Privacy

The protection of your personal data is important to us. On this page, you will find our privacy policy, which explains what data we collect, how we process it, and what rights you have.

To provide you with a better overview, we have divided the privacy policy into several sections:

Website privacy notice

We, EBRO Armaturen Gebr. Bröer GmbH, Karlstr. 8, D-58135 Hagen, Germany (hereinafter also “we”, “us” or “EBRO”) would like to provide you with the following information on the processing of your personal data (hereinafter also “data”) when using our website and on your rights under data protection law.

We take the protection of your personal data very seriously. Your data will be processed exclusively in accordance with the applicable data protection regulations, in particular the provisions of the European General Data Protection Regulation (hereinafter: “GDPR”) and the German Federal Data Protection Act (Bundesdatenschutzgesetz hereinafter: “BDSG”) as well as the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz hereinafter: “TDDDG”) (together hereinafter: “data protection laws”).

For reasons of better readability, the generic masculine is used in the following. Female and other gender identities are expressly included.

Please note that the terms used, such as “personal data” or “processing”, correspond to the definitions in Article 4 GDPR. If you would like to take a look at the GDPR yourself, you can find it online at:  https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 You can access the BDSG at the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679; you can find the TDDDG here: https://www.gesetze-im-internet.de/ttdsg/.

This privacy notice applies exclusively to our website, which can be accessed at https://www.ebro-armaturen.com/, including all its subpages. This privacy notice expressly does not apply to websites of third parties that are linked to from our website.

The controller within the meaning of the GDPR for the processing of your data on this website is

EBRO Armaturen Gebr. Bröer GmbH

Karlstr. 8
D-58135 Hagen
Germany

E-Mail: post@ebro-armaturen.com
Phone: +49 2331 – 904-0

If you have any questions about the processing of your data or would like to exercise your rights as a data subject, please contact us using the contact details above.

You can also contact our data protection officer directly by email at dsb_ext@ebro-armaturen.com or using the following contact details:

c/o V-Formation GmbH

Stephanienstr. 18
D-76133 Karlsruhe
Germany

E-mail: dsb_ext@ebro-armaturen.com
Phone: +49 721 181292-20

2.1        Server log data

Logs are created when you access and use our website. The following information is automatically stored in these logs:

  • IP address;
  • date and time of access;
  • http protocol used;
  • accessed subpages and files;
  • amount of data transferred;
  • information on the web browser and operating system used;
  • screen resolution and color depth of the retrieving device;
  • browser and language settings;
  • information on browser plug-ins (JavaScript, Flash Player, Java, Silverlight, Adobe Acrobat Reader, etc.);
  • previously visited website (referrer URL).

This data is required for the stable and secure operation of our website. We process it for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interests lie in the provision of our website and in ensuring its stability and security.

When you visit our website, corresponding information may be stored on your end device and/or corresponding information that is already stored on your end device may be accessed. The storage or access takes place on the basis of § 25 para. 2 No. 2 TDDDG, as this information is absolutely necessary to ensure the operation of our website and IT security and to be able to provide you with our website as requested.

Data processing takes place automatically when you access and use our website. It is not possible to use our website without this data processing. We do not use the above-mentioned data to draw conclusions about your identity, unless there is a reasonable suspicion of an attack or illegal use of our website.

The server log data is stored for as long as is necessary for the above-mentioned purposes. We reserve the right to store it for longer, in particular for the assertion, exercise or defense of legal claims.

2.2         Hosting

To provide our website, we use the services of dogado GmbH, Antonio-Segni-Straße 11, 44263 Dortmund, Germany (hereinafter “Dogado”). Our website is hosted on Dogado servers. All data collected on our website is generally transferred to Dogado servers and stored there.

Dogado acts on our behalf on the basis of a data processing agreement within the meaning of Article 28 GDPR, which we have concluded with Dogado. In this agreement, Dogado undertakes to process the respective personal data on our behalf only in accordance with our instructions.

Further information on data processing by Dogado can be found in Dogado’s privacy policy at the following link: https://www.dogado.de/legal/datenschutz.

2.3         Contact forms

You have the option of sending us inquiries using the contact form. When you use our contact forms, we collect and store the personal data you provide via the respective contact form in order to respond to your inquiry.

The data you provide via our contact forms will be transferred to us via a secure connection. We transfer this data to our enterprise resource planning system (see section 2.5). Your data will only be collected, processed and used for the purpose of handling and responding to your inquiry. Data processing is carried out on the basis of Article 6 para. 1 letter b GDPR if it concerns the performance or initiation of a contractual relationship with you, or to safeguard our legitimate interest in properly responding to your inquiry on the basis of Article 6 para. 1 letter f GDPR.

If we process your data for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR, you can object to the processing of your data at any time by sending a message to the contact details given above.

We delete the data you provide as soon as the purpose for which it was collected no longer applies, subject to the fulfillment of continuing statutory retention obligations.

Please note that we cannot guarantee complete data security when communicating via the contact form. Particularly in the case of confidential information, we therefore recommend that you send it using a secure transmission method, such as by post.

 

2.4        Newsletter

You have the option of registering via our contact forms to receive our newsletter, regular e-mail notifications with product-specific information and advertising content. If you take advantage of this option, we will process the data you provide in the registration form to send you the requested newsletter.

We use the so-called double opt-in procedure for sending newsletters, i.e. we will send you an automatic confirmation e-mail after your registration via the respective registration form and ask you to confirm your registration for the newsletter dispatch by clicking on the corresponding link. By completing this double opt-in procedure, you have given your consent to receive the newsletter.

As part of sending the newsletter, your interactions with our newsletters are tracked and evaluated (so-called measurement of opening and click rates). This is done via single-pixel image files, so-called web beacons or tracking pixels, as well as correspondingly coded links contained in our newsletters. Technical information, such as information about your web browser, your operating system, your IP address and the date and time of retrieval of the newsletter is collected and assigned to your e-mail address. Corresponding information can be stored on your end device and/or corresponding information that is already stored on your end device can be accessed. This is done to optimize our newsletter dispatch.

Data processing in the context of sending the newsletter is based on your consent in accordance with Article 6 para. 1 letter a GDPR in conjunction with § 25 para. 1 TDDDG. If the content of our newsletters is specifically described in the context of a registration, this is decisive for the scope of the consent. Our newsletters also contain information about our services, products, offers, promotions and our company.

Subscriptions to our newsletters are logged by us in order to be able to prove the registration process and the consent given in accordance with the legal requirements. The logging of the registration and the necessary processing of the data entered by you during registration is carried out for purposes of our legitimate interests in accordance with Article 6 letter 1 letter f GDPR. Our legitimate interests consist in providing evidence of legally compliant newsletter distribution and the assertion, exercise or defense of legal claims.

If you no longer wish to receive newsletters from us, you can withdraw your consent at any time with effect for the future by sending a message in text form to the above-mentioned contact details or via the unsubscribe link in each newsletter. Tracking using web beacons is not possible if you have deactivated the display of images in your e-mail program by default. In this case, however, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.

We use the service of CleverReach GmbH & Co KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”) to send newsletters. Subject to your consent, the data collected in the course of sending the newsletter will be transmitted to CleverReach. CleverReach acts on our behalf on the basis of a data processing agreement within the meaning of Article 28 GDPR, which we have concluded with CleverReach. In this agreement, CleverReach undertakes to only process the respective personal data on our behalf in accordance with our instructions. Further information on data processing by CleverReach can be found at: www.cleverreach.com/de/funktionen/reporting-und-tracking/

2.5        Enterprise Resource Planning System

The data you provide when you contact us (see section 2.3) will be transferred to our enterprise resource planning system (“ERP system”). Your data is managed, maintained and processed there for the purposes of lead and customer management as well as for contract initiation and processing. Your master data, contact data and contract data as well as any data collected via other channels, such as our social media channels or at trade fairs, are merged into a customer profile.

We use the services of the provider Comarch AG, Riesstraße 16, 80992 Munich, Germany (hereinafter “Comarch”). Comarch acts on our behalf on the basis of an data processing agreement within the meaning of Article 28 GDPR, which we have concluded with Comarch. In this agreement, the provider undertakes to process the respective personal data on our behalf only in accordance with our instructions. The data is stored on servers in Germany.

The associated data processing is carried out on purposes of our legitimate interests in accordance with Article 6 para. 1 letter f GDPR. Our legitimate interests lie in the optimization of our business processes and the effective design of our lead and customer management.

If we process your data to protect our legitimate interests on the basis of Article 6 para 1 letter f GDPR, you can object to the processing of your data at any time by sending a message to the contact details above. In this case, we will no longer process your data unless we can prove that we have a legitimate interest in doing so or are otherwise legally obliged to store it.

2.6        BIM portal

If you are an EBRO customer, you have the option of registering on our website for our BIM portal and our “Building services engineering price list”. Once you have successfully registered, you can use the BIM portal to access and download CAD data, tender texts, the current building services engineering price list, BMEcat, Datanorm 4, GEAB data and VDI 3805 data, among other things, and find out about the latest developments.

As part of the registration process, we process the personal data you provide in the registration form to provide the user account you have requested.

Once you have completed your registration, we will check your authorization to access the BIM portal. If the check is successful, you will receive an email with a temporary user password and a login link. The temporary user password must then be changed in the user account settings of the BIM portal. Otherwise your registration will be deleted from our system.

To use the BIM portal, it is necessary to log in via an existing user account. This is done by entering the corresponding user name and password.

Data processing is only carried out for the purpose of making our services accessible and providing our services in accordance with the contract. The legal basis for data processing is our legitimate interest in providing the services you have requested on the basis of Article 6 para. 1 letter f GDPR and Article 6 para- 1 letter b GDPR, insofar as data processing is necessary for the performance of a contractual relationship with you.

If we process your data for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR, you can object to the processing of your data at any time by sending a message to the contact details given above.

You can request the deletion of your user account at any time by sending an email to service@ebro-armaturen.com. Otherwise, your data will be deleted as soon as the purpose of data collection ceases to apply, subject to the fulfillment of continuing statutory retention obligations or other reasons for retention in accordance with Article 17 para. 3 GDPR.

2.7        Cookies

Cookies and similar technologies (hereinafter collectively referred to as “cookies”) are used on this website to make our website more convenient, efficient and secure and to ensure economical operation.

Cookies are usually small identifiers that our server sends to your web browser and that your end device stores with the corresponding default setting. These can be used, among other things, to recognize you when you visit our website again and to analyze and evaluate your use of our website. Cookies can be set by us or by third-party providers, such as our partners, e.g. for statistical and marketing purposes.

The data processing is carried out either for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR, insofar as it concerns necessary cookies, or on the basis of Article 6 para. 1 letter a GDPR, insofar as you have expressly consented to the storage and use of non-essential cookies via our cookie banner. We expressly reserve the right to have recourse to other legal bases.

The storage of information on your end device or access to information already stored on your end device that may be associated with the use of cookies is based on your consent in accordance with § 25 para. 1 TDDDG. If the storage of information on your end device or access to information already stored on your end device is absolutely necessary so that we can provide the telemedia service expressly requested by you (here: our website), no consent is required. The storage or access then takes place on the basis of § 25 para. 2 No. 2 TDDDG.

You can withdraw your consent to the use and storage of non-essential cookies at any time with effect for the future in the cookie settings of our website. You can also object to the storage of necessary cookies at any time by selecting “Do not accept cookies” in the settings of your web browser. The procedures for the technical management and deletion of cookies via the settings of your web browser can be found in the “Help” function of your web browser. You can also technically prevent the storage and use of all cookies by using free browser add-ons. However, if you prevent the storage of all cookies, this can lead to functional restrictions on our website.

 

2.7.1        Necessary cookies

We use cookies on our website that are absolutely necessary for the basic functionality and to ensure the security and stability of our website (hereinafter collectively referred to as “necessary cookies”). You can find a detailed overview of the necessary cookies used as well as the respective purposes of use and the respective storage duration in the cookie settings of our website.

The necessary cookies are stored and used for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interest lies in the proper provision of our website and in ensuring the security and stability of our website.

The associated storage of information on your end device or access to information already stored on your end device is also permitted without your consent, as this is absolutely necessary in order to provide the telemedia service expressly requested by you (here: our website). The storage or access then takes place on the basis of § 25 para. 2 No. 2 TDDDG.

You can only deactivate necessary cookies technically via your web browser settings. For further details, please refer to the above passage. Please note that deactivating necessary cookies can lead to functional restrictions. You can object to any processing that we carry out for purposes of our legitimate interests on the basis of Article 6 para 1 letter f GDPR by sending a message to the contact details above.

 

2.7.2        Preference cookies

Subject to your consent, we use additional cookies to optimize the use of our website and to enable you to use our website conveniently (hereinafter collectively referred to as “preference cookies”). These cookies enable our website, for example, to remember certain information and preferences, such as your preferred language or region or pre-filled forms. You can find a detailed overview of the preference cookies used as well as the respective purposes of use and the respective storage period in the cookie settings of our website.

The storage and use of preference cookies is based on your consent in accordance with Article 6 para. 1 letter a GDPR.

The associated storage of information on your end device or access to information already stored on your end device is also based on your consent in accordance with §25 para. 1 TDDDG.

You can withdraw your consent to the storage and use of preference cookies at any time with effect for the future in the cookie settings of our website. For further details, please refer to the passages above.

 

2.7.3        Statistical cookies

Statistical cookies help us to better understand how you interact with our website by analyzing your use of our website with the help of statistical cookies. We may also use cookies from third-party providers, which may enable them to obtain information about your usage behavior and use it for their own purposes. For details on data processing by the third-party services used on this website, please refer to the corresponding sections below. For a detailed overview of the statistical cookies used as well as the respective purposes and storage duration, please refer to the cookie settings of our website.

The storage and use of statistical cookies is based on your consent in accordance with Article 6 para. 1 letter a GDPR.

The associated storage of information on your end device or access to information already stored on your end device is also based on your consent in accordance with § 25 para. 1 TDDDG.

You can withdraw your consent to the storage and use of statistical cookies at any time with effect for the future in the cookie settings of our website. For further details, please refer to the passages above.

2.7.4        Marketing cookies

Subject to your consent, we use cookies for marketing purposes in order to optimize our online marketing measures and to evaluate your interactions with them (hereinafter collectively referred to as “marketing cookies”). We may also use cookies from third-party providers, which may enable them to obtain information about your usage behavior and use it for their own purposes. For details on data processing by the third-party services used on this website, please refer to the relevant sections below. For a detailed overview of the marketing cookies used as well as the respective purposes and the respective storage period, please refer to the cookie settings of our website.

Marketing cookies are stored and used on the basis of your consent in accordance with Article 6 para. 1 letter a GDPR.

The associated storage of information on your end device or access to information already stored on your end device is also based on your consent in accordance with § 25 para. 1 TDDDG.

You can withdraw your consent to the storage and use of marketing cookies at any time with effect for the future in the cookie settings of our website. For further details, please refer to the passages above.

2.8        Web analysis

2.8.1        Matomo (formerly Piwik)

If you have consented to this, we use Matomo, an open source software for the statistical analysis of user access to our website. This is done on the basis of § 25 para. 1 TDDDG in conjunction with Article 6 para. 1 letter a GDPR.

The IP address of users is shortened by Matomo before it is saved. Matomo uses cookies that are stored on your end device and enable your use of our website to be analyzed. Pseudonymous user profiles can be created from the processed data. The information generated by the cookie about your use of our website is stored on a server of our service provider and is not passed on to third parties.

You can withdraw your consent to the use of Matomo at any time with effect for the future in the cookie settings of this website. For further details, please refer to the passage under section 2.6.

Further information on data protection at Matomo can be found at the following link: https://matomo.org/privacy-policy/.

2.9        Remarketing / Retargeting

We also use retargeting/remarketing services from third-party providers on our website to optimize our service. Data is collected on the basis of cookie/tracking technology to optimize our advertising and the entire online service (so-called retargeting/remarketing). This data is not used by us to identify you personally, but is used solely to evaluate the use of our website and to target users who have already shown an interest in our content and offers with interest-based advertising on our website and on other websites and social media services of our partners. We are convinced that the display of interest-based advertising is generally more interesting for the user than advertising that has no such personal reference. The display of advertising on our website or on the websites of our partners is based on an analysis of previous user behavior. According to the providers of the retargeting/remarketing services we use, user profiles are generally created in anonymized or pseudonymized form. This data is also not merged by us at any time with other personal data stored by us.

Provided you have given us your consent to do so, data processing is carried out on the legal basis of Article 6 para. 1 letter a GDPR in conjunction with § 25 para. 1 TDDDG. We expressly reserve the right to have recourse to other legal bases. You can find out which third-party providers we work with, how your data is processed in this context and how you can deactivate retargeting/remarketing technologies in the following sections.

2.9.1        Google Ads / Google Marketing Platform

We use the remarketing or “similar target groups” function in Google Ads/Google Marketing Platform (formerly DoubleClick by Google) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google Ireland”) on our website to optimize our offer.

Google Ireland uses cookie/tracking technologies that are stored on your device to help us analyze how you use our website and to display ads for products or services that may be of interest to you. According to Google Ireland, the cookies used for this purpose do not contain any personal information. If you are registered with a Google service and logged in, Google Ireland can assign your visit to our website to your account. Even if you are not registered with Google, it is possible that Google Ireland will find out your IP address and use it to create and store user profiles about you. We do not use the function offered by Google Ireland for comparison with customer lists.

2.9.2        Google Ads and Google Conversion Tracking

We use Google Ads to optimize and measure the success of our website. Google Ads is an online advertising service from Google Ireland.

As part of Google Ads, we use what is known as conversion tracking. When you click on an ad placed by Google Ireland, a cookie is set for conversion tracking. The information generated by the cookie is used to evaluate the interaction of our website visitors with our ads and to compile statistics on the conversion of our ads. This data cannot be assigned to a specific person. The cookie loses its validity after 30 days and is not used to personally identify website visitors.

The information generated by Google Ireland’s cookie/tracking technologies about your use of this website may also be transferred to servers of Google LLC, the parent company of Google Ireland, in the USA and stored there. The US-based parent company Google LLC is certified in accordance with the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to Google LLC in the USA are therefore covered by the corresponding adequacy decision of the EU Commission pursuant to Article 45 para. 3 GDPR. The EU Commission has published the adequacy decision here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

You can withdraw your consent at any time via the cookie settings of our website. You can also technically prevent the storage and use of cookies by making the appropriate browser settings or browser add-ons. In addition, you can deactivate interest-based advertising on Google at the following link: http://www.google.com/settings/ads/plugin.

Further information on data processing by Google can be found here:

2.9.3        Facebook pixel

On this website, we use services of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Meta Ireland”), such as the Facebook pixel, for retargeting/remarketing purposes.

When you visit our website and if you have given us your consent to do so, a direct connection is established between your browser and the Meta server via the Facebook pixel. Meta Ireland thus receives the information that you have visited our website and we can make our Facebook activities more effective and, for example, display posts or ads only to visitors to our website. In addition, the Facebook pixel enables us to analyze the use of this website and to display ads for content and offers that may be of interest to you. The data collected is only transmitted to Meta Ireland in encrypted form and is anonymous to us, i.e. the personal data of individual users cannot be viewed by us. We do not use the “advanced matching” function of the Facebook pixel.

The information generated by the Facebook pixel may also be transferred to servers of Meta Platforms, Inc, the parent company of Meta Ireland, in the USA and stored there.  The US-based parent company Meta Platforms, Inc. is certified according to the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to Meta Platforms, Inc. in the USA are therefore covered by the corresponding adequacy decision of the EU Commission pursuant to Article 45 para 3 GDPR. The EU Commission has published the adequacy decision here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

You can withdraw your consent at any time via the cookie settings of our website. You can also technically prevent the storage and use of cookies by making the appropriate browser settings or browser add-ons.

Further information on the Facebook pixel, the type, scope, purposes, legal basis and objection options for data processing by Meta Ireland as well as your setting options for protecting your privacy can be found in Meta Ireland’s privacy policy at https://www.facebook.com/about/privacy/ and at https://www.facebook.com/business/learn/facebook-ads-pixel.

2.9.4        LinkedIn Insight Tag

We use the LinkedIn Insight Tag of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn Ireland”) on this website for retargeting/remarketing purposes.

When you visit our website and if you have given us your consent to do so, a direct connection is established between your browser and the LinkedIn server via the LinkedIn Insight Tag. LinkedIn Ireland thus receives the information that you have visited our website and we can make our LinkedIn activities more effective and, for example, display posts or ads only to visitors to our website. In addition, the LinkedIn Insight Tag enables us to analyze the use of this website and to display ads for content and offers that may be of interest to you. The data collected is only transmitted to LinkedIn Ireland in encrypted form and is anonymous to us, i.e. the personal data of individual users cannot be viewed by us.

The information generated by the LinkedIn Insight Tag may also be transferred to servers of LinkedIn Corporation, the parent company of LinkedIn Ireland, in the USA and stored there. The US-based parent company LinkedIn Corporation is certified under the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to LinkedIn Corporation in the USA are therefore covered by the corresponding adequacy decision of the EU Commission pursuant to Article 45 para. 3 GDPR. The EU Commission has published the adequacy decision here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

You can withdraw your consent at any time via the cookie settings of our website. You can also technically prevent the storage and use of cookies by making the appropriate browser settings or browser add-ons.

For more information about the LinkedIn Insight Tag, data processing by LinkedIn and how to object to data processing by LinkedIn Ireland, please visit

2.10    Other services and content from third-party providers

2.10.1    YouTube

Video embeddings from YouTube are used on our website. This service is offered by Google Ireland. Data processing is carried out on the basis of your consent in accordance with Article 6 para. 1 letter a GDPR in conjunction with § 25 para. 1 TDDDG, provided you have given us this consent, and otherwise on the basis of our legitimate interest in accordance with Article 6 para. 1 letter f GDPR in conjunction with § 25 para. 2 No. 2 TDDDG. Our legitimate interest lies in the economic operation of our website and the optimization of our entire online service. In addition, the storage and/or reading of information on/from your end device is absolutely necessary in order to provide the desired service (playing the embedded videos). We expressly reserve the right to have recourse to other legal bases.

The YouTube videos embedded on our website, which are stored on http://www.youtube.com and can be played directly from our website, are embedded in “extended data protection mode”. This means that, according to YouTube, no data about you as a user is transmitted to YouTube if you do not play the videos. When you access the embedded video, a connection to Google’s servers is established and certain information (e.g. your IP address) is sent to YouTube, even if you are not logged in to YouTube. We have no knowledge of the type and scope of the data collected by Google Ireland and have no influence on its use. If you have given us your consent to do so, the services of Google Ireland may also be used for retargeting/remarketing purposes (see details under section 2.8).

The data processed by them may also be transferred to servers of Google LLC, the parent company of Google Ireland, in the USA and stored there. The US-based parent company Google LLC is certified in accordance with the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to Google LLC in the USA are therefore covered by the corresponding adequacy decision of the EU Commission pursuant to Article 45 para. 3 GDPR. The EU Commission has published the adequacy decision here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

For more information on the purposes and scope of data collection and the further processing and use of data by YouTube and your rights in this regard and the available setting options to protect your privacy, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=de&gl=de (Google Ireland’s privacy policy, which also includes YouTube).

If you do not want YouTube to associate your visit to our website with your YouTube user account, you must log out of YouTube before visiting our website. Even if you are not logged in to YouTube, websites with videos may send data to Google Ireland via the use of cookies, which allow Google Ireland, for example, to create an anonymized/pseudonymized user profile.

You can withdraw any consent you may have given to the storage and use of cookies in connection with the embedded videos in the cookie settings of our website. You can also technically prevent the storage and use of cookies at any time by making the appropriate browser settings or browser add-ons].

2.10.2    Google Maps

On our website, we integrate the maps of the Google Maps service of the provider Google Ireland to display locations and to create directions. Data processing is carried out on the basis of your consent in accordance with Article 6 para. 1 letter a GDPR in conjunction with § 25 para. 1 TDDDG, provided you have given us this consent.

When you access the maps integrated into our website, a connection to the servers of Google Ireland is established, subject to your consent, and certain information (e.g. your IP address) is transmitted to Google. We have no knowledge of the type and scope of the data collected by Google and have no influence on its use.

The data processed by them may also be transferred to servers of Google LLC, the parent company of Google Ireland, in the USA and stored there. The US-based parent company Google LLC is certified in accordance with the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to Google LLC in the USA are therefore covered by the corresponding adequacy decision of the EU Commission pursuant to Article 45 para. 3 GDPR. The EU Commission has published the adequacy decision here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. More information on data processing by Google and the withdrawal options can be found at

You can withdraw any consent you may have given to the storage and use of cookies in connection with the integrated maps in the cookie settings of our website. You can also technically prevent the storage and use of cookies at any time by making the appropriate browser settings or browser add-ons.

2.10.3    Google reCAPTCHA

We use the reCAPTCHA service from Google Ireland on our website to detect bots, e.g. for entries in online forms, and thus ultimately as an IT security measure. This is done either through an interaction of the website visitors with the service or partly in the background, without it being visible to the website visitors, based on the analysis of surfing behavior. This involves the processing of server log data (see section 2.1) and possibly other data, such as information on mouse movements and keystrokes. Data processing is carried out on the basis of your consent in accordance with Article 6 para. 1 letter a GDPR in conjunction with § 25 para. 1 TDDDG, provided you have given us this consent.

The data collected by the reCAPTCHA service will be transmitted to Google Ireland, subject to your consent. Google Ireland uses the information collected on our behalf to evaluate your use of the website and thus ensure the detection of bots and spam messages. Google Ireland may also use this information for its own purposes

The data processed by them may also be transferred to servers of Google LLC, the parent company of Google Ireland, in the USA and stored there. The US-based parent company Google LLC is certified in accordance with the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to Google LLC in the USA are therefore covered by the corresponding adequacy decision of the EU Commission pursuant to Article 45 para. 3 GDPR. The EU Commission has published the adequacy decision here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en. More information on data processing by Google and on setting and withdrawal options at Google can be found at

You can withdraw any consent you may have given to the storage and use of cookies in connection with the integrated maps in the cookie settings of our website. You can also technically prevent the storage and use of cookies at any time by making the appropriate browser settings or browser add-ons.

2.11    Links to our social media presences

On our website you will find links (hyperlinks) to our presence on the social networks and platforms Instagram, Facebook, YouTube, Xing and LinkedIn. These services are offered by the companies listed below (hereinafter also referred to as “third-party providers”):

  • Instagram and Facebook are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta Ireland”).
  • YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland” or “YouTube”).
  • Xing is operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (“Xing”).
  • LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”).

The purpose and scope of the data collection and the further processing and use of the data by Meta Ireland, Google Ireland, Xing and LinkedIn Ireland as well as your rights in this regard and the available setting options to protect your privacy can be found in the data protection notices of the third-party providers:

If you do not want a third-party provider to be able to assign the clicking of a link leading to its offer to your user account there, you must log out of the respective service at before clicking on such a link. Even if you are not logged in with the third-party provider, data may be sent to the third-party provider via the use of cookies after clicking on a link.

Your personal data will only be transferred to external recipients to the extent necessary to achieve the above-mentioned purposes, if we have your consent to do so or if another legal permission exists. Your data may be transferred to external service providers that we use to achieve the above-mentioned purposes and with whom we have concluded data processing addendums in accordance with Article 28 para 3 GDPR.

External recipients of your personal data may be, in particular

  • affiliated companies with whom we may exchange personal data, insofar as this is necessary for internal administrative, marketing or customer service purposes;
  • service providers bound by instructions that we use to achieve the above-mentioned purposes;
  • Business partners, e.g. freelance employees;
  • the financial administration;
  • tax consultants and auditors and;
  • courts, arbitration tribunals, authorities or legal advisors if this is necessary to comply with applicable law or to assert, exercise or defend legal claims.

If we transfer your data to third countries outside the European Union (EU) or the European Economic Area (EEA) as described above, we will ensure that, apart from legally permitted exceptions, the recipient either has an adequate level of data protection or that you consent to the data transfer. An adequate level of data protection can be ensured, for example, by the existence of an adequacy decision by the EU Commission, the conclusion of EU standard contractual clauses (SCC) or the existence of so-called Binding Corporate Rules (BCR). Please contact us using the contact details above to obtain information about the specific guarantees for the transfer of your data to third countries.

In the event that the existing adequacy decision for the EU-US Data Privacy Framework should be declared invalid in the future, we have already agreed additional transfer instruments with the relevant service providers as a precautionary measure, such as EU standard contractual clauses in particular, or will do so in good time if necessary.

We only store your personal data for as long as is necessary to fulfill the above-mentioned purposes or – in the case of consent – as long as you do not withdraw your consent. In the event of an objection, we will no longer process your personal data unless further processing is permitted or even mandatory under the relevant statutory provisions (e.g. in the context of retention obligations under commercial and tax law). We will also delete your personal data if we are obliged to do so for legal reasons.

For further details on the storage period of your personal data, please refer to the respective explanations in the sections listed above.

As a person affected by data processing, you have the following rights in accordance with the GDPR:

Right of access (Article 15 GDPR)

You have the right to receive information about your personal data processed by us.

Right to rectification (Article 16 GDPR)

You have the right to demand the immediate correction of incorrect data and the completion of incomplete data, provided that the legal requirements are met.

Right to erasure (Article 17 GDPR)

You have the right to request the deletion of your personal data if the legal requirements are met and in particular if (1) your data is no longer required for the purposes stated in this data protection notice, (2) you have withdrawn your consent and there is no other legal basis for the processing, (3) your data has been processed unlawfully or (4) you have objected to the processing of your data and there are no overriding legitimate grounds for the processing.

Right to restriction of processing (Article 18 GDPR)

You have the right to demand that we restrict the processing of personal data concerning you, in particular if you dispute the accuracy of the data or if the processing of your data is unlawful and you demand restriction instead of erasure.

Right to data portability (Article 20 GDPR)

If your data is processed on the basis of a contract or on the basis of your consent, you have the right to receive your data in a structured, commonly used and machine-readable format or to have your data transmitted to another controller, provided that the legal requirements for this are met.

Right to object (Article 21 GDPR)

You have the right to object to our processing of your data at any time for reasons arising from your particular situation, provided that the legal basis for our processing of your data are our legitimate interests in accordance with Article 6 para. 1 letter f GDPR. If you exercise your right to object, we will cease processing your data unless we can demonstrate compelling legitimate grounds for continuing the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

Right to withdraw consent (Article 7 para. 3) GDPR)

If we process your data on the basis of your consent, you have the right to withdraw this consent at any time with effect for the future. The legality of the processing carried out on the basis of the consent until the withdrawal remains unaffected by the withdrawal.

Right to lodge a complaint with the supervisory authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR (Article 77 GDPR). You can exercise this right in particular with a supervisory authority in the member state of your habitual residence, your place of work or the place of the alleged infringement or with the supervisory authority responsible for us. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf.

If you have any questions regarding the processing of your data or would like to exercise your rights as a data subject, please contact us using the contact details above.

This privacy notice may be subject to change. The latest version of this privacy policy applies.

Status: May 2025

Privacy notice for social media presences

We, EBRO Armaturen Gebr. Bröer GmbH, Karlstr. 8, D-58135 Hagen, Germany (hereinafter also “we”, “us” or “EBRO”) would like to inform you below about the processing of your personal data (hereinafter also “data”) in connection with the use of our presences on the social media platforms Instagram, Facebook, YouTube, Xing and LinkedIn (hereinafter together “social media platforms”), accessible at

(hereinafter collectively referred to as “social media presences”)

as well as the legal basis and purposes of this processing and your rights under data protection law.

We take the protection of your personal data very seriously. Your data will be processed exclusively in accordance with the applicable data protection regulations, in particular the provisions of the European General Data Protection Regulation (hereinafter: “GDPR”) and the German Federal Data Protection Act (Bundesdatenschutzgesetz hereinafter: “BDSG”) as well as the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz hereinafter: “TDDDG”) (together hereinafter: “data protection laws”).

This privacy policy only applies to the above-mentioned social media presences that are operated by us. In particular, the following information does not refer to third-party social media presences or websites of other providers that may be linked to from our social media presences.

For reasons of better readability, the generic masculine is used in the following. Female and all other gender identities are expressly included

Please note that the terms used, such as “personal data” or “processing”, correspond to the definitions in Article 4 GDPR. If you would like to take a look at the GDPR yourself, you can find it online at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 You can access the BDSG at the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679; you can find the TDDDG here: https://www.gesetze-im-internet.de/ttdsg/.

The controller within the meaning of the GDPR for the processing of your data is

EBRO Armaturen Gebr. Bröer GmbH

Karlstr. 8
D-58135 Hagen
Germany

E-Mail: marketing@ebro-armaturen.com
Phone: +49 2331 – 904-0

If you have any questions about the processing of your data or would like to exercise your rights as a data subject, please contact us using the contact details above.

You can also contact our data protection officer directly by e-mail at dsb_ext@ebro-armaturen.com or using the following contact details:

c/o V-Formation GmbH

Stephanienstr. 18
D-76133 Karlsruhe
Germany

E-Mail: dsb_ext@ebro-armaturen.com
Phone: +49 721 181292-20

In addition to us, the providers of the respective social media platform are also controllers for the processing of your data on our respective social media presence. These are the following:

(hereinafter also referred to collectively as “providers of the social media platforms”)

Where applicable, the data processing in the context of the use of our social media presences takes place within a joint controllership between us and the respective provider of the social media platform. Joint controllership within the meaning of the GDPR exists in particular

  • with Meta Ireland in the context of the use of statistical information, such as information on likes, clicks and reach on our Facebook presence (so-called “Page Insights”). We have entered into a joint controllership agreement with Meta Ireland, which sets out our respective obligations under the GDPR. This can be accessed at https://www.facebook.com/legal/terms/page_controller_addendum. Further information on the “Page Insights” function and the main content of our agreement with Meta Ireland can be found in section 6;
  • with LinkedIn Ireland in the context of the use of statistical information, such as information on likes, clicks and reach on our LinkedIn presence (so-called “LinkedIn Analytics”). We have entered into a joint controllership agreement with LinkedIn Ireland, which sets out our respective obligations under the GDPR. This is available at https://legal.linkedin.com/pages-joint-controller-addendum. Further information on the “LinkedIn Analytics” function and the main content of our agreement with LinkedIn Ireland can be found in section 6.

Certain data processing, in particular the use of data collected via LinkedIn Lead Gen Forms (see section 4.6), is carried out by EBRO and its affiliated companies of the Bröer Group (hereinafter also referred to collectively as “affiliated companies”) under joint controllership. In this respect, we have concluded an agreement with our affiliated companies on joint controllership within the meaning of Article 26 para. 1 GDPR (see Section 9). Please contact us using the contact details above to obtain information on the contact details of the respective affiliated companies.

In certain cases it is possible to use our social media presences without registering with the respective social media platform. Even if you use the respective social media platform without registering, personal data may be processed.

We operate our social media presences to inform you about our company and our activities and to enable a direct exchange between you and us.

In principle, we have no influence on the data collection and further use of the data collected by the providers of the social media platforms. The extent to which, where and for how long the data is stored, the extent to which the providers of the social media platforms comply with their deletion obligations, which evaluations and links are made with the data and to whom the data is passed on is neither apparent to us nor can we influence it.

Please note that the providers of the social media platforms may also process the data of users registered with the respective social media platform and visitors to the respective social media platform, such as IP addresses, cookies, etc., outside the European Union (EU) or the European Economic Area (EEA, EU member states plus Iceland, Liechtenstein and Norway) and may use them for their own purposes.

You have the option of contacting us directly via our social media presences (e.g. by personal message or messenger). The data you provide in the respective message (e.g. name, e-mail address, etc.) will be processed and, if necessary, transferred to our systems in order to record and answer your request. Please refrain from sending us sensitive information such as health data, application documents or bank or credit card details via our social media presences. We recommend using secure means of transmission, such as letter post or sufficiently encrypted e-mail.

As far as the initiation of a contractual relationship is concerned, the processing of your data that you provide to us when you contact us directly is carried out on the basis of Article 6 para. 1 letter b GDPR. If you have given us your consent to data processing, e.g. via a contact form provided by us, the data processing is carried out on the basis of Article 6 para. 1 letter a GDPR. Otherwise, the data you provide when contacting us directly is processed for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interest lies in the proper processing of voluntary contact requests sent to us.

Once you have given your consent, you can withdraw it at any time without giving reasons with effect for the future, without any disadvantages for you. This does not affect the lawfulness of processing up to withdrawal of consent. If the data processing is carried out on purposes of our legitimate interests in accordance with Article 6 para. 1 letter f GDPR, you can object to this at any time in accordance with the GDPR. To do so, please send us an email message to the contact details above.

4.1        Facebook

In accordance with the way a social media platform works, it is possible for us to gain knowledge about the users who interact with our Facebook presence and our posts on it (e.g. like, rate, comment on or share them), provided that you have made your interactions on the Facebook platform public and have not expressly marked them as “private”. We may evaluate this information in aggregated form, e.g. using the Page Insights function (see section 6), in order to provide you with more relevant content that may be of greater interest to you. The information obtained in this way does not allow us to draw any conclusions about a specific person.

Your data is processed for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interest lies in the economic operation, optimization and usage analysis of our Facebook presence as well as in communicating with you as a user/visitor and, if necessary, carrying out marketing activities on our Facebook presence.

In your Facebook profile, you as a user have the option of, for example, actively hiding your “posts”, “likes” or “subscriptions” or no longer following our Facebook presence. You will then no longer appear in the list of subscribers to our Facebook presence.

4.2        Instagram

In accordance with the way a social media platform works, it is possible for us to gain knowledge of the users who interact with our Instagram presence and our posts on it (e.g. like, rate, comment on or share them), provided that you have made your interactions on the Instagram platform public and have not expressly marked them as “private”. We may evaluate this information in aggregated form in order to provide you with more relevant content that may be of greater interest to you. The information obtained in this way does not allow us to draw any conclusions about a specific person.

Your data is processed for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interest lies in the economic operation, optimization and usage analysis of our Instagram presence as well as in communicating with you as a user/visitor and, if necessary, carrying out marketing activities on our Instagram presence.

In your Instagram profile, you as a user have the option of, for example, actively hiding your “posts” or “subscriptions” or no longer following our Instagram presence. You will then no longer appear in the list of subscribers to our Instagram presence.

4.3        YouTube

In accordance with the way a social media platform works, we are able to gain knowledge about the users who interact with our YouTube presence and our posts on it (e.g. like, rate, comment on or share them). We may analyze this information in aggregated form, to provide you with more relevant content that may be of greater interest to you. The information obtained in this way does not allow us to draw any conclusions about a specific person.

Your data is processed for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interest lies in the economic operation, optimization and usage analysis of our YouTube presence as well as in communicating with you as a user/visitor and, if necessary, carrying out marketing activities on our YouTube presence.

In your YouTube profile, you as a user have the option, for example, to mark your uploaded videos, created playlists and your subscriptions as “private” so that they cannot be viewed by other users. You can also decide to no longer follow our YouTube presence. You will then no longer appear in the list of subscribers to our YouTube presence.

4.4        Xing

In accordance with the way a social media platform works, it is possible for us to gain knowledge about the users who interact with our Xing presence and our posts on it (e.g. like, rate, comment on or share them), provided that you have made your interactions on the Xing platform public and have not expressly marked them as “private”. We may evaluate this information in aggregated form in order to provide you with more relevant content that may be of greater interest to you. The information obtained in this way does not allow us to draw any conclusions about a specific person.

Your data is processed for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interest lies in the economic operation, optimization and usage analysis of our Xing presence as well as in communicating with you as a user/visitor and, if necessary, carrying out marketing activities on our Xing presence.

As a user of the Xing platform, you have the option of no longer following our Xing presence at any time.

4.5        LinkedIn

In accordance with the way a social media platform works, it is possible for us to gain knowledge about the users who interact with our LinkedIn presence and our posts on it (e.g. like, rate, comment on or share them). We may evaluate this information in aggregated form, e.g. using the LinkedIn Analytics function (see section 6), in order to provide you with more relevant content that may be of greater interest to you. The information obtained in this way does not allow us to draw any conclusions about a specific person.

Your data is processed for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interest lies in the economic operation, optimization and usage analysis of our LinkedIn presence as well as in communicating with you as a user/visitor and, if necessary, carrying out marketing activities on our LinkedIn presence.

As a user of the LinkedIn platform, you have the option of no longer following our LinkedIn presence at any time.

4.6        LinkedIn Lead Gen Forms

We use so-called Lead Gen Forms on our LinkedIn presence. These enable certain actions, e.g. you can use them to contact our sales department or request free content. Genrally, we will use a form to request certain information such as your e-mail address and your first and last name as well as information about your industry, for example. We use the information obtained in this way to provide you with further information that may be relevant to you and to contact you if necessary. This may include a promotional approach. We also evaluate the use of our Lead Gen Forms in order to optimize them in a targeted manner.

Subject to your consent, we use the data collected from you in the respective form to send you our regular e-mail newsletter with product-specific information and advertising content. We use the so-called double opt-in procedure for sending newsletters, i.e. we will send you an automatic confirmation e-mail after your registration via the respective registration form and ask you to confirm your registration for the newsletter dispatch by clicking on the corresponding link. By completing this double opt-in procedure, you have registered to receive the newsletter.

As part of sending the newsletter, your interactions with our newsletters are tracked and evaluated (so-called measurement of opening and click rates). This is done via single-pixel image files, so-called web beacons or tracking pixels, as well as correspondingly coded links contained in our newsletters. Technical information, such as information about your web browser, your operating system, your IP address and the date and time of retrieval of the newsletter is collected and assigned to your e-mail address. Corresponding information can be stored on your end device and/or corresponding information that is already stored on your end device can be accessed. This is done to optimize our newsletter dispatch on the basis of your consent in accordance with § 25 para. 1 TDDDG.

You can unsubscribe from our newsletter at any time via the unsubscribe link contained in every newsletter and revoke your consent in this respect.

The data that we collect as part of the Lead Gen Forms may be passed on to our sales department or the sales department of one of our affiliated companies and processed there in order to contact you or provide you with further information. This is a joint controllership between us and our affiliated companies (see section 1 and section 8). In this context, your data may be transferred to the lead management module of our enterprise resource planning system. This also serves to maintain contact with you.

The legal basis is your consent in accordance with Article 6 para. 1 letter a GDPR in conjunction with § 25 para. 1 TDDDG, which you give us before sending the respective form.

You can withdraw your consent to be contacted at any time with effect for the future. We will then not contact you again or send you any information. The legality of the processing up to the time of withdrawal remains unaffected. The withdrawal can be sent by e-mail to the contact details given above under section 1.

Newsletter tracking using web beacons is not possible if you have deactivated the display of images in your e-mail program by default. In this case, however, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.

We store your data in connection with Lead Gen Forms until you withdraw your consent. In the event of withdrawal, we will delete the data unless further storage of certain data is necessary due to a legal obligation or to protect our legitimate interests, in particular the assertion, exercise or defense of legal claims.

The providers of the social media platforms use cookies and similar technologies, i.e. generally small identifiers that are stored on your end device (hereinafter collectively referred to as “cookies”), among other things to offer you a comprehensive range of functions, to make use more convenient and to optimize their services. Cookies can be stored on your end device and/or cookies that are already stored on your end device can be read. The data obtained by using cookies is collected and processed directly by the providers of the social media platforms. EBRO has no access to these and no influence on how the providers of the social media platforms use them.

The social media providers use both so-called session cookies, which are only stored temporarily during your visit to the respective social media platform, and so-called persistent cookies, which are stored on your end device for several weeks to months, for example. These cookies are set regardless of whether you have a user account for the respective social media platform or are logged into your existing user account at the time of your visit.

The information obtained using cookies can be used by the providers of the social media platforms within the respective social media platform as well as in other social media services and in third-party services that use the social media services to create user profiles for market research and advertising purposes. In particular, your usage behavior and your resulting interests are taken into account. In this context, the providers of the social media platforms may enable third parties to use this data to place advertisements within and outside the respective social media platform. If you use the respective social media platform on multiple devices, the data may also be collected and analyzed across devices, especially if you are logged in as a user.

5.1        Facebook

For more information on the type, scope, purposes, legal basis and objection options for the use of cookies by Meta Ireland, please refer to Facebook’s cookie policy (https://de-de.facebook.com/policies/cookies).

According to Meta Ireland, the storage and use of non-essential cookies (also called “optional cookies”) only takes place if you have given your consent in accordance with Article 6 para. 1 letter a GDPR in conjunction with § 25 para. 1 TDDDG. This may apply in particular to third-party cookies that are used, for example, in connection with personalized advertising or analyses and the provision of certain functions. Required cookies, which according to Meta Ireland are necessary for the use of the Facebook platform, cannot be deactivated according to Meta Ireland.

You also have the option of purchasing an ad-free use of Facebook by taking out a paid subscription with Meta. If you take out such a subscription with Meta, you will, according to Meta, no longer be shown any advertising by Meta when using Facebook during the term of the subscription. In addition, according to Meta, your information (including cookies for advertising purposes) will not be used for advertising purposes during the term of the subscription. You can find more information about taking out a subscription with Meta here: https://facebook.com/help/1241090626576242?helpref=faq_content.

5.2        Instagram

For more information on the type, scope, purposes, legal basis and objection options for the use of cookies by Meta Ireland, please refer to Instagram’s cookie policy (https://privacycenter.instagram.com/policies/cookies).

According to Meta Ireland, the storage and use of cookies in connection with non-essential cookies (also known as “optional cookies”) only takes place if you have given your consent in accordance with Article 6 para. 1 letter a GDPR in conjunction with. § 25 para. 1 TDDDG. This may apply in particular to third-party cookies that are used, for example, in connection with personalized advertising or analyses and the provision of certain functions. Required cookies, which according to Meta Ireland are necessary for the use of the Instagram platform, cannot be deactivated according to Meta Ireland.

You also have the option of purchasing an ad-free use of Instagram by taking out a paid subscription with Meta. If you take out such a subscription with Meta, you will, according to Meta, no longer be shown any advertising by Meta when using Instagram during the term of the subscription. In addition, according to Meta, your information (including corresponding cookies for advertising purposes) will not be used for advertising purposes during the term of the subscription. You can find more information about taking out a subscription with Meta here: https: https://facebook.com/help/1241090626576242?helpref=faq_content.

5.3        YouTube

For more information on the type, scope, purposes, legal basis and objection options for the use of cookies by Google Ireland, please refer to the Google Ireland cookie policy (https://policies.google.com/technologies/cookies).

According to information from Google Ireland as the provider of the YouTube platform, the storage and use of cookies in connection with personalized advertising, personalized content and other personalized offers only takes place if you have given your consent in accordance with Article 6 para. 1 letter a GDPR in conjunction with § 25 para. 1 TDDDG. According to Google Ireland, other cookies for the purposes of website statistics and cookies that serve to ensure the security of visitors, users and the YouTube platform, to identify users when using the YouTube platform, to retrieve settings and to ensure the functionality of the YouTube platform cannot be deactivated.

 

5.4        Xing

For more information on the type, scope, purposes, legal basis and objection options for the use of cookies by Xing, please refer to Xing’s privacy policy (https://privacy.xing.com/de/datenschutzerklaerung).

According to information from Xing, the storage and use of cookies in connection with personalized advertising and its performance measurement only takes place if you have given your consent to this in accordance with Article 6 para. 1 letter a GDPR in conjunction with § 25 para. 1 TDDDG. According to Xing, cookies for the purpose of ensuring the security of visitors and users and the Xing platform, as well as to ensure the functionality of Xing’s services, cannot be deactivated.

 

5.5        LinkedIn

For more information on the type, scope, purposes, legal basis and objection options for the use of cookies by LinkedIn Ireland, please refer to the LinkedIn Ireland Cookie Policy (https://www.linkedin.com/legal/cookie-policy).

According to LinkedIn Ireland, the storage and use of cookies in connection with personalized advertising, analysis and research as well as functional cookies only takes place if you have given your consent in accordance with Article 6 para. 1 letter a GDPR in conjunction with § 25 para. 1 TDDDG. According to LinkedIn Ireland, other cookies that serve to ensure the security of visitors, users and the LinkedIn platform, to identify users when using the LinkedIn platform, to retrieve settings and to ensure the functionality of the LinkedIn platform cannot be deactivated.

You can also prevent the storage of cookies by selecting “Do not accept cookies” in your device or browser settings. The procedures for the technical management and deletion of cookies in the settings of your device or browser can be found in the respective “Help” function in your browser settings. You can also technically prevent the storage of cookies by using free browser add-ons. Please note that preventing the storage of cookies may lead to functional restrictions on the respective social media platform.

6.1        Facebook

In connection with the operation of our Facebook presence, we use the “Page Insights” function from Meta Ireland, which Meta Ireland uses to provide us with statistical data on the use of our Facebook presence, which is anonymous to us. This means that the personal data of individual users cannot be viewed by us. You can find out what data Meta Ireland uses to analyze usage in connection with our Facebook presence (“Page Insights data”) and what information Meta Ireland provides on data processing in connection with the Page Insights function at https://de-de.facebook.com/legal/terms/information_about_page_insights_data and at https://www.facebook.com/legal/terms/page_controller_addendum.

With regard to Page Insights data, we are joint controller for data processing with Meta Ireland and have concluded an agreement between joint controllers (https://www.facebook.com/legal/terms/page_controller_addendum), which sets out our respective obligations under the GDPR. For example, we have agreed therein that

  • we are joint controller with Meta Ireland for the processing of Page Insights data;
  • Meta Ireland assumes primary responsibility and is primarily responsible for providing you with information about the joint controllership and enabling you to exercise your rights under the GDPR (see section 12);
  • Meta Ireland alone can make and, if necessary, implement decisions regarding the processing of Page Insights data and the fulfillment of its data protection obligations;
  • Meta Ireland is solely responsible for the processing of other personal data in connection with Page Insights that is not covered by the Page Insights Addendum and we cannot request disclosure in this regard;
  • the Irish Data Protection Commission (https://dataprotection.ie) is the authority responsible for the supervision of processing under joint controllership.

Information on the technical and organizational measures Meta Ireland uses to ensure the security of your data can be found in the appendix to the “Page Insights Addendum” at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

Meta Ireland also uses cookies to obtain Page Insights data, e.g. to determine whether a user is logged in to the Facebook platform. For details, please refer to section 5 above. According to Meta Ireland, events used to create Page Insights do not store any IP addresses, cookie IDs or other identifiers that can be assigned to persons or their devices, except for a Facebook user ID for persons logged in to the Facebook platform.

6.2        Instagram

In connection with the operation of our Instagram presence, we use the “Insights” function of the Instagram platform, by means of which Meta Ireland, as the provider of the Instagram platform, provides us with statistical data on the use of our Instagram presence, which is anonymous to us, i.e. the personal data of individual users or visitors cannot be viewed by us. We do not know in detail which data Meta Ireland uses to analyze usage in connection with our Instagram presence.

In particular, we receive aggregated data from Meta Ireland in the following areas:

  • Activities (e.g. interactions such as profile visits and website clicks or the number of people who see content and where they find it);
  • Content (evaluations of articles, stories and promotions); and
  • Target group (demographic information on subscribers and other visitors).

6.3        LinkedIn

In connection with the operation of our LinkedIn presence, we use the “LinkedIn Analytics” function of the LinkedIn platform (also called “Page Insights” by LinkedIn), which LinkedIn Ireland uses to provide us with statistical data on the use of our LinkedIn presence, which is anonymous to us. This means that the personal data of individual users or visitors cannot be viewed by us. You can find out which data LinkedIn Ireland uses in detail to analyze usage in connection with our LinkedIn presence (“LinkedIn Analytics data”) and what information LinkedIn Ireland provides on data processing in connection with the LinkedIn Analytics function here: https://www.linkedin.com/help/linkedin/answer/a547077 and here: https://www.linkedin.com/help/linkedin/answer/a566056.

With regard to LinkedIn Analytics data, we are joint controller for data processing with LinkedIn Ireland and have concluded an agreement between joint controllers in this respect (“Page Insights Joint Controller Addendum” https://legal.linkedin.com/pages-joint-controller-addendum), which sets out our respective obligations under the GDPR. For example, we have agreed therein that

  • we are joint controllers with LinkedIn Ireland for the processing of LinkedIn Analytics data;
  • LinkedIn Ireland assumes primary responsibility and is primarily responsible for providing you with information about the joint processing and enabling you to exercise your rights under the GDPR;
  • the Irish Data Protection Commission (https://www.dataprotection.ie) is the authority responsible for the supervision of processing under joint controllership.

In order to obtain LinkedIn Analytics data, LinkedIn Ireland also uses cookies, for example to determine whether a user is logged in to the LinkedIn platform. For details, please refer to section 5 above.

We cannot deactivate the analytics function. However, we do not actively use the data provided to us for our own analysis purposes.

7.1        Facebook

We are able to use demographic and geographic analyses of our target groups provided to us by Meta Ireland in order to display targeted interest-based advertisements on our Facebook presence or to highlight our posts, but without obtaining direct knowledge of the identity of the users or visitors to whom the advertisements are displayed. In this case, the display of advertisements or highlighting of posts on our Facebook presence is based on an analysis of previous usage behavior by Meta Ireland, whereby we only have anonymized or pseudonymized information that regularly does not allow us to identify you personally and is not merged with any personal data stored by us at any time.

As a user, you can control the extent to which your usage behavior may be recorded and used by Meta Ireland in the settings for advertising preferences on the Facebook platform (https://de-de.facebook.com/ads/preferences).

7.2        Instagram

We are able to use demographic and geographic analyses of our target groups provided to us by Meta Ireland in order to display targeted interest-based advertisements on our Instagram presence or to highlight our posts, but without obtaining direct knowledge of the identity of the users or visitors to whom the advertisements are displayed. In this case, the display of advertisements or highlighting of posts on our Instagram presence is based on an analysis of previous usage behavior by Meta Ireland, whereby we only have anonymized or pseudonymized information that regularly does not allow us to identify you personally and is not merged with any personal data stored by us at any time.

Once you have given your consent, you can withdraw it at any time without giving reasons with effect for the future, without any disadvantages for you. The legality of the processing until the withdrawal of consent remains unaffected.

If you as a user have linked your Instagram account to your Facebook account, you can control the extent to which your usage behavior may be recorded and used by Meta Ireland in the advertising preferences settings of the Facebook platform (https://de-de.facebook.com/ads/preferences).

7.3        LinkedIn

We are able to use demographic and geographic analyses of our target groups provided to us by LinkedIn Ireland in order to display targeted interest-based advertisements on our LinkedIn presence or to highlight our posts, but without obtaining direct knowledge of the identity of the users or visitors to whom the advertisements are displayed. In this case, the display of advertisements or highlighting of posts on our LinkedIn presence is based on an analysis of previous usage behavior by LinkedIn Ireland, whereby we only have anonymized or pseudonymized information that regularly does not allow us to identify you personally and is not merged with any personal data stored by us at any time

As a user, you can control the extent to which your usage behavior may be recorded and used by LinkedIn Ireland in the settings of your LinkedIn user account (see https://www.linkedin.com/help/linkedin/answer/a1337839?lang=de).

For the purposes of customer management, order processing and the optimization of business processes and, if necessary, for marketing purposes, customer data may be exchanged between the affiliated companies of the Bröer Group in accordance with the above descriptions. The use of your data for the aforementioned purposes is carried out under joint controllership within the meaning of Article 26 para. 1 sentence 1 GDPR, i.e. EBRO and its affiliated companies jointly decide on the purposes and means of the respective data processing.

The legal basis for the exchange of customer data between the joint controllers is your voluntary consent in accordance with Article 6 para. 1 letter a GDPR.

If you have given us your consent to process your data, you can withdraw this at any time without giving reasons with effect for the future. In this case, we will no longer process your data unless we are otherwise legally obliged to do so. To exercise your right of withdrawal, please contact us using the contact details above.

Against this background, we have concluded an agreement on joint controllership. The agreement essentially contains the following:

  • Areas of responsibility: Responsibility for the management of your customer data and for related data protection issues (e.g. requests for information or deletion by customers) lies primarily with the company that collected your data or with which you are in contact. All joint controllers process personal data in accordance with the relevant statutory data protection provisions.
  • Data security: The joint controllers are each independently responsible for ensuring adequate security of the personal data concerning the processing in their own organizational sphere and for implementing appropriate protective measures and the basic data protection principles (e.g. through authorization management and access control, implementation of a deletion concept, privacy by design).
  • Information and reporting obligations: The information obligations are the responsibility of the respective company with regard to the data processing that takes place in its own organizational sphere. The fulfillment of any reporting obligations in the event of a data protection incident is also the responsibility of the respective company itself, whereby all joint controllers support each other in the best possible way and provide each other with all necessary information.
  • Rights of data subjects/contact persons: Your contact for all data protection issues is EBRO ARMATUREN Gebr. Bröer GmbH. If you wish to exercise your data protection rights (e.g. requests for information or deletion), you can contact us at any time using the contact details provided at the beginning of this privacy notice. If this should be necessary to implement your request, the joint controllers will inform and support each other without delay and provide each other with all information necessary to respond to requests for information and other requests.

If you have any further questions about the joint controllership agreement, you can contact us at any time using the contact details provided at the beginning of this privacy policy.

Your personal data will only be transferred to external recipients to the extent necessary to achieve the above-mentioned purposes and if we have your consent or another legal permission or obligation to process the data. Your data may be transferred to external service providers that we use to achieve the above-mentioned purposes and with whom we have concluded an agreement on the processing of your data in accordance with Article 28 para. 3 GDPR. External service providers used by us will only process your data for specific purposes and in accordance with our instructions.

External recipients of your personal data may be, in particular

  • affiliated companies with whom we may exchange personal data, insofar as this is necessary for internal administrative, marketing or customer service purposes;
  • service providers bound by instructions that we use to achieve the above-mentioned purposes;
  • Business partners;
  • Tax consultants and auditors and;
  • Courts, arbitration tribunals, authorities or legal advisors if this is necessary to comply with applicable law or to assert, exercise or defend legal claims.

For information on how Meta Ireland, as the provider of the Facebook platform, transfers your data within and outside the Meta group of companies, please refer to Facebook’s data policy (https://de-de.facebook.com/about/privacy).

For information on how Meta Ireland, as the provider of the Instagram platform, transfers your data within and outside the Meta group of companies, please refer to Instagram’s privacy policy (https://help.instagram.com/519522125107875).

For information on how Google Ireland, as the provider of the YouTube platform, transfers your data within and outside the Google group of companies, please refer to Google Ireland’s privacy policy (https://policies.google.com/privacy#infosharing).

For information on how Xing transfers your data, please refer to Xing’s privacy policy (https://privacy.xing.com/de/datenschutzerklaerung).

For information on how LinkedIn Ireland transfers your data within and outside the LinkedIn group of companies, please refer to LinkedIn Ireland’s privacy policy (https://www.linkedin.com/legal/privacy-policy).

If we transfer your data to locations in countries outside the EU/EEA (hereinafter referred to as “third countries”) in accordance with the above explanations, we will ensure that, apart from legally permitted exceptions, the recipient either has an adequate level of data protection or that you consent to the data transfer. An adequate level of data protection can be guaranteed, for example, by the conclusion of EU standard contractual clauses, the existence of an adequacy decision by the EU Commission or so-called Binding Corporate Rules (BCR). Please contact us using the contact details above to obtain a copy of the specific guarantees for the transfer of your data to third countries.

Data processing by Meta Ireland, Google Ireland and LinkedIn Ireland also regularly takes place in third countries, in particular the USA.

Meta’s parent company Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to Meta Platforms, Inc. in the USA are therefore covered by the corresponding adequacy decision of the EU Commission pursuant to Article 45 para. 3 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_de).

The Google parent company Google LLC is certified in accordance with the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to Google LLC in the USA are therefore covered by the corresponding adequacy decision of the EU Commission pursuant to Article 45 para. 3 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_de).

The LinkedIn parent company LinkedIn Corporation is certified in accordance with the EU-US Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list. Any data transfers to LinkedIn Corporation in the USA are therefore covered by the corresponding adequacy decision of the EU Commission pursuant to Article 45 para. 3 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_de).

In the event that the existing adequacy decision for the EU-US Data Privacy Framework should be declared invalid in the future, we have already agreed additional transfer instruments with the relevant service providers as a precautionary measure, such as EU standard contractual clauses in particular, or will do so in good time if necessary.

We will only store your personal data for as long as is necessary to fulfill the above-mentioned purposes or – in the case of consent – as long as you do not withdraw your consent. In the event of an objection, we will also no longer process your personal data unless further processing is permitted or even mandatory under the relevant statutory provisions (e.g. in the context of retention obligations under commercial and tax law) or we can demonstrate compelling legitimate grounds for further processing. We also delete your personal data if we are obliged to do so for legal reasons.

We review the necessity of the personal data stored by us in the context of our social media presences at least once a year and carry out corresponding deletion routines, in the context of which we, for example, initiate the removal of messages sent to us. However, due to the lack of technical control over the respective social media platform, we cannot ensure that the respective provider of the social media platform will actually delete the data.

In principle, we have no influence on how the providers of the social media platforms store or delete your data within the framework of the respective social media platform.

As a person affected by data processing, you have the following rights in accordance with the GDPR:

Right of access (Article 15 GDPR)

You have the right to receive information about your personal data processed by us, provided that the legal requirements are met.

Right to rectification (Article 16 GDPR)

You have the right to demand the immediate correction of incorrect data and the completion of incomplete data, provided that the legal requirements are met.

Right to erasure (Article 17 GDPR)

You have the right to request the deletion of your personal data if the legal requirements are met and in particular if (1) your data is no longer required for the purposes stated in this privacy notice, (2) you have withdrawn your consent and there is no legal basis for further retention or storage, (3) your data has been processed unlawfully or (4) you have objected to the processing of your data and there are no overriding legitimate grounds for the processing.

Right to restriction of processing (Article 18 GDPR)

You have the right to demand that we restrict the processing of personal data concerning you, provided that the legal requirements are met. This applies in particular if you dispute the accuracy of the data or the processing of your data is unlawful and you request the restriction of processing instead of erasure.

Right to data portability (Article 20 GDPR)

If your data is processed on the basis of a contract or on the basis of your consent, you have the right to receive your data in a structured, commonly used and machine-readable format or to have your data transmitted to another controller, provided that the legal requirements for this are met.

Right to object (Article 21 GDPR)

You have the right to object to our processing of your data at any time for reasons arising from your particular situation, provided that the legal basis for our processing of your data is our legitimate interests in accordance with Article 6 para. 1 letter f GDPR. If you exercise your right to object, we will stop processing your data unless we can demonstrate compelling legitimate grounds for continuing the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

Right to withdraw consent (Article 7 para. 3 GDPR)

If we process your data on the basis of your consent, you have the right to withdraw this consent at any time with effect for the future, without incurring any disadvantages. The legality of the processing up to the withdrawal of consent remains unaffected.

Right to lodge a complaint with the supervisory authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR (Article 77 GDPR). You can exercise this right in particular with a supervisory authority in the member state of your habitual residence, your place of work or the place of the alleged infringement or with the supervisory authority responsible for us. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf.

If you have any questions regarding the processing of your data or would like to exercise your rights as a data subject, please contact us using the contact details above.

However, we recommend that you address requests for information and the assertion of other data subject rights directly to the respective provider of the social media platform. This is because, as the provider of the social media platforms, they alone have direct access to the necessary information and can take any necessary measures and provide information.

Facebook

You can find out how to exercise your rights as a data subject vis-à-vis Meta in Meta’s Data Policy (https://de-de.facebook.com/about/privacy) and in Instagram’s Privacy Policy (https://help.instagram.com/519522125107875). In particular, you have the right to contact Meta directly

We also recommend that you regularly check the settings to protect your privacy on the Facebook platform. As a user of the Facebook platform, you can in particular:

Meta Ireland’s Data Protection Officer can be contacted via an online contact form provided by Meta Ireland: https://de-de.facebook.com/help/contact/540977946302970.

Instagram

You can find out how you can exercise your rights as a data subject vis-à-vis Meta in Instagram’s data policy (https://help.instagram.com/519522125107875). In particular, you have the right to contact Meta directly

Meta Ireland’s Data Protection Officer can be contacted via an online contact form provided by Meta Ireland: https://de-de.facebook.com/help/contact/540977946302970.

YouTube

You can find out how you can exercise your rights as a data subject vis-à-vis Google as the provider of the YouTube platform in Google’s privacy policy (https://policies.google.com/privacy#infodelete). In particular, you have the right to contact Google directly

We also recommend that you regularly check the settings to protect your privacy on the YouTube platform. As a YouTube user, you can make settings options in YouTube’s privacy settings (https://www.youtube.com/account_privacy) and Google’s privacy settings (https://policies.google.com/privacy#infochoices).

You can contact Google’s data protection officer via an online contact form provided by Google: https://support.google.com/policies/troubleshooter/7575787.

LinkedIn

You can find out how you can exercise your rights as a data subject vis-à-vis LinkedIn in LinkedIn’s privacy policy (https://www.linkedin.com/legal/privacy-policy). In particular, you have the right to contact LinkedIn directly

We also recommend that you regularly check the settings to protect your privacy on the LinkedIn platform. As a LinkedIn, you can make settings options in the LinkedIn privacy settings (https://www.linkedin.com/psettings/privacy).

You can contact LinkedIn’s data protection officer via an online contact form provided by LinkedIn: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

Xing

You can find out how you can exercise your rights as a data subject vis-à-vis Xing in Xing’s privacy policy (https://privacy.xing.com/de/datenschutzerklaerung). In particular, you have the right to contact Xing directly

We also recommend that you regularly check the settings to protect your privacy on the Xing platform. As a Xing user, you can make settings for display, discoverability, activity visibility, contact lists, messages, etc. in the Xing privacy settings (https://www.xing.com/settings/privacy/profile).

This privacy policy may be subject to change. The latest version of this privacy policy applies.

Status: May 2025

Privacy notice for Microsoft services

We, EBRO Armaturen Gebr. Bröer GmbH, Karlstr. 8, D-58135 Hagen, Germany (hereinafter also “we”, “us” or “EBRO”) would like to provide you with the following information on the processing of your personal data (hereinafter also “data”) when using certain Microsoft 365 services and on your rights under data protection law.

We take the protection of your personal data very seriously. Your data will be processed exclusively in accordance with the applicable data protection regulations, in particular the provisions of the European General Data Protection Regulation (hereinafter: “GDPR”), the German Federal Data Protection Act (Bundesdatenschutzgesetz hereinafter: “BDSG”) and the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz hereinafter: “TDDDG”).

For reasons of better readability, the generic masculine is used in the following. Female and other gender identities are expressly included.

Please note that the terms used, such as “personal data” or “processing”, correspond to the definitions in Article 4 GDPR. If you would like to take a look at the GDPR yourself, you can find it online at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 You can access the BDSG at the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679; you can find the TDDDG here: https://www.gesetze-im-internet.de/ttdsg/.

The controller within the meaning of the GDPR for the processing of your data is

EBRO Armaturen Gebr. Bröer GmbH

Karlstr. 8
D-58135 Hagen
Germany

E-Mail: post@ebro-armaturen.com
Phone: +49 2331 – 904-0

If you have any questions about the processing of your data or would like to exercise your rights as a data subject, please contact us using the contact details above.

You can also contact our data protection officer directly by email at dsb_ext@ebro-armaturen.com or using the following contact details:

c/o V-Formation GmbH

Stephanienstr. 18
D-76133 Karlsruhe
Germany

E-mail: dsb_ext@ebro-armaturen.com
Phone: +49 721 181292-20

We use Microsoft Teams to conduct video conferences, webinars or other online meetings. Microsoft Teams is a service of Microsoft Ireland Operations Ltd, 1 Microsoft Place, Leopardstown South County Business Park, Dublin, Ireland (hereinafter “Microsoft Ireland”). When using Microsoft Teams, various categories of personal data are processed. The scope of the data also depends on the information you provide before or when participating in an online meeting.

The following personal data may be subject to processing:

  • User information: display name, e-mail address, profile picture (optional), preferred language
  • Meeting metadata: e.g. date, start and end time, meeting ID, telephone number, location
  • Text, audio and video data: Audio and video data is processed during the online meeting. In addition, you can optionally use the chat function during an online meeting. In this case, the text entries you make are processed in order to display them in the online meeting.

In special situations, EBRO may make recordings of online meetings, e.g. to give participants who are not present the opportunity to view the online meeting afterwards. Only certain persons at EBRO are authorized to record online meetings.

If we record online meetings, this will be communicated to you before the start or displayed in the online meeting and – if necessary – you will be asked for your consent. Consent can be given, for example, by means of a consenting message in the chat; it is always voluntary. If you do not wish to be recorded, you can leave the online meeting. You can also deactivate your video or refrain from using the chat tool.

In the case of recording, files of all video, audio and presentation slides are created. If necessary to document the specific results of an online meeting, a text file of the online meeting chat can also be saved.

Data processing is carried out on the basis of the following legal provisions:

  • Insofar as data processing is necessary for the initiation or execution of contractual relationships with our business partners, the legal basis for data processing is Article6 para. 1 letter b GDPR.
  • Insofar as personal data of EBRO employees is processed, Article6 para. 1 letter b GDPR is the legal basis for data processing, provided that the processing is necessary for the performance of the employment relationship.
  • In cases where data processing is not necessary for the performance of a contract with business partners or the fulfillment of the employment relationship, data processing is carried out for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. In these cases, our legitimate interests lie in the use of modern means of communication and the optimization of our business processes.
  • If the data processing is based on your consent (especially in connection with the recording of online meetings described above), Article6 para. 1 letter a GDPR is the relevant legal basis.

When you access and use Microsoft Teams, information may be stored on your end device and/or information that is already stored on your end device may be accessed (in particular server log data). The storage or access takes place on the basis of § 25 para. 2 No. 2 TDDDG, as this information is absolutely necessary to provide the desired service.

If your data is processed on the basis of our legitimate interests, you can object to the processing of your data at any time. If you have given us your consent to process your data, you can withdraw this at any time with effect for the future. In such cases, we will no longer process your data unless we can demonstrate an overriding legitimate interest or are otherwise legally obliged to process it. To exercise your right of objection and withdrawal, please contact us using the contact details above.

We store your data for as long as is necessary for the above-mentioned purposes. We reserve the right to store your data for longer, in particular for the assertion, exercise or defense of legal claims.

We offer you the option of sending us an appointment request for an online meeting via Microsoft Bookings. If you use Microsoft Bookings to send us an appointment request, we collect and store the data you provide in the respective form. You cannot use Microsoft Bookings without providing the information marked as “mandatory”.

Your data will only be collected, processed and used for the purpose of making an appointment and, if necessary, to take into account the data you have voluntarily provided. Data processing is carried out for the purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interest lies in the proper consideration of your appointment request or the information you may have provided voluntarily.

When you access and use Microsoft Bookings, information may be stored on your device and/or information that is already stored on your device may be accessed (in particular server log data). The storage or access takes place on the basis of §25 para. 2 No. 2 TDDDG, as this information is absolutely necessary to provide the desired service.

If your data is processed on the basis of our legitimate interests, you can object to the processing of your data at any time. In this case, we will no longer process your data unless we can demonstrate an overriding legitimate interest or are otherwise legally obliged to process it. To exercise your right to object, please contact us using the contact details above.

We store your data for as long as is necessary for the above-mentioned purposes. We reserve the right to store your data for longer, in particular for the assertion, exercise or defense of legal claims.

We use Microsoft Forms to conduct surveys and polls. When you access and use Microsoft Forms, we collect and process your personal data. The scope of the data processing depends on the respective survey or poll and your individual answers. The following personal data may be subject to processing:

  • IP address;
  • Microsoft user account data (user name, display name, e-mail address);
  • Profile picture (optional, if stored in Microsoft 365);
  • preferred language;
  • Time at which the survey/vote was started and sent;
  • the information you provide in the free text fields.

Your data will only be collected, processed and used for the purpose of properly conducting and evaluating the respective survey/poll and, if applicable, to take into account the data you have voluntarily provided. Data processing is carried out for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interest lies in the proper execution and evaluation of the respective survey/poll and in ensuring IT security and IT operations. If you have given us your voluntary consent to the processing of your data in advance, the relevant legal basis is Article 6 para. 1 letter a GDPR.

Participation in surveys or votes is always voluntary.

When you access and use Microsoft Forms, information may be stored on your end device and/or information that is already stored on your end device may be accessed (in particular server log data). The storage or access takes place on the basis of § 25 para. 2 No. 2 TDDDG, as this information is absolutely necessary to provide the desired service.

If your data is processed on the basis of our legitimate interests, you can object to the processing of your data at any time. If you have given us your consent to process your data, you can withdraw this at any time with effect for the future. In such cases, we will no longer process your data unless we can demonstrate an overriding legitimate interest or are otherwise legally obliged to process it. To exercise your right of objection and withdrawal, please contact us using the contact details above.

We store your data for as long as is necessary for the above-mentioned purposes. We reserve the right to store your data for longer, in particular for the assertion, exercise or defense of legal claims.

Your personal data will only be transferred to external recipients to the extent necessary to achieve the above-mentioned purposes, if we have your consent to do so or if another legal permission exists. Your data may be transferred to external service providers that we use to achieve the above-mentioned purposes and with whom we have concluded data processing agreements in accordance with Article 28 para. 3 GDPR.

Data processing by Microsoft Ireland is carried out on our behalf on the basis of data processing agreement that we have concluded with Microsoft Ireland. In this agreement, Microsoft Ireland undertakes to protect the respective data and to process it only on our behalf and within the European Union in accordance with our instructions.

Further information on data protection at Microsoft Ireland can be found at https://www.microsoft.com/en-us/privacy/privacystatement?msockid=03a5ef4b4ba268771716fbd14a45697b.

External recipients of your personal data may also be, in particular

  • affiliated companies with whom we may exchange personal data, insofar as this is necessary for internal administrative, marketing or customer service purposes;
  • service providers bound by instructions that we use to achieve the above-mentioned purposes;
  • Business partners, e.g. freelance employees;
  • the financial administration;
  • Tax consultants and auditors and;
  • Courts, arbitration tribunals, authorities or legal advisors if this is necessary to comply with applicable law or to assert, exercise or defend legal claims.

Data processing outside the European Union (EU) or the European Economic Area (EEA) does not generally take place, as we have limited our storage location to data centers in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU. This may be the case, for example, if participants in the respective online meeting are located outside the EU or the EEA.

However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties. Any data transfers to servers of Microsoft Corporation, the parent company of Microsoft Ireland, in the United States of America are subject to the adequacy decision of the EU Commission pursuant to Article 45 para. 3 GDPR (see https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). Microsoft Corporation is certified according to the EU-U.S. Data Privacy Framework, the corresponding certificate can be found here: https://www.dataprivacyframework.gov/list.

Before any transfer of your data to third countries outside the EU or the EEA, we ensure that, apart from legally permitted exceptions, the recipient either has an adequate level of data protection or that you consent to the data transfer. An adequate level of data protection can be ensured, for example, by the existence of an adequacy decision by the EU Commission, the conclusion of EU standard contractual clauses (SCC) or the existence of so-called Binding Corporate Rules (BCR). Please contact us using the contact details above to obtain information about the specific guarantees for the transfer of your data to third countries.

In the event that the existing adequacy decision for the EU-US Data Privacy Framework should be declared invalid in the future, we have already agreed additional transfer instruments with the relevant service providers as a precautionary measure, such as EU standard contractual clauses in particular, or will do so in good time if necessary.

We only store your personal data for as long as is necessary to fulfill the above-mentioned purposes or – in the case of consent – as long as you do not withdraw your consent. In the event of an objection, we will no longer process your personal data unless further processing is permitted or even mandatory under the relevant statutory provisions (e.g. in the context of retention obligations under commercial and tax law). We will also delete your personal data if we are obliged to do so for legal reasons.

As a person affected by data processing, you have the following rights in accordance with the GDPR:

Right of access (Article 15 GDPR)

You have the right to receive information about your personal data processed by us.

Right to rectification (Article 16 GDPR)

You have the right to demand the immediate correction of incorrect data and the completion of incomplete data, provided that the legal requirements are met.

Right to erasure (Article 17 GDPR)

You have the right to request the deletion of your personal data if the legal requirements are met and in particular if (1) your data is no longer required for the purposes stated in this privacy notice, (2) you have withdrawn your consent and there is no other legal basis for the processing, (3) your data has been processed unlawfully or (4) you have objected to the processing of your data and there are no overriding legitimate grounds for the processing.

Right to restriction of processing (Article 18 GDPR)

You have the right to demand that we restrict the processing of personal data concerning you, in particular if you dispute the accuracy of the data or if the processing of your data is unlawful and you demand restriction instead of erasure.

Right to data portability (Article 20 GDPR)

If your data is processed on the basis of a contract or on the basis of your consent, you have the right to receive your data in a structured, commonly used and machine-readable format or to have your data transmitted to another controller, provided that the legal requirements for this are met.

Right to object (Article 21 GDPR)

You have the right to object to our processing of your data at any time for reasons arising from your particular situation, provided that the legal basis for our processing of your data is our legitimate interests in accordance with Article 6 para. 1 letter f GDPR. If you exercise your right to object, we will cease processing your data unless we can demonstrate compelling legitimate grounds for continuing the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

Right to withdraw consent (Article 7 para. 3 GDPR)

If we process your data on the basis of your consent, you have the right to withdraw this consent at any time with effect for the future. The legality of the processing carried out on the basis of the consent until the withdrawal remains unaffected by the withdrawal.

Right to lodge a complaint with the supervisory authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR (Article 77 GDPR). You can exercise this right in particular with a supervisory authority in the member state of your habitual residence, your place of work or the place of the alleged infringement or with the supervisory authority responsible for us. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf.

If you have any questions regarding the processing of your data or would like to exercise your rights as a data subject, please contact us using the contact details above.

This privacy notice may be subject to change. The latest version of this privacy notice applies.

Status: May 2025

Privacy notice for applicants

Thank you for your application and the associated interest in our company. In the following, we, EBRO Armaturen Gebr. Bröer GmbH (hereinafter also “we”, “us” or “EBRO”), would like to inform you about the processing of your personal data (hereinafter also “data”) in the context of your application and the subsequent selection process, as well as about the legal basis and purposes of this data processing and your rights under data protection law.

We take the protection of your personal data very seriously. Your data will be processed exclusively in accordance with the applicable data protection regulations, in particular the provisions of the European General Data Protection Regulation (hereinafter: “GDPR”) and the German Federal Data Protection Act (Bundesdatenschutzgesetz hereinafter: “BDSG”).

For reasons of better readability, the generic masculine is used in the following. Female and all other gender identities are expressly included.

Please note that the terms used, such as “personal data” or “processing”, correspond to the definitions in Article 4 GDPR. If you would like to take a look at the GDPR yourself, you can find it online at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679. You can access the BDSG at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679.

The controller within the meaning of the GDPR for the processing of your data is

EBRO Armaturen Gebr. Bröer GmbH

Karlstr. 8
D-58135 Hagen
Germany

E-Mail: post@ebro-armaturen.com
Phone: +49 2331 – 904-0

If you have any questions about the processing of your data or would like to exercise your rights as a data subject, please contact us using the contact details above.

You can also contact our data protection officer directly by email at dsb_ext@ebro-armaturen.com or by post using the following contact details:

c/o V-Formation GmbH

Stephanienstr. 18
D-76133 Karlsruhe
Germany

E-mail: dsb_ext@ebro-armaturen.com
Phone: +49 721 181292-20

If we advertise jobs for other Bröer Group companies via our “Jobs” page (available at https://www.ebro-armaturen.com/unternehmen/jobs/), we may carry out the application process for the Bröer Group company named in the respective job advertisement. In this case, the data processing is carried out under joint controllership between us and the Bröer company named in the respective job advertisement. This may involve the transfer of the respective applicant data (see the following paragraphs) to the respective Bröer company. In this respect, EBRO Armaturen Gebr. Bröer GmbH and the other companies of the Bröer Group have concluded an agreement on joint controllership within the meaning of Article 26 para. 1 GDPR (cf. Section 3).

In the following, we would like to give you an overview of the data processing that typically takes place as part of your application and the subsequent selection process with us. In addition, there may be situations in which data processing takes place that are not mentioned here. In these cases, we will provide you with separate data protection information relating to the respective situation, insofar as there is a legal obligation to do so.

You have the option of sending us your application by post, e-mail or to our recruitment partner HAPEKO Hanseatisches Personalkontor Deutschland GmbH, Löwenstraße 11a, 44135 Dortmund, Germany (hereinafter “HAPEKO”). Please note that we have no influence on the processing of your data by HAPEKO. Information on data processing by HAPEKO can be found in HAPEKO’s privacy policy (available at https://www.hapeko.de/rechtliches/datenschutzhinweise).

Following the submission of your application, we may contact you by e-mail or telephone (if you have provided a telephone/mobile number) and invite you to an interview on site or online (web meeting). As part of your application to us, we generally process the following data from you, whereby the scope of the data also depends on the information contained in the application documents you submit:

  • Master data (title, first and last names, gender, date of birth, place of birth, marital status, work permit / residence permit if applicable, nationality if applicable)
  • Contact details (address, e-mail address, telephone/mobile number)
  • Applicant data (cover letter, CV, application photo, academic and professional background, certificates, qualifications, further education and training certificates, etc.)
  • Information on severe disability, if applicable
  • Private criminal record certificate (“simple criminal record certificate”), if applicable
  • Notes on the interview, if applicable

We process the above-mentioned data for the purpose of assessing your suitability for the respective position and for the possible establishment of an employment relationship. Data processing is carried out primarily on the basis of Article 6 para. 1 letter. b GDPR. In addition, your data may be processed for purposes of our legitimate interests on the basis of Article 6 para. 1 letter f GDPR. Our legitimate interests here are to ensure the proper conduct of the application process and/or the assertion, exercise or defense of legal claims. Data processing, in particular in connection with the use of video conferencing solutions or with regard to the inclusion of rejected applicants in an applicant pool, may also be carried out on the basis of your consent in accordance with Article 6 para. 1 letter a GDPR, which we would ask you for in advance in each case.

If you provide us with special categories of personal data within the meaning of Article 9 para. 1 GDPR as part of your application, we will not process them in a targeted manner and will not take them into account when assessing your suitability, unless we are subject to an obligation under labor law or social security and social protection law in this regard. In this case, data processing is carried out on the basis of Article 6 para. 1 letter b or letter c GDPR in conjunction with Article 9 para. 2 letter b GDPR. In this context, we would ask you not to transmit any special categories of personal data to us.

With regard to data processing in the context of participation in our web meetings, please note the separate privacy notice that we will provide you with in advance of the respective web meeting.

Once you have given your consent, you can withdraw it at any time with effect for the future by sending a message to the above-mentioned contact details, without any disadvantage to you. The legality of the processing up to the withdrawal of consent remains unaffected.

If the data processing is carried out for purposes of our legitimate interests in accordance with Article 6 para. 1 letter f GDPR, you can object to this data processing at any time by sending a message to the above-mentioned contact details. In this case, we will no longer process your data unless we can demonstrate an overriding legitimate interest or are otherwise legally obliged to process it.

If we advertise jobs for other Bröer Group companies via our “Jobs” page (available at https://www.ebro-armaturen.com/unternehmen/jobs/), there may be an exchange of applicant data between EBRO Armaturen Gebr. Bröer GmbH and the Bröer Group company named in the respective job advertisement. This is done in particular for the purpose of optimizing internal business processes. The use of your data takes place under joint controllership within the meaning of Article 26 para. 1 sentence 1 GDPR.

The legal basis for the exchange of applicant data between the joint controllers is our legitimate interests in the Group-wide optimization of business processes in accordance with Article 6 para. 1 letter f GDPR. If you have given us your voluntary consent for the exchange of your data, the relevant legal basis is Article 6 para. 1 letter a GDPR.

If you have given us your consent to process your data, you can withdraw this at any time without giving reasons with effect for the future. If your data is processed on the basis of our legitimate interests, you can object to the processing of your data at any time. In this case, we will no longer process your data unless we can demonstrate an overriding legitimate interest or are otherwise legally obliged to process it. To exercise your right of objection and withdrawal, please contact us using the contact details above.

Against this background, we have concluded an agreement on joint controllership. The agreement essentially contains the following:

  • Areas of responsibility: The company to which you have submitted your application is primarily responsible for managing your applicant data and for related data protection issues (e.g. requests for information or deletion by customers). All joint controllers process personal data in accordance with the relevant statutory data protection provisions.
  • Data security: The joint controllers are each independently responsible for ensuring adequate security of the personal data concerning the processing in their own organizational sphere and for implementing appropriate protective measures and the basic data protection principles (e.g. through authorization management and access control, implementation of a deletion concept, privacy by design).
  • Information and reporting obligations: The information obligations are the responsibility of the respective company with regard to the data processing that takes place in its own organizational sphere. The fulfillment of any reporting obligations in the event of a data breach is also the responsibility of the respective company itself, whereby all joint controllers support each other in the best possible way and provide each other with all necessary information.
  • Rights of data subjects/contact persons: Your contact for all data protection issues relating to your application is EBRO ARMATUREN Gebr. Bröer GmbH. If you wish to exercise your data protection rights (e.g. requests for information or deletion), you can contact us at any time using the contact details provided at the beginning of this privacy policy. If this should be necessary to implement your request, the jointly responsible parties will inform and support each other without delay and provide each other with all information necessary to respond to requests for information and other requests.

If you have any further questions about the joint controllership agreement, you can contact us at any time using the contact details provided at the beginning of this privacy notice.

Within our company, only those persons who are involved in the application process will receive knowledge of your application data. These are, in particular, employees of the HR department as well as employees and managers of the relevant department. In certain cases, the management and the works council are also involved in the application process.

Your personal data will only be transferred to external recipients to the extent necessary to achieve the above-mentioned purposes, if we have your consent or other legal permission to do so. Your data may be transferred to external service providers that we use to achieve the above-mentioned purposes and with whom we have concluded a data processing agreement in accordance with Article 28 para. 3 GDPR. External service providers used by us will only process your data for specific purposes and in accordance with our instructions.

External recipients of your personal data may be, in particular

  • affiliated companies with whom we may exchange personal data, insofar as this is necessary for the above-mentioned purposes;
  • service providers bound by instructions that we use to achieve the above-mentioned purposes;
  • Business partners, e.g. freelance employees;
  • the financial administration;
  • Tax consultants and auditors; and
  • Courts, arbitration tribunals, authorities or legal advisors if this is necessary to comply with applicable law or to assert, exercise or defend legal claims.

In principle, no transfer of your data to third countries is planned as part of the application process. If we transfer your data to third countries as described above, we will ensure that, apart from legally permitted exceptions, the recipient either has an adequate level of data protection or that you consent to the data transfer. An adequate level of data protection can be guaranteed, for example, by the conclusion of EU standard contractual clauses, the existence of an adequacy decision by the EU Commission or so-called Binding Corporate Rules (BCR). Please contact us using the contact details above to obtain a copy of the specific guarantees for the transfer of your data to third countries.

We only store your personal data for as long as is necessary to fulfill the above-mentioned purposes or – in the case of consent – as long as you do not withdraw your consent. In the event of an objection, we will no longer process your personal data unless further processing is permitted or even mandatory under the relevant statutory provisions (e.g. as part of retention obligations under commercial and tax law). If you are hired, we will transfer your application documents to your personnel file. In the event of a rejection, your application documents and any additional data collected during the application process will be deleted or destroyed no later than six months after you have been notified of the rejection.

In order to be able to contact rejected applicants again at a later date (e.g. if a vacancy arises or another position is created), we operate an applicant pool. Inclusion in the applicant pool only takes place with your consent. We store the data in the applicant pool for two years, unless you are hired before then or you withdraw your consent.

As a person affected by data processing, you have the following rights in accordance with the GDPR:

Right of access (Article 15 GDPR)

You have the right to receive information about your personal data processed by us, provided that the legal requirements are met.

Right to rectification (Article 16 GDPR)

You have the right to demand that we correct incorrect data and complete incomplete data without delay, provided that the legal requirements are met.

Right to erasure (Article 17 GDPR)

You have the right to request the deletion of your personal data if the legal requirements are met and in particular if (1) your data is no longer required for the purposes stated in this privacy notice, (2) you have withdrawn your consent and there is no legal basis for further retention or storage, (3) your data has been processed unlawfully or (4) you have objected to the processing of your data and there are no overriding legitimate grounds for the processing.

Right to restriction of processing (Article 18 GDPR)

You have the right to demand that we restrict the processing of personal data concerning you, provided that the legal requirements are met. This applies in particular if you dispute the accuracy of the data or the processing of your data is unlawful and you request the restriction of processing instead of erasure.

Right to data portability (Article 20 GDPR)

If your data is processed on the basis of a contract or on the basis of your consent, you have the right to receive your data in a structured, commonly used and machine-readable format or to have your data transmitted to another controller, provided that the legal requirements for this are met.

Right to object (Article 21 GDPR)

You have the right to object to our processing of your data at any time for reasons arising from your particular situation, provided that the legal basis for our processing of your data is our legitimate interests in accordance with Article 6 para. 1 letter f GDPR. If you exercise your right to object, we will cease processing your data unless we can demonstrate compelling legitimate grounds for continuing the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.

Right to withdraw consent (Article 7 para. 3 GDPR)

If we process your data on the basis of your consent, you have the right to withdraw this consent at any time with effect for the future, without incurring any disadvantages. The legality of the processing up to the withdrawal of consent remains unaffected.

Right to lodge a complaint with the supervisory authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR (Article 77 GDPR). You can exercise this right in particular with a supervisory authority in the member state of your habitual residence, your place of work or the place of the alleged infringement or with the supervisory authority responsible for us. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf.

If you have any questions regarding the processing of your data or would like to exercise your rights as a data subject, please contact us using the contact details above.

This privacy notice may be subject to change. The latest version of this privacy notice applies.

Status: May 2025