purposes, we only process personal data that your browser transmits to our server.
We collect this data on the basis of our legitimate interests within the meaning of Article 6(1f) GDPR. It is not possible for us to draw any conclusions about your identity on the basis of this data, and the data listed above will not be combined with your personal data without your consent either, unless this is necessary to follow up on legal infringements and attacks on our systems (Article 6(1c) GDPR).
Cookies are small files that are stored on your end device. They save certain settings and data to be exchanged with our systems, or the systems of service providers, via your browser. Saving this data helps us to ensure an appropriate website design for you and make the website easier for you to use, for example, by storing certain entries you make so that you do not have to keep entering them again and again. Cookies usually contain identifiers for this purpose. This allows users and/or the browsers (software for displaying Internet content) to be identified and distinguished from other users and browsers, and recognised again on subsequent visits.
Most cookies are automatically erased from your hard drive at the end of the browser session (these are known as session cookies). There are also, however, cookies that remain stored on your device permanently. Their expiry time is set to a time in the future for your convenience. On a subsequent visit, the cookie will then automatically recognise that you have already visited our site and will know which entries and settings you prefer. (there are known as persistent cookies). Some of these cookies are used to display information specifically tailored to your interests on our website or our partners’ websites.
Google analyses your usage on our behalf. The information about your use of this website collated by Google (e.g. the referring URL, pages on our site visited by you, the web browser you use, your language setting, your operating system or your screen resolution) is transmitted to one of Google’s servers in the USA, where it is stored and analysed and the results made available to us in anonymous form. Your usage data are not linked to your full IP address. On this website, we have activated the IP anonymisation function offered by Google, so that that the last octet (type IPv4) or the last 80 bits (type IPv6) of your IP address are deleted. Along with your consent as the legal basis for a third-party state forwarding to Google, we also ensure with standard contract clauses that suitable guarantees are provided for the processing of your personal data by Google in the USA that are intended to protect your rights and legitimise the third-party state transfer.
You can find more information about Google Analytics in the Google Conditions of Use, in Google’s security and data protection principles and in the Google data privacy statement.
Cookies used to ensure functions without which you would not be able to use our websites as intended are only stored by us, and their contents are not made available to third parties. We use these consent-free cookies on the basis of section 25 (2) no. 2 of the German Telecommunications-Telemedia Data Protection Act (TTDSG).
Links to other websites
If you complete our contact form to obtain detailed information and have all other enquiries answered, the data we process includes the following personal data concerning you: Name/company name, e-mail address and message content, telephone number where applicable. We need this personal information to be able to process your request (Article 6(1f), (1a) GDPR). This data will not be processed further for other purposes unless you have consented (Article 6(1a) GDPR) or the further processing is compatible with the original data collection, such as the initiation of a contractual relationship (Article 6(1b), Article 4 GDPR).
Performance of a contract
All relevant personal data for the performance of a contract is processed for the initiation, performance or termination of contractual relationships (Article 6(1b) GDPR). The personal data processed by us for the purpose of performing the contract will be stored until the expiry of the statutory provisions and will then be erased unless we are obliged to store it for a longer period or you have consented to it being stored beyond this date (Article 6(1a) GDPR).
In certain situations, we obtain your consent for the processing of your personal data (Article 6(1a) GDPR). You have the option of revoking your consent at any time, for example, if you have no business dealings with us and we would like to send you newsletters. We use what is known as the ‘double opt-in procedure’ for our newsletter. The first step in the double opt-in procedure involves you entering your e-mail address in our newsletter form and submitting it. Our system will send a confirmation e-mail to the e-mail address you provided immediately afterwards. You will then be asked to declare a second time that you want to receive future newsletters from us by clicking on the confirmation link. If you fail to do so, the e-mail address will soon be deleted and no newsletters will be sent to you.
Special processing situation: information and contact
If you do not yet have any business relationship with us, the personal information we collect will also be used on the basis of a legitimate interest for the purpose of providing information or establishing contact/communication. We store your information for a period of four years after our last contact with you (Article 6(1f) GDPR). You will always have the opportunity to object to the collection and use of this data.
Special processing situation: Advertising for similar services in which there is a presumed interest
If we process your personal data in order to provide you with information about, or contact you for, certain offers for our services (see above Information and contact, or because you have a business relationship with us, see above Performance of a contract), we will advertise similar services that we offer. This further processing for advertising purposes is compatible with the original data collection because we do not assume that you have any overriding interest, as the advertising only covers similar services as those for which you gave us your personal data. In addition, you always have the option of objecting to future advertising (Article 6(4) GDPR in accordance with section 7 (3) of the German Unfair Competition Act (UWG)). If you do not object when you receive advertising, your personal data will remain stored for advertising purposes, i.e. your personal data used for advertising purposes will not be deleted until you object.
Special processing situation: Job applications
If you send us your application for a position that has been advertised, your application documents will be processed on the basis of Article 88 GDPR in conjunction with section 26 (1) sentence 1, 1st half sentence, of the German Federal Data Protection Act (BDSG). If you send an application photo, you do so voluntarily and, in doing so, grant us your consent to the collection and storage of your application photo (Article 88 GDPR in conjunction with section 26 (2) BDSG). We have a very strong interest in conducting and completing a due and proper application process. This also includes rebutting any contrary allegations of discrimination in connection with the conclusion of the application process, which is why your application documents will not be deleted until 6 months after their rejection. Your application documents will only be stored for a longer period with your explicit consent. In cases involving unsolicited applications, your application documents will be deleted, even without you being given notice of rejection, within a maximum of 12 months after their receipt.
Special processing situation: Processing within the corporate organisation
As part of our corporate organisation, we process your data in our IT systems and, where necessary, transmit data concerning customers, interested parties, suppliers and staff in accordance with statutory obligations vis-à-vis authorities such as tax authorities and to consultants (tax advisors, lawyers, auditors) in accordance with our interests in ensuring legally compliant and cost-effective corporate management. The legal basis is Article 6(1c), (1f) GDPR and (4) GDPR. Within this context, we analyse data on all corporate and business transactions for corporate management and market research purposes. Insofar as no necessity arises from the specific purpose, the data is largely anonymised or is at least evaluated using pseudonyms and, at the very most, is made accessible to third parties in summarised form that does not allow it to be traced back to specific individuals. The legal basis is Article 6(1c), (1f) and (4) GDPR.
Special processing situation: Outsourced IT and hosting
We use IT software and hosting services offered by service providers as part of the provision of services and to fulfil your requests and our contractual obligations based on our interests in ensuring efficient and secure commercial and contractual performance. Your data concerning your interests, concerns or how you perceive our service offering is also processed with the help of the services offered by these service providers. To the extent required by law and where this is not already covered by professional confidentiality provisions, we have taken contractual measures to ensure our access to, and the secure and confidential treatment of, your data in contract data processing cases. The legal basis is Article 6(1f) GDPR, where applicable in conjunction with Article 28 GDPR (conclusion of contract data processing agreement).
Contract data processing
If we outsource the processing of personal data, we use specialised service providers. Our service providers are selected carefully and we perform regular checks on them. They only process personal data on our behalf and strictly in accordance with our instructions on the basis of corresponding contract data processing agreements/data protection agreements (Article 28 GDPR). As far as the processing of personal data that we carry out on behalf of a controller is concerned, we provide sufficient safeguards that we implement appropriate technical and/or organisational measures in order to ensure that processing is carried out in accordance with the statutory provisions and ensures the protection of the rights of data subjects.
Transmission of personal data to third countries
If we transmit personal data to countries outside the EU that do not offer an equivalent level of data protection, we rely on an adequacy decision of the European Commission (Article 45 GDPR) or on appropriate safeguards (Article 46 GDPR) or, pursuant to Article 49 GDPR, on exemptions for a third country transfer.
Data security, data integrity
The personal data we process is relevant for its intended use and we take reasonable steps to ensure that the personal data is complete and up-to-date for its intended use. Nevertheless, we ask for your support in ensuring that your data is correct and complete at all times. In addition, we or the controller take all of the necessary technical and organisational measures to protect your personal data against accidental destruction, accidental loss or accidental alteration, or against unauthorised disclosure or access. Any person acting in our name or on our behalf who is granted access to your personal data must only use it in accordance with our instructions. No other processing is permitted, unless it is required by law. The basic rule is the “need-to-know basis”, i.e. only authorised employees have access to your personal data.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can be exposed to security gaps. We use state-of-the-art technology, i.e. TLS encryption for e-mail correspondence. If, however, your e-mail system does not support TLS, there can be no end-to-end encryption, meaning that it is not possible to ensure the full protection of the data from access by third parties.
Storage of personal data
Recipients of personal data
We will not disclose your personal data to any third party unless it is in connection with the purposes listed above, or unless you have been notified in advance and, where appropriate, given the opportunity to decide whether or not we may use your personal data in this different way.
Right of access to personal data: You have the right of access to the personal data concerning you that is processed, which means that you have the right to obtain confirmation as to whether or not the personal data concerned is being processed. If this is the case, you have the right to access the personal data concerning you that is processed and certain additional pieces of information, and to receive a copy in a commonly used electronic form.
Right to rectification: You have the right to have inaccurate personal data concerning you corrected and the right to have incomplete personal data completed.
Right to erasure: You have the right to the erasure of your personal data. This is the case, for example, if the personal data is no longer necessary for the purposes for which it is processed, if you revoke your consent and there are no other legal grounds for the processing, or if the processing of your personal data is not necessary for compliance with a legal obligation, for the assertion and exercise of, or defence against, legal claims.
Right to revoke consent: If you have consented to certain processing operations, you have the right to revoke your consent at any time. The revocation of consent shall not affect the lawfulness of the processing based on the consent prior to its revocation.
Right to object: You have the right to object if the processing is based on the weighing up of interests pursuant to Article 6 (1) sentence 1e) or f) GDPR in order to request a reassessment of the interests or to object to direct marketing. We will then reassess your case and will only continue to process your personal data, despite your objection, if we can demonstrate compelling legitimate grounds that override your interests.
Right to data portability: You have the right to data portability. This means that you may have the right to obtain the personal data concerning you that you have provided to us and to have that data transferred to another controller.
Right to restriction: You have the right to restrict your personal data, for example if you dispute its accuracy or if you have objected to the processing as described above. In both cases, this right applies while we are processing and reviewing your request.
Right to lodge a complaint with a supervisory authority: You can lodge a complaint if you believe that we have breached applicable data protection provisions when processing your personal data.
If you have any questions regarding data protection, please contact us:
Tel.: +49 38851 326-0
e-mail address: firstname.lastname@example.org
Company name: EMH metering GmbH & Co. KG
You can contact our company data protection officer at email@example.com
Would you like more information about our products, applications or our company? Our respective contact persons will be pleased to help you.
Your message will be answered:
Sign up here for up-to-date information on events, training courses and new solutions from our company.