We collect, use and store your personal data exclusively in the context of European and national data protection law. In the following, we will inform you about the nature, scope and purpose of the data collection and use in the context of our online offering.
Please refer to our legal notice in the top right-hand corner of this page.
Data protection officer
The contact details for our data protection officer can also be found in the legal notice in the top right-hand corner of this page.
Types of processed data
In order to conveniently make our online offering available to you, our customers, interested parties, suppliers, visitors and users, we process personal data. This includes, for example: Names, addresses, contact details (e-mail, phone numbers); entries made by you (texts, photographs, videos); the logging of websites visited; interests in content; access times; and device information, IP addresses, etc.
No special categories of data are processed as defined by Art. 9 (1) of the GDPR.
In accordance with Art. 13 of the GDPR, we explain the legal basis of our data processing here. Firstly, our online offering is based on contractual or pre-contractual measures as well as the answering of inquiries. In this case, the legal basis of Art. 6 (1) (b) of the GDPR is to be set aside. Insofar as we are forced to process data in the context of legal obligations, this is based on Art. 6 (1) (c) of the GDPR. With regard to the protection of our legitimate interests, data processing is based on Art. 6 (1) (f) of the GDPR. If none of the above-mentioned legal bases are relevant, we will carry out the processing if there is consent (Art. 6  [a] and Art. 7 of the GDPR).
In the networked world of today, unauthorized access to personal information is a reality that individuals and businesses face every day. Without question, this is a major challenge.
Since data privacy is a top priority for us, we invest in the security of our systems and constantly monitor them. Because when you use our online offering on excor.com, you are trusting us with your personal information. The security of this information is important to us.
Therefore – taking into account the state of the art; the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of individuals – we have enacted technical and organizational measures that provide protection against attacks, the misuse, loss and incorrect changes of personal data, as well as exclude access by unauthorized third parties (Art. 32 of the GDPR). Among other things, these measures should be aimed at preserving the confidentiality, integrity and availability of data by controlling physical access and digital access, input, disclosure, securing of availability and data separation. In addition, our company has procedures in place to regulate data subject rights, deletion of data and reaction to the threats to data, etc. Ultimately, we will (as per Art. 25 of the GDPR) strive for the protection of personal data as early as during the development and/or acquisition phase of new hardware and software as well as during the introduction of new procedures, according to the principles of data protection by design of technology (Privacy by Design) and by privacy-friendly default settings (Privacy by Default).
These security measures include, for example, the encrypted transmission of data between your browser and our server. When you place an order, for example, your personal data will be transmitted to us. In order to prevent this data from falling into the wrong hands, we encrypt it with SSL. This is a proven and secure data transfer method on the Internet. Based on our legitimate interest (Art. 6  [f] of the GDPR), we use server log files to analyze and correct disruptions to the availability of our online shop. We also exclusively guarantee access to sensitive data to authorized persons for the above purposes.
Cooperation with contract processors and third parties
If we make use of other persons and companies (contract processors or third parties) during the processing of the data, there is also one of the above-mentioned legal bases for this procedure. The processing of data with these cooperative partners is based on what is known as an “order processing contract”; see Art. 28 of the GDPR.
Data transmission to “third” countries
If data is processed in a “third” country (i.e. outside the European Union [EU] or the European Economic Area [EEA]), this will only be done if it can be justified by one of the above-mentioned legal bases. The data is processed only within the framework of the provisions of Art. 44 et seq. of the GDPR. This means that processing will only be carried out on the basis of specific guarantees, such as an officially recognized level of EU-compliant data protection (e.g. through the "Privacy Shield” for the USA) or compliance with officially recognized special contractual obligations (what are known as "standard contractual clauses”).
Purpose of processing, collecting, processing and using data
Our intention is to make this online offering, content and features accessible to you. In addition, we would like to provide contractual and pre-contractual services as well as offer various services and maintain our contact with our business partners and prospects.
We answer your contact requests via our online offering and process our communications with you.
Last but not least, there is also data processing for marketing purposes, advertising and market research and as a security measure to protect our website. For internal statistical or system-related purposes, therefore, every instance of access to our website as well as every retrieval of a file made available on this website is logged (in what are known as “server log files”).
This record will include the name of the retrieved file, the date and time of the retrieval, the amount of data transferred, the successful retrieval message, web browser type/version, user's operating system, referrer URL (previously visited page) and requesting domain, and the IP addresses of the requesting computer. Any further personal data will only be recorded if you voluntarily provide us with information on our website, for example when contacting us via our contact form or by e-mail, during registration, when concluding a contract, when making a request or when using the settings of your browser. The data will be used for any future warranty rights, for our services, for ensuring proper bookkeeping and for administrative purposes and for our own marketing purposes. For reasons of precaution, it will also be stored – for example – for the investigation of abuse or fraud for a maximum of seven days and then deleted. Further storage of the data for use as evidence remains unaffected.
Contractual service provision
Your data (e.g. names and addresses as well as contact data, but also contract data such as services used, names of contact persons, payment information) are processed to fulfill our contractual obligations and services in accordance with Art. (6) (1) (b) of the GDPR. The entries marked as obligatory in online forms are required for the conclusion of the contract.
You can also create a user account that can help track your orders. For the registration, you will be asked to enter the required information. The user accounts are not public. Indexing by search engines is not possible. Should you decide to terminate your user account, the data will be deleted with regard to the user account, subject to the retention requirements of Art. 6 (1) (c) of the GDPR for commercial or tax reasons. A backup of the data upon termination is at your discretion and will not be carried out by us. After termination, we are entitled and obliged to irrevocably delete all your data stored during the contract period.
When you register, repeatedly log in to, and use our online services, the IP address and time of each user's action is stored on the basis of our legitimate interests and for protection against misuse and other unauthorized use. This data will not be disclosed to third parties. However, a transfer will be made to prosecute our claims in the event of damage or in the case of a legal obligation in accordance with Art. 6 (1) (c) of the GDPR.
We use data about the visited websites of our online offering, interest in our products and entries in the contact form or user profile for advertising purposes within the framework of your user profile, for example to show you product information based on previously used services. After expiry of the statutory warranty and corresponding duties, the data will be deleted in compliance with the legally prescribed retention periods.
Use of personal data for our newsletter
If you have registered to receive our newsletter, we use the data provided during your registration – such as first name, last name and e-mail address – only for the purpose of sending the newsletter. To register for the newsletter, we use what is known as a “double opt-in process”. After registering to receive the newsletter, we will send you a confirmation e-mail asking you to confirm you wish to regularly receive the newsletter by clicking on a link in the e-mail. Only then will you receive the newsletter.
You have the option to unsubscribe from the newsletter at any time by clicking on a link contained in the respective newsletter, or by stating this by e-mail, fax or letter. You will incur no further costs for this, except for the regular fees for the transmission costs according to the basic rates.
The personal data stored in connection with the sending of our newsletter will be deleted after unsubscribing from the newsletter.
When you contact us via contact form or e-mail, your concerns will be processed on the basis of Art. 6 (1) (b) of the GDPR. We reserve the right to store your data in our Customer Relationship Management System ("CRM System") or a similar system.
If the requests have been processed and no further storage is required, they will be deleted. We check whether this is necessary every two years. For customers with customer accounts, we can also permanently save the data upon request. In the case of legal archiving obligations, the data is deleted after the legally prescribed retention periods.
Cookies are used on our website. Cookies typically contain information about the website that the web browser is visiting while browsing. If the user retrieves our website via the corresponding server, the browser of the user of our website sends back the previously received cookie. This allows the server to evaluate the information received and facilitate navigation on a website or control advertising.
Cookies are also used to manage your shopping cart during the order or display your settings (method of payment and delivery, place of delivery). This makes it possible for us to tailor our website to the needs of our customers. It is possible that our cooperation advertising partners also store their third-party cookies on your computer. This happens, for example, in connection with advertising measures on third-party websites (“retargeting” or with the use of “social plugins”).
None of the cookies used contain personal data. It is not possible to associate the cookies with you as a natural person. Only the computer used can be recognized. And this is only possible until the cookies are deleted or delete themselves due to their programming.
Integration of services and third-party content
Within the context of this online presence, third-party content – such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites (“third parties”) – may be included. The prerequisite here is always that the providers of this content are aware of the IP address of the user, since without this IP address, they cannot display their content on your browser. We endeavor to use only content whose third party uses the IP address only to deliver the content. However, we have no influence on the third-party providers recording your IP address, for example for statistical purposes.
We use Google Analytics on our websites. This is a service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA, 94043, USA ("Google"). We decided to use this service due to our legitimate interest in the analysis, improvement and economic operation of our Internet presence, based on Art. 6 (1) (f) of the GDPR.
However, in the case of the activation of IP anonymization on our websites, your IP address will be truncated beforehand by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
The full IP address may occasionally be transferred to a Google server in the United States and truncated there. Google uses this information on our behalf to evaluate your usage on our site, to report on activity on our website, and to provide other services related to website activity and Internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information.
Again, you can prevent the storage of cookies by changing the appropriate settings of your browser software. In that case, however, you may not be able to fully use all features of our websites. With the installation of a browser plug-in that you can download at this link (http://tools.google.com/dlpage/gaoptout?hl=en), you have the option of preventing the data created by the cookie related to your use of the website (including your IP address) from being processed by Google.
Credit check and scoring
If we deliver in advance of payment, e.g. in the case of a purchase on account, in order to safeguard our legitimate interests (Art. 6  [f] of the GDPR), we obtain (if necessary) a credit assessment based on mathematical and statistical procedures at Creditreform Göttingen Bruns KG, Willi-Eichler-Str. 11, 37079 Göttingen. For this purpose, we transfer the personal data required for a credit check to Creditreform Göttingen Bruns KG and use the information received on the statistical probability of a default to make a balanced decision on the establishment, implementation or termination of the contractual relationship. The credit information can contain probability values (score values), which are calculated on the basis of scientifically recognized mathematical and statistical methods and whose calculation includes, among other things, address data. Your legitimate concerns will be considered in accordance with the statutory provisions.
Links to other websites
Data subject rights
As a data subject, you are entitled to the right to information. Thereafter, you can request a confirmation as to whether and which data about you are processed by us (Art. 15 of the GDPR).
According to Art. 16 of the GDPR, you may request the completion of the data concerning you or the correction of any incorrect data concerning you.
You can demand the immediate deletion of your data under the conditions of Art. 17 of the GDPR. Alternatively (Art. 18 of the GDPR), it is possible to request the restriction of the processing of the data.
The deletion takes place as soon as the data are no longer necessary for the intended purpose and no further statutory storage requirements contradict it. Otherwise, processing is restricted; in other words, the data is locked and not processed. Data that must be kept for commercial or tax reasons fall under this category.
In Germany, there are storage periods for 6 years in accordance with Section 257 (1) of the German Commercial Code (account books, inventories, opening balances, annual accounts, business letters, accounting documents, etc.), or 10 years in accordance with Section 147 (1) of the German Tax Code (books, records, management reports, accounting documents, commercial and business letters, tax documents, etc.).
There is a possibility that we provide you with your data on request in accordance with Art. 20 of the GDPR and/or transfer your data to another responsible party. Furthermore, you have (in accordance with Art. 77 of the GDPR) the right to file a complaint with the competent supervisory authority.
In accordance with Art. 7 (3) of the GDPR, you can withdraw consent previously given to us with effect for the future.
Right of objection
You can object to the future processing of data concerning you at any time in accordance with Art. 21 of the GDPR. The objection may, in particular, be made against processing for direct advertising purposes.
You are welcome to contact us using the contact details above regarding any of the above concerns.
Last updated: 02/2019