Data Protection Notices

Ernst Russ AG, Elbchaussee 370, D-22609 Hamburg, which can be reached at +49 40 88 88 1 - 0 and at, and the companies affiliated with the Ernst Russ Group take the protection of personal data very seriously. In the following, we would like to provide an explanation about the data that we process when visiting our websites and using our online services and about the entities with which we share these data. In addition, you will find information about your rights as a data subject.

Personal data within the meaning of the EU General Data Protection Regulation (GDPR) means all information relating to a person that can be used to identify that person, such as the name or email address of the data subject. Processing within the meaning of the GDPR means any action taken with respect to personal data, such as the collection, storage, transmission, or deletion of personal data.

1. Usage data

When visiting our website, we record personal data that your browser transmits to our server (so-called log files). These log files, which are stored on our server, are necessary both in technical terms so that you can access our website as well as for our legitimate interest in displaying our websites to you and ensuring their stability and security. The legal basis for this processing is Article 6(1)(b) and (f) GDPR. The log files that we process involve, in particular, the following data:

  • your IP address;
  • the date and time of your query;
  • the content of your request (which specific sub-websites you are visiting);
  • the website that you came from to reach our website;
  • the access status/HTTP status code;
  • the amount of data transferred in each case;
  • your browser;
  • your operating system and its interface; and
  • the language and version of your browser software.

2. Web forms

In order to be able to provide our online services to you, we use so-called web forms on our websites in which you can actively enter your personal data. These personal data are recorded by us and processed for each online service. The legal basis for this processing is Article 6(1)(b) GDPR. We use web forms for sending the newsletter. Details can be found Section 5 of these Data Protection Notices.

3. Disclosure of personal data to third parties

Your personal data are transmitted by us to the following recipients:

  • domainfactory GmbH, Oskar-Messter-Str. 33, D-85737 Ismaning, as hosting provider. The legal basis for the disclosure is Article 28 GDPR;
  • CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, as newsletter provider. The legal basis for the disclosure is Article 28 GDPR.

If we use service providers to process your personal data on our behalf (processors), we have concluded processing contracts with them that obligate them to process your personal data only in accordance with our instructions and to the extent permitted by statute.

4. Use of social media plug-ins

We currently use social media plug-ins from Xing, Twitter, and Google+, which enable you to share our content on the corresponding platforms. We use the “Shariff solution” from Heise, which is in conformity with data protection law: Only when you click on one of the plug-ins will a connection be established with the respective plug-in provider, and you will be sent to its website. There, you will communicate directly with the corresponding provider. If you have an account and are logged in, the data are directly attributed to your account. We have no influence over the data collected by the plug-in provider or its data processing operations, nor are we aware of the full extent of the data collection, the purposes, or the storage periods.

For more information about the purpose and extent of data collection and their processing by the plug-in providers, please refer to their data protection policies:
a) Xing AG, Dammtorstraße 30, 20354 Hamburg, Germany;
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;
c) Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States;

5. Email newsletter

With your consent, you can subscribe to our newsletter, which we use to inform you about our current, interesting services. The services applied for are specified in the declaration of consent. If you enter your email address in the newsletter mailing list, we initially store this email address only temporarily for the purpose of sending you an email in which you can confirm membership in the email mailing list (so-called “double opt-in” procedure). If you do not confirm your membership within seven days of requesting the confirmation email, the provided data will not be processed for any other purpose and will be deleted. If your email address was confirmed by you, we store this for the purpose of sending the newsletter until you request that we delete your email address.

In order for us to be able to prove your enrolment in the newsletter mailing list and to counter any accusation of unsolicited sending of emails, we also store the date and time of the enrolment and the confirmation of enrolment in the email mailing list, as well as the IP address used for your enrolment. The IP address is not used for any other purpose. The legal basis for data processing operations in connection with newsletter services is Article 6(1)(a) GDPR. You may cancel your enrolment in the sending of the newsletter at any time by unsubscribing to the newsletter using the link contained in each newsletter.

6. Cookies

In addition to processing the aforementioned personal data, we also use cookies on our websites. Cookies are small text files that are stored on your hard drive assigned to the browser that you use and that send certain information to us as the entity setting the cookie. A cookie normally contains the name of the domain from which the cookie data were sent, as well as information about the age of the cookie and an alphanumeric identifier. Cookies do not launch any programs or infect your computer with viruses. We use them to make our website more user-friendly and effective for you.

We set cookies that are deleted when you close your browser (transient cookies) as well as cookies that are stored on your computer for a specific period of time, which can differ from cookie to cookie (persistent cookies). A common type of transient cookies are session cookies, which store a so-called session ID that enables various requests from your browser to be assigned to a common session. That allows your computer to be recognised when you return to our websites. Session cookies are deleted when you log out or close your browser. You can delete persistent cookies at any time using your browser’s security settings.

The use of cookies is designed, in particular, to make it easier for you to enter data into forms and to enable us to perform a statistical analysis of how our website is accessed. You can configure your browser in such a way that it notifies you about the setting of cookies and, e.g. refuses to allow third-party cookies or any cookies whatsoever. This makes their use transparent for you. Please be aware that the use of some parts of our websites will be limited if you configure your browser to refuse cookies.

7. Use of web analytics tools

On our website, we use Piwik, an open-source software for statistically analysing visitor accesses. Piwik uses cookies that enable us to analyse how you use our websites. The information generated by the cookies about your use of our websites is stored on the provider’s server in Germany and France. The IP address of your computer is not recorded, meaning that you remain anonymous in this respect. The installation of cookies can be prevented through your browser software. If you turn off cookies, however, you may not be able to use all functions of our websites to the full extent. Data processing is based on Article 6(1)(f) GDPR, because we have a legitimate interest in analysing the traffic on our website in order to optimise use as well as our websites in general. Piwik collects such data as:

  • your IP address;
  • the date and time of your query;
  • the content of your request (which specific sub-website you are visiting);
  • the website that you came from to reach our website;
  • the access status/HTTP status code;
  • the amount of data transferred in each case;
  • your browser;
  • your operating system and its interface; and
  • the language and version of your browser Software.

8. Standard periods for deletion of data

Personal data that we receive from you when visiting our websites are, subject to compliance with statutory retention duties, promptly deleted after completion of the contractual service or after their purpose has been fulfilled. Your data are promptly deleted when you unsubscribe from our newsletter.

9. Data security

Ernst Russ AG takes state-of-the-art technical and organisational security measures in order to protect your data as comprehensively as possible against loss, destruction, falsification, or unwanted accessing. When personal data are entered in web forms, Ernst Russ AG protects them with great care.

If you contact us by email, please be aware that data are not encrypted when they are transmitted. If you would like to send us confidential information, you should not do this by email but instead, e.g. by sending a letter in the mail.

Your personal data are protected by Ernst Russ AG and the providers carefully selected by us pursuant to Article 28 GDPR in application of the relevant statutory provisions through technical and organisational measures.

10. Links to other websites

Our website contains links to other websites. We have no influence over whether their operators comply with data protection provisions. Despite carefully reviewing content, we also cannot assume any liability for external links to outside content. Please refer to the data protection notices on the respective websites for information about data processing operations on those sites.

11. Voluntary provision of data

Provision of your personal data on our websites is always done on a voluntary basis. You have neither a legal nor contractual obligation to do so.

12. Your rights

Depending on the circumstances in the specific case, you have the following data protection rights:

  • to request access to your personal data and/or copy of such data. That includes information about the purpose of use, the category of the used data, their recipients and persons authorised to access them, and, where possible, the planned duration of data storage or, if this is not possible, the criteria for establishing this duration;
  • to request that your personal data be corrected, deleted, or restricted in terms of processing if their use is impermissible under data protection law, particularly because (i) the data are incomplete or inaccurate, (ii) they are no longer needed for the purposes for which they were collected, (iii) the consent to processing was revoked, or (iv) you successfully made use of a right of revocation concerning data processing; in cases where the data are processed by third parties, we will forward your applications for correction, deletion, or restriction in terms of processing to such third parties unless this proves to be impossible or is associated with unreasonable effort;
  • to refuse to consent or – without affecting the lawfulness of the data processing that took place prior to revocation – to revoke you consent at any time to the processing of your personal data;
  • not to be subjected to a decision based exclusively on automated processing that is legally effective against you or substantially interferes with you in a similar fashion;
  • to request that you be provided with the personal data concerning you that you provided to us in a structured, common, and machine-readable format and to transmit such data to another data controller without interference by us; you may also have the right to request that we transmit the personal data directly to another data controller, if this is technically feasible;
  • to take legal steps or to request the involvement of the responsible supervisory authorities if you believe that your rights were infringed as a result of your personal data being processed in a manner that is not in conformity with the requirements of data protection law.

In addition to the foregoing, you have the right to object at any time to the processing of your personal data:

  • if we process your personal data for purposes of direct marketing; or
  • if we process your personal data for the purposes of pursuing our legitimate interests and reasons exist that result from your special situation.

Please contact the data protection officer of Ernst Russ AG if you have any questions, suggestions, or comments about the issue of data protection.

Ernst Russ AG
Data Protection Officer
Elbchaussee 370
D-22609 Hamburg
Hamburg, February 2018